Financial statements assertions – claims or representations of

management about financial statements. According to ISA (

International Standards on Auditing ) assertions on part of financial
statements transactions it includes COCAC, Completeness,
Occurrence, Classification, Accuracy, Cutoff. Where in simple
terms management tells or saying to the auditor that the
representations they done are actual and real.
Accepting an engagement – it is the process an auditor performs
before agreeing to audit a client. It includes considering factors
about the management: (1) Integrity of the management, let’s say if
the management have been involved or have a history of fraud, lying
etc… the auditor should not accept the engagement. (2)
Independce, no biased, no close family relationships. (3)
Competence and Capabilities, does we the auditor have the
capabilities to audit this management? Does we have the expertise,
knowledge and skills? (4) Ability to comply with ethical
requirements, does the management have integrity, professional
behavior, confidentiality? Accepting an engagement lies on the
auditor after checking the necessary details for them if they will
accept or reject the engagement.
Ability to serve the client properly – the auditors must evaluate if
they can perform the audit effectively, competently and within
ethical requirements before accepting or continuing an
engagement. These are the factors auditors check before they
perform the audit. (1) Are they have sufficient competence or
expertise? Ex. If about banking, needs some experienced in
financial institutions, construction, needs someone who
understands project costing. (2) Enough time to perform the audit,
do they have enough time to complete the audit on or before the
deadline? (3) Adequate staff and resources, without this the audit
quality may suffer (4) Ability to maintain quality control, auditor
must ensure they can follow the firm’s quality control procedures (5)
Knowing the clients business and how it operates, to know what
procedures to be done, what risks to asses etc… In short, auditors
must have the right knowledge, expertise, resources for it’s to be
able to perform its task to its client.
Integrity of the prospective client and management – when
auditors is deciding whether to accept a client, the most important
factor they look at is the integrity of the client and its management.
Where it means honesty, transparency, and willingness to follow
ethical practices. If the management is dishonest and hides
information or engages in fraud, the auditors must not accept the
engagement, because no audit can be reliable when the client itself
is unreliable.
Engagement letter – is a written contract between the auditor and
the client that clearly states the terms and conditions of the audit. It
is issued after the auditor agrees to accept the engagement. It’s
main purpose is to avoid misunderstandings by making sure both
parties know exactly what to expect during the audit. It is important
because it explains what the auditor is responsible for and what the
management is responsible for. It also prevents misunderstandings,
the scope of audit to be performed, the duration, cover fees and
billings, and the terms of the engagement.
Audit planning – is the stage where the auditor prepares how the
audit will be conducted. It involves setting the overall strategy
deciding what areas are risky and determining what procedures to
perform. It’s like the blueprint or game plan to make the audit
effective and efficient. It ensures the audit effectiveness by
understanding the business of the client, knowing what risks or the
riskier part and how to deal with it. It ensures the efficiency of the
audit by knowing how much resources should be use, setting the
tasks properly, and setting timelines.
Inherent risk, control risk – these are two risks part of risk material
misstatements. RMM = IC + CR. Inherent risk, is the risk that an
account or transaction is naturally prone to error or fraud even
before considering internal controls. Meaning this are the accounts
that is riskier by nature. Why? Because of complexity, estimates and
judgement, susceptibility to theft, business nature, volume of
transactions. Ex. Cash, inventory, AR and revenue. Inherent risks
exists even controls are perfect. Control risk, is the risk that client
internal controls fail to detect or prevent a misstatement. Meaning
even if there is an error or fraud the company’s control won’t catch
it. Why? Because of poorly designed, not implemented properly,
lack of segregation of duties. Even if internal risk is high, good
internal controls can reduce risk. If control risk is high, the auditor
must do more substantive testing. “These risks are natural and
cannot be evade as there is no a perfect system.
Audit risk model – audit risk is the risk that the auditor gives an
unqualified opinion ( clean opinion fairly presented at all material
respects ) means there is a chance that the auditor misses a
significant error or fraud. Detection risk is that the auditor
procedures fail to detect a misstatements. AR = IR x CR x DR. *High
IR and CR lower DR more testing needed *Low IR and CR higher DR
less testing sufficient.
Materiality – is a concept that helps the auditors decide what
matters enough to affect the users of the financial statements.
Misstatements or omissions are material if they could influence the
economic decisions of the users of the FS. Ex. Instead of checking
all the transactions which is time consuming, they will set a level of
materiality about those transactions.
Analytical procedures in the planning stage – at the planning
stage auditors use analytical procedures to understand the
business and identify areas of potential risks. Ex. Trend analysis,
comparing current year sales to prior year sales. Ratio analysis,
gross profit %, inventory turnover, current ratio. In simple terms
analytical procedures comparing financial information to see where
mistakes or unusual things might happen.
Nature of internal control – internal control is a process designed
and implemented by management and those charges with
governance. It is to provide reasonable assurance that the company
achieved its objectives including: Reliable financial reporting,
Effective and efficient operations, and compliance with laws and
regulations. It refers how these controls are structured and operate
to prevent or detect errors and fraud. Ex. Policies and procedures,
segregation of duties, authorization and approval, physical controls,
documenting and record keeping, monitoring, independent checks
and review. In short it is made to ensure reliable financial reporting,
safeguard assets and comply with laws.
Control risk – risk that a misstatement in the financial statements
will not be prevented or detected by the clients internal control.
Even if the auditor does nothing wrong, a weak internal control
increases the chance of undetected errors or fraud. Control risk is
cannot be zero for such there is no perfect system.
Test of control – is an audit procedure performed to evaluate the
effectiveness of the clients internal control. It’s purpose is to
determine whether the controls are working as intended to prevent
or detect material misstatements. It helps the auditor on how much
can they rely on the internal control of the client. If not then the
auditor may perform substantive testing and suggests to it’s client
on those part with weak controls.
Audit procedures – unlike audit planning which are focused on
more overall game plan of the audit, audit procedures on the
underhand are specific steps or actions that auditors perform to
gather evidence about financial statements. Ex. Cash transactions
then they will perform bank confirmations, reconciliations.
Inventory, physical counting of items. Sales, tracking the unusual
sudden spikes.
Components of internal control – according to COSO Committee
of Sponsoring Organizations of the Treadway Commission. An
effective internal control system has five components. Where those
components are working together to help a company achieve:
Reliable financial reporting , Effective and efficient operations, and
Compliance with laws and regulations.
 (1)Control environment – integrity and ethical values of
management. Ex. Management emphasizes honesty and
adherence to policies.
(2)Risk assessment – management considers external risks and
internal risks
(3)Information and communication system – relevant information
must be identified, captured and communicated in a timely
manner.
(4)Control activities – policies and procedures designed to
prevent or detect errors or fraud
(5)Monitoring – ongoing or periodic evaluation of internal controls
Test of control in a CIS environment – it evaluates whether
automated and manual controls within the systems are effective. It
focuses on how the system prevents or detects errors and fraud in
financial reporting. While the computers do not make errors but the
programs and users can, auditors need special procedures to test
CIS control. In simple, it’s testing a company computer system
controls to make sure transactions are processed correctly and
safely.
Internal control in a CIS environment – in CIS environment internal
controls are designed to ensure that the automated and manual
processes work correctly and that financial information is reliable,
complete and secure. Computers process a large number of
transactions quickly, so errors or fraud can spread faster than in
manual systems. Also the auditor must have communication in the
IT professionals to know how the system runs according to the how
it is intended by the management.
Relationship between substantive test and test of control – it is a
complementary audit procedures used to reduce audit risk to an
acceptable level. Test of control evaluate whether the internal
controls are effective on the underhand substantive tests detect
material misstatements directly in financial statements or
transactions regardless of controls. Strong effective controls,
auditors may reduce the amount of substantive testing. Weaker or
ineffective controls, auditors must perform more extensive
substantive tests.
Basic steps in audit sampling – it is about audit procedures to less
than 100% of items in an account balance or class of transactions
to draw a conclusion about the entire population. As it is impossible
and hard for the auditors to track every single items. Steps:
Determine the objective, Define the population, Determine the
sample size, Select the sample, Perform audit procedures on
sample items, Evaluate results, Conclude and document.
Going concern assumption – it is assumption means the company
is expected to continue operating in the foreseeable future and not
go bankrupt or liquidate. If the client has a going concern
assumption the auditor will ask if the have plan to continue
operations or to liquidate. If yes auditors may have suggestions, Ex.
If the company is tight on credits, expenses the auditor may suggest
a restructuring in the company.
Wrap- up procedures – are the finals steps an auditor performs at
the end of the audit to ensure all evidence has been obtained and all
audit objectives are met before issuing the audit report. It helps
auditors confirm completeness, accuracy, and compliance. It’s the
final review before giving the audit opinion.
Audit documentation and working papers – they provide support
for the auditors opinion on the financial statements. Documentation
serves as a permanent record of the audit and helps in review,
supervision, and quality control. Ex. It helps justify the auditors
report if questioned by regulators or third parties. Types of working
papers: Permanent files – contain relevant information for multiple
years. Current files – information specific to the current year’s audit.
Attendance at physical inventory count/ attendance in inventory
count is impracticable – physical inventory count is when the client
physically counts their inventory at year-end. Under auditing
standards, the auditor is required to attend this count when
inventory is material. Why? Because inventory is prone to
misstatements, fraud and manipulation so the auditor must gather
evidence of existence and condition. Attendance is “impracticable”
when the auditor cannot be present at the physical count and it’s
not the auditors fault. Ex. Inventory located at remote or dangerous
locations.
Auditing estimates – these are the amounts in the financial
statements that cannot be measured exactly and therefore required
by judgement of the management. Ex. Bad debts, provisions and
warranty liabilities. The role of the auditor here is to check whether
the accounting estimates done by the management are reasonable
and free from bias.
Evaluating management experts – sometimes management uses
experts to help prepare certain items in the financial statements
that require specialize knowledge. Ex. Appraisers of the property
(PPE), lawyers (lawsuits and contingencies). The auditor must
evaluate the work of these experts because their conclusions affect
the financial statements. Like if the expert work is appropriate and
provides reliable evidence.
Using the work of an auditor experts – sometimes the auditor
needs help from their own independent expert when the audit
requires specialize knowledge that the auditor does not have.
Purposes: Assists in obtaining sufficient and appropriate audit
evidence, properly evaluate complex or technical matters.
Evaluating and testing the work of an internal auditor – external
auditors may use the work of internal auditors to reduce the amount
of audit work if the internal audit function is reliable. But before rely
and use the work must be evaluated and tested the internal auditors
work. External auditor must ask: Are they independent? Do they
know what they’re doing? Do they follow proper audit standards? Is
their work good enough for us to rely on?
Audit sampling – means the auditor tests a subset (sample) of the
items from a population instead of testing the 100% of the items.
This is done when the population is large, etc... auditor does this
because auditors do not have unlimited time or resources and it is
costly to check all the items.
Sampling risk, beta risk/ alpha risk – sampling risk is the chance
that the sample the auditor tested does not represent the whole
population, causing the auditor to reach the wrong conclusion.
Alpha risk – risk that the auditor rejects a control or account balance
even though it is actually okay. Ex. Auditor thinks there is a problem
but in reality there are none. Beta risk- risk that the auditor accepts a
control or account balance even though it is actually wrong. Ex.
Auditor thought there is no problem but in reality there is.
Attribute sampling – an audit sampling method, it checks whether
a control is working or not by testing for the presence or absence of
a specific attribute in each item tested. An attributes means a
Yes/No type characteristics such as: Was the document properly
approved? Was the invoice stamp paid?
Variable sampling – an audit sampling method, used in substantive
testing to estimate accounts or values in an account balance. The
auditor selects a sample of transactions or items, checks their
recorded amount vs. actual amount then projects the
misstatements to the entire population. Ex. It’s like checking your
grocery inventory to see if the total value is right.
Post audit responsibilities - are the tasks that the auditor must
complete after the audit report is issued such as: Finalizing and
assembling audit documentation, Retaining working papers,
Preparing the management letter, Considering any facts discovered
after the report date.
Subsequent events – are events or transactions that occur after the
balance sheet date but before the financial statements are issued.
These events can affect the financial statements or require
disclosure. Adjust events- Ex. Settlement of a lawsuit that confirms
a liability existed at year-end. Non- adjusting events – Ex. Natural
disaster damaging assets after year- end.
Litigation and claims – auditors objectives in these are to
determine whether all material litigation and claims are recorded
correctly, properly disclosed in the notes of financial statements.
Probable and can estimate, recognize a liability. Reasonably
possible, disclose in notes. Remote, no recognition or disclosure
required. Litigation and claims are potential legal obligations auditor
makes sure they are recognized or disclosed in the financial
statements.
Procedures to identify subsequent events – the goal of the auditor
here is to make sure all adjusting and non-adjusting events are
properly considered and disclosed. Main procedures: Auditor ask
management, Review board minutes, Check interim FS, Obtain
lawyer confirmations, Perform analytical reviews, and Examine
contracts or agreements after year- end.
Written representations – is a formal letter from management to
the auditor, confirming that: Financial statements are complete and
accurate, management has provided all relevant information,
Management acknowledges its responsibilities for the financial
statements and internal controls.
Unmodified auditors report/ basic elements – an unmodified
auditors report is a clean opinion stating that the financial
statements are fairly presented, in all material respects according to
accounting standards, it’s basic elements are: Title, Addressee,
Opinion, Paragraph, Basis for opinion, Management and auditor
responsibilities, Signature, Address, and Date.
Emphasis of matter paragraph – is included in an unmodified
opinion auditors report to draw attention to a matter already
disclosed in the financial statements that is important for users
understanding. Purpose: highlights a significant issue without
affecting the clean opinion. Make sure the readers don’t overlook
important disclosures.
Key audit matters – key audit matters are the most significant areas
of the audit, requiring special attention or judgement, highlighted in
the auditors report to help users understand important audit issues.
In simple, they show the most important or difficult parts of the
audit without changing the clean opinion.
Financial statement prepared using special purpose frameworks
– financial statements prepared using special purpose frameworks
are made for a specific purpose or user, using accounting rules
other than general- purpose frameworks. Ex. Cash basis
accounting, Regulatory basis accounting, Tax basis accounting.
Reporting on special purpose financial statements – when
reporting on special purpose financial statements, the auditor must
clearly state the framework used, the specific purpose or users and
any limitations, while giving an opinion based on that framework.
The goal is to ensure that the readers do not misinterpret the FS as
general purpose statements.
Review on financial statements – review engagement is a type of
assurance engagement where the auditor provides limited
assurance that the financial statements are free from material
misstatements. Why only limited? Because it does not include tests
of accounting records or detailed procedures like an audit. It mainly
relies on analytical procedures and inquiries.
Agreed upon procedures engagement – is when the auditor
performs specific tasks agreed with the client and reports factual
findings, without giving an opinion.
Compilation of financial statements – is an accounting service
where the accountant or auditor assembles financial statements
based on information provided by management, without performing
audit or review. No assurance is provided. The accountant helps
present financial information in proper format, but does not verify
accuracy or completeness.
Assurance engagement – an assurance engagement is when a
practitioner evaluates information against standards and provides
an independent conclusion to enhance credibility for users. In short
is a service that increases confidence in information by providing
and independent conclusion.
Ethics + new COE resolutions – means follow the basic rules of
being honest, fair, competent, confidential and professional in all
work. COE resolutions, auditor must follow stricter independence
rules, avoid conflicts of interest.
Fundamental principles – the five fundamental principles are:
Professional behavior, Integrity, Confidentiality, Professional
competence and due care, Objectivity. This guided the auditors to
act honestly, fairly and responsibly.
Conceptual framework – is not a standard itself but a guide for
standards. Helps prepare, interpret, and audit financial statements
consistently. Ensures that FS provide reliable and relevant
information for decision-making.
Threat – is anything that may compromise an auditors honesty,
objectivity or independence. Auditors must identify and apply
safeguards to reduce it. Ex. Self interest threat, intimidation threat,
familiarity threat ( reduce professional skepticism )
Safeguards – are measures or actions that auditors or accountant
take to eliminate or reduce threats to their compliance with ethical
principles to an acceptable level. They are essential whenever
threats exist. If threats cannot be reduced to an acceptable level,
the auditor must refuse or resign from the engagement.
Gifts and hospitality – refer to any benefits, favors, or
entertainment offered to auditors by clients or related parties. They
can create threat to independence or objectivity, because the
auditor may feel obliged or influence in making judgements. Small
gifts are okay, but anything significant should be refused or reported.
Independence – is the ability of the auditor to act with integrity,
objectivity, and professional skepticism without being influenced by
relationships, interests, or pressure from the client or other parties.
Engagement period – refers to the timeframe during which an audit
or is responsible for performing audit procedures and completing an
engagement. It is from the date of acceptance of the engagement
until the issuance of the auditors report.
Article 1 – is basically the “Title Declaration of Policy and
Objectives” of the law. It set the foundation for the regulation of the
accountancy profession in the Philippines. It says the law exists to
regulate CPAs, protect the public and uphold professional
standards.
Article 2 – it deals with the Definitions and Scope of Practice. It
clarifies key terms and who/what is covered under the law, which is
essential for understanding the responsibilities and limits of the
accountancy profession. In short, it explains who can practice
accountancy and what services only CPAs can perform.