Types of Audit Evidence

1. Underlying accounting records

-sales invoices maybe use by the auditor as evidence that sales had occur

2. Other information
-confirmation letter sent and received back from credit customer as evidence that account receivable is existing

Examples of Internal and External Document and their use

1. Internal documents

a. Depreciation and amortization schedule

- may be used by the auditor to recalculate the depreciation/amortization to ensure its accuracy
b. Employee timecards
-may be used by the auditor to recalculate salaries expense.

2. External document

Bank confirmation reply -used to prove the existence of cash in bank recorded.

- (How to obtain? You will ask the responsible party to make a letter, undersigned by the authorized
signatory, requesting the bank to send back you directly the letter with the amount of cash deposited by the
responsible party/client. Then, just tally it with the recorded cash in the books.)
a. Certificate of time deposit
-to check the existence of cash equivalent or short-term investment, whichever applicable, and accuracy of
recording as to amount, interest earned and receivable and if property recorded as current or noncurrent.

Types of Audit Procedures According to purpose

1. Risk assessment procedures (RAP)

-Example: the auditor will make an inquiry about the entity's transaction cycle (payroll, cash disbursement, account
receivable collection etc.) to assess if the respective account (salaries expense in payroll) is risky (inherent risk) and if
there are controls to mitigate this risk to mitigate the risk.

2. Further audit procedures

a. Test of controls (TOC)

-after you identify the designed controls to mitigate the risk, you will now perform ToC to verify the effectiveness of
applied controls.

-If the controls are effective to prevent detect and correct errors, we can assess control risk at a minimum level. If not, at
a maximum level.

Example: One of the controls in payroll cycle is the payroll computation will be checked and signed by the accounting
manager before disbursement. Upon checking of the payroll computations, you verified the accuracy and signature in
the aforementioned. Therefore, we can assess the control risk at a minimum level since this control is effective.
b. Substantive testing

-extent of substantive testing will be adjusted depending of our assessment of detection risk (Audit Risk IR x CR x DR).

Example, based on RAP inherent risk for payroll is high, controls are not effective, therefore, control risk is at a maximum
level, what will be the effect on detection risk? Since we must keep audit risk at a low level, we must maintain our
detection risk at a minimum level to mitigate the effect of high IR and CR. Since the detection risk must be kept at a
minimum level, meaning there should be less error, our substantive procedures must be extensive

i. Test of details-recalculation of depreciation expense, recalculation of payroll.

ii. Substantive analytical procedure - it involves vertical and horizontal analysis of balance.
(course comparison of 20x1 and 20x2 payroll expense. If it doubles, do you think its suspicious? Of course,
you must make an inquiry for that and ask for supporting documents)

According to type with examples

1. Inspection-inspection of loan agreement to check the needed information for loans payable.

2. Observation-Example, the cashier is required to call the attention of her superior to override transaction

(Ma'am pa-void). You will observe the cashier if she really does that.

3. External confirmation-bank confirmation reply

4. Recalculation-mathematical accuracy of depreciation expense computation.

5. Reperformace - Example, the supervisor is required to enter her password to override transaction of an annoying
customer. As an auditor, you may reperform that by entering any password other than the correct one to check if it will
not accept wrong passwords.

6. Analytical procedures - please read SAP above. Keyword: plausible relationship.

7. Inquiry-please read example above. (Commonly used by suspicious girlfriends)

Sufficiency vs. Appropriateness of Audit Evidence

Sufficiency

-talks about quantity or how much evidence we must obtain to minimize the detection risk and audit risk.

-The higher the ROMM, the more audit evidence (more audit procedures since evidence can be obtained by conducting
audit procedures) is required to minimize audit risk (refer o audit risk equation). Moreover, the quality of the evidence
has an inverse relationship to the sufficiency of it. The extent of testing (audit procedures) are ultimately based on
auditor's professional judgement.

1. 100% testing-if we are to test depreciation expense and we have 2 PPE, we are likely to conduct 100% testing
meaning, we will be testing depreciation of two PPEs.
2. Specific items-if we are to test the items equity, we are likely to specifically test capital to be traced on general
information sheet.
3. Audit sampling-if we are to test the occurrence of the entity's sales, we are more likely to use sampling.
Why? If the entity has 100,000 sales transactions, it's impossible to do 100% testing.
Appropriateness of evidence talks about its quality

- It involves the relevance of it to the assertion (e.g. certificate of time deposit is relevant to the existence of cash and
cash equivalents but not as to PPE) and reliability (e.g. the bank's direct confirmation reply of the entity's cash balance is
more reliable than the entity's photocopied passbook.)

Audit Documentation

-Documentation is necessary to audit since it will serve as a proof that audit procedures has been done, audit evidence
has been obtained and will show the conclusion the specific procedures done. Refer to Exhibit 3.8 Reconciliation of Audit
Documentation with F/S. The F/S shows that the entity has P953,500 cash and cash equivalent Impliedly, the entity
asserts that this amount is existing. As part of our audit procedures, we will obtain a trial balance (TB) from the entity to
tally it with the F/S. Further, we will request for a breakdown and tally it again with TB and F/S. Furthermore, we must
send confirmation letter to bank to confirm these balances and make an inquiry for any differences. This information
must be documented in MS excel or any other document as applicable and will serve as our audit documentation and
evidence since in practice the rule is if it's not documented, it is not done" (You can always say that you have already
done the procedures but you need a proof.)

Vouching vs. Tracing

1. Vouching
-if you were to check for the occurrence of the sales in the books, you must check its balance from: FS, to trial
balance, to ledger, to joumal and to official receipt issued. (From FS to source documents)
2. Tracing
-for instance you must test the completeness of the expenses. You must pick official receipt received then check
if to cash disbursement joumal, to ledger, to trial balance and to records (From source document to records).

Type of Audit File

1. Permanent (continuing)

- documentation of your understanding of cash disbursement cycle (from request to approval to disbursement). This
documentation may be used gain next year and needed just some updating and confirmation if there are no significant
changes in the process.

2. Current file-documentation of bank reconciliation. This may not be used again next year because cash balance,
reconciling items and other information related to this varies from year to year. So how can you use it again? Right?
Performing Preliminary Engagement Activities

1. the integrity of the client. Why client's integrity is important if we are to audit its FS, the client's integrity is
questionable there is a chance that their financial statement is fraudulent too. We could talk to predecessor auditor if
necessary, use the search engines for news and inquiry with third party to obtain necessary information about this.

2. the auditor's compliance with ethical requirement. For example, you are to audit the business of your wife. Do you
think there is a lack of independence and potential bins on your part? Of course! So, we are likely to decline that
engagement unless this risk is addressed.

3. "Can we do and finish the audit on time? So, we must ask the ff questions

a. Do we have enough people with necessary skill to do the audit? One auditor cannot serve 15 clients at the
same time. They are already exhausted with one.
b. Do we have enough resources to complete the audit? Auditing requires time and money to finish. Of course, no
CPA will work in an auditing firm for free. No auditor will go to client by walking if it is in another city. How about
the internet and etc.? Although client will eventually pay you. You need working fund to support your daily
needs in auditing. Asa general, most of the audit fees will only be received at the release of auditor's
c. Do we have enough time to finish the audit? For example, a client is negotiating with you to perform an audit
engagement to be completed next week. This clent is San Miguel Corp. Can you finish it? Of course, NO! You will
die first because of lack of sleep.

4. After considering these three, you may now decide whether to decline the engagement or to continue preparation
and agreement of engagement terms. If we are to decline the engagement, we must communicate with Those Charged
with Goverance (TCWG) the reason, basis, and key issues in declining the engagement. If we are to accept them
engagement, we must prepare engagement letter that contains the audit objective, parties' responsibilities, and audit
fees if already negotiated.

5. Based on the agreement above, we will now if we can complete the audit based on the scope agreed by the client. If
the scope limit us to obtain necessary information to opine, we are likely to decline the engagement. How can we audit
the FS if there will be no or insufficient information to be provided? Just disclaim your opinion.

Engagement Letter

 Contains the objective (to express opinion whether the FS are presented fairly), scope (to audit the
complete sets of FS) and acceptance of the engagement.
 Auditors responsibilities -to conduct the audit in accordance with Philippine Standards on Auditing (PSAS) to
opine whether the FS is presented fairly or not. This includes performing necessary procedures and
obtaining sufficient and appropriate evidence. We also acknowledge the inherent limitation in the audit that
may hinder us in detecting all errors and frauds. Remember, we do not offer absolute assurance. Risks will
never be 100% removed.
 Management responsibilities which states that they acknowledge their full responsibility in preparation of FS
in accordance with PFRS, for internal controls, and to provide the auditor all of the necessary information in
any form (document or inquiry) to do the audit.
Audit Fees

These are the following billing methods and corresponding example:

 Fix flat fee basis

-lump sum billing. Example, the client vill pay you P:00,000 for the whole audit Actual time (Per Diem)-we will
bill the client depending on actual time spent. For example, two auditors rate is P1,000 per hour. They spent 100
hours to finish the aude, we will bili P200,000,
 Maximum fees
-continuing the preceding Example but the maximum amount allowed to be billed is 150,000, in that case, we
can only bill P150,000 Retainer's fee-billing client on a periodic basis. For example, we will bill the client P20,000
monthly.

Planning an Audit of FS

Planning of an audit involves:

 Establishing overall audit strategy

 Developing audit plan

The Audit Team

 Junior Associates - assigned to the detailed routine audit task. They have the most working papers. For example,
junior associate will request for PPE lapsing and will recalculate the depreciation, check for impairment, vouch
source document of newly acquired PPE and make an inquiry if there are any difference. He also does the
printing and photocopying job.
 Senior Associates - he is in charge in overseeing day to day audit work of the junior associate. He is also the one
who reviews the work of junior associate to check it is done well or if there are additional procedures that must
be performed to address the risk. They are also the one in charge with significant account (High risk account)
 Managers ensure that the audit is being done in accordance with the audit plan. They supervise their
subordinates and in charge with more complex audit areas such as vague applications of standards.
 Partner-the overall responsible for the audit. He is the one signing the auditor's report. He is also in charge in
making necessary and critical decisions and ensures audit quality. He will make your life miserable. Char!

Detailed Audit Plan

-It is the list of audit procedures (What to do) that must be performed by the audit team.

1. RAP-the example of specific procedures to be performed under RAP

a. Accomplish understanding the business template

b. Perform walkthrough (Understanding different processes such as cash disbursement process and Collection
process)

2. FAP-the example of specific procedures to be performed under FAP

a. For Cash
i. Bank confirmation letter to confirm cash balance
ii. Bank reconciliation to reconcile difference
b. For PPE
i. Recalculate depreciation
ii. Vouch source document of newly acquired PPE
Materiality -maximum misstatement in the FS that could affect the decision of the user. It is relative as to size and
nature.

Example, P10,000 misstatement in sales may be material to a company with a P50,000 total sales but not with a
P500,000 sales (Size). Further if the misstatement is due to fraud, we may consider it as material depending on our
professional judgement (Nature).

The users of F/S make economic decisions based on the information provided by the F/S. Our ultimate goal is to opine if
the F/S is presented fairly in all material respect. Since we only offer reasonable assurance, we are only required to make
audit procedures on material items since only material items can affect the economic decisions of the users.

Alpha Risk vs, Beta Risk

Since .materiality is based on professional judgement and estimate of the auditor, it may be assessed too low risk

that may lead to (alpha risk) or too high (beta risk).

Alpha risk-since materiality is inversely related to our audit procedure, too low materiality may lead us to do
unnecessary audit procedures. Our effort and resources were unnecessarily wasted. This means that our efficiency in
audit was compromised.

Beta risk- too high materiality may lead us to except material item that should have been tested. This means the
effectivity of audit was compromised that may lead us to incorrect audit opinion.

Materiality Vs Audit Procedures and Evidence

Materiality has an inverse relationship with audit procedures and evidence.

Scenario The entity has the following sales

1 132,500 5 125,000
2 150,000 6 120,000
3 110,000 7 123,500
4 100,000 8 173,750

If we assessed the materiality to 150,000, we will be conducting procedures to sales number 2 and 8 But if it is assessed
to 125,000, sales number 1,2,5, and 8 will qualify for our testing. Therefore, we will be needing to gather more evidence
and conduct more procedures to test the sales.
Three Different Levels of Materiality

1. Materiality for FS as a whole (General Materiality/Planning Materiality or PM)

a. Determined at the overall FS level

b. b Basis of the auditor to decide whether proposed audit engagement is significant or not
c. Required steps
i. Determine appropriate benchmark (for startup entity, expenses may be the appropriate benchmark since
startup business rarely generates revenue and has a lot of startup expenses
ii. Choose appropriate percentage (the lower percentage, the more extensive procedures, eg, 5% (lower) to 3%
(higher), therefore Materiality Expenses x (8% or 5% ) )

2. Performance materiality (Tolerable Error or TE)

a. Calculated at a certain percentage of general may exceed general materiality to capture misstatements that in
aggregate may exceed general materiality (eg 50% of PM)
b. Used in scoping FS line items (eg. TE is 500 000, total PPE is 50,000, therefore it is immaterial as to amount, not
subject for testing)

3. Particular materiality

a. Amount set by the auditor for particular classes of transaction, account balances or disclosure for misstatement
that is lower than PM but may affect decision of users (immaterial as to amount but material as to nature)
b. Factors to be considered in determining particular materiality

Laws and regulation

i. Financial reporting framework

ii. Key financial disclosures of the entity
iii. Particular aspects of the business
iv. Understanding of the view of these charged with governance

SAS 6

Understanding the Entity and its Environment

Objective of the auditor

 Identify and assess ROMM due to fraud and/or error

 Provide a basis for designing and implementation responses to the assessed ROMM

Risk assessment procedures shall include the ff.

 Inquiry of the management and others within the entity

 Analytical procedures
 Observation and inspection
The auditors understanding of the entity shall include the ff. aspects:

 Industry, regulatory, and other external factors, including the applicable financial reporting framework
 Nature if the entity, including the entity's selection and application of accounting policies
 Objectives and strategies and the related business risks that may result in a material misstatement of the FS
 Measurement and review of the entity's financial performance.
 Internal control

Analytical Procedures

1. Planning analytical procedure-used to assess risks

2. Substantive analytical procedure-to detect material misstatements
3. Conclusion and reporting-to assess the validity of conclusion

The typical analytical procedures are:

 Trent analysis-eg rent expense is assumed to be foxed or have a trivial fluctuation per month

Year Rent Expense

20x1 1,000,000
20x3 1,050,000
20x4 2,000,000
Based on this information, we can say that 20x3 has an abnormal increase from 20x2. Therefore, the is a higher chance
that this account may include misstatements.

 Ratio analysis-eg. if PPE equates to 70% of the total assets, it may show red flag on this account
 Test of reasonableness-eg There is an additional employee hired in January with 10.000 salary per month, our
assumption in, salaries expense for the year will increase by approximately 120,000

Six Elements of Auditor's Understanding

1. External factors
a. industry
b. Regulatory environment
c. Financial Reporting framework

2. Nature of the entity

a. Operations and key personnel
b. Ownership and governance
c. Investment structure and financing

3. Accounting policies
a. Selection and application
b. Reason for changes
c. Appropriateness to entity
 4. Entity objectives and strategies
a. Business plan and strategies
b. Financial implication and risks

5. Measurement and review of financial performance

a. What is measured
b. Who reviews financial results

6. Internal control relevant to the audit

a. Processes and relevant control that addresses ROMM

SAS 7

Internal Control

-the processed designed, implemented and maintained by those charged with governance, management and other
personnel to provide reasonable assurance about the achievement of an entity's objectives with regard to:

 Reliability of financial reporting

 Effectiveness and efficiency of operation
 Compliance with applicable laws and regulations

The auditor shall obtain an understanding of controls that is relevant to the audit and evaluate those control to
determine whether they are really implemented or not by making an inquiry and observing and re-performing the
control.

Components of Internal Control

1. Control Environment

-it includes governance and management function and the attitude, awareness, and actions of those charged with
governance and management concerning the entity's internal control and its importance.

Elements of control environment

 Integrity and ethical values

 Commitment to competence
 Participation of TCWG
 Management philosophy and operating style
 Organizational structure
 Assignment of authority and responsibility
 Human resource policies and practice
2. The Entity's Risk Assessment Process

-the auditor shall obtain an understanding of whether the entity a process for Identifying business risks relevant to the

a. financial reporting objectives

b. Estimating significant risks
c. Assessing likelihood of their occurrence
d. Deciding about actions to address those risks

3. Information System

-including business processes relevant to the audit and Communication

I. The auditor shall obtain understanding of information system including the following areas
a. Transactions significant to FS
b. How transactions are initiated, recorded, processed, and corrected as necessary,
c. Accounting record and support
d. Manner of capturing and processing transaction from recording to FS
e. IT related control for financial accounting cost process.

II. The auditor shall obtain an understanding of how the entity communicates financial reporting roles and
responsibilities and significant matters relating to financial reporting, including
a. Communication between management and TCWG
b. External communication, such as those with regulatory authorities

4. Control activities relevant to audit

Example of controls activities

a. Authorization
b. Performance review
c. Information processing
d. Physical control
e. Segregation of duties

5. Monitoring control

-The assessment of design and operation of controls on a timely basis and taking the necessary corrective actions
modified for changes in condition The auditor shall obtain an understanding of the major activities that the entity uses
to monitor intermal control over financial reporting.

Internal Control for Small Businesses

In small business, with very few office employees, it is difficult to have proper segregation of duties or maintain a
separate internal audit department Consequently, internal control systems in small businesses tend to be weak
compared to internal control system of larger entities. These weaknesses, however, can be compensated if the
owner/manager actively, participates in the operations of the entity.