AUDITING THEORY

Notes to Remember
AIR 2015

Audit- a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic
actions and events to ascertain the degree of correspondence between these assertions and established criteria
and communicating the results to interested users.
Assertions- representations made by an auditee about economic actions and events.
 Completeness- all that should have been recorded have been recorded
 Rights and obligations- the entity holds or controls the rights to assets and liabilities are the obligations of
the entity
 Existence or occurrence- all that are recorded pertains to the entity
 Valuation and allocation- all are in appropriate amounts and any adjustments are properly record
 Presentation and disclosure
Categories:
Transactions and events ( COCAC) Completeness, Occurrence, Cutoff, accuracy, Classification
Account balances at period end (CREV) Completeness, Rights and obligations, Existence, Valuation and
allocation
Presentation and disclosure (COCA) Completeness, Occurrence and rights and obligations, Classification
and understandability, Accuracy and valuation
Established criteria- needed to judge the validity of an assertion
Authority Attaching to Philippine Standards Issued by AASC:
1. Philippine Standards on Auditing (PSAs) – applied to audit of historical information
2. Philippine Standards on Review Engagements (PSREs)- applied to review on historical financial information
3. Philippine Standards on Assurance Engagements- applied to assurance engagements dealing with subject
matters other than historical financial information
4. Philippine Standards on Related Services (PSREs)- applied to compilation engagements, engagements to apply
agreed-upon procedures to information and other related services engagements as specified by the AASC
Philippine Practice Statements- issued to provide interpretive guidance and practical assistance to professional
accountants in implementing Philippine Standards
AUDIT in accordance with PSAs
Overall objectives- (1) to obtain reasonable assurance about whether the financial statements as a whole
are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to
express an opinion on whether the financial statements are prepared, in all material respects, in
accordance with the auditor’s findings and (2) to report on the financial statements, and communicate as
required by the PSAs, in accordance with the auditor’s findings
High but not absolute assurance
Positive assurance
REVIEW Engagements
Objective by way of negative assurance
Comprises of an INQUIRY and ANALYTICAL procedures
Level of assurance is less than that given in an audit report
Moderate assurance
AGREED-UPON engagements
Report on FACTUAL FINDINGS
Report is restricted those parties that have agreed to the procedures to be performed
COMPILATION
Accountant is engaged to use accounting expertise
Collect, classify and summarized financial information
Reduce data to manageable and understandable form

SUBJECT MATTER OF AN ASSURANCE ENGAGEMENTS

FINANCIAL PERFORMANCE/ CONDITIONS
NON-FINANCIAL PERFORMANCE
PHYSICAL CHARACTERISTICS
SYSTEMS AND PROCESSES
BEHAVIOR
AUDITING FIRM
Shall established a SYSTEM OF QUALITY CONTROL to provide assurance that
 The firm and its personnel comply with professional standards and regulatory and legal
requirements

1|AMST, CPA
 AUDITING THEORY
Notes to Remember
AIR 2015
 Reports by the firm or engagement partners are appropriate in the circumstance
 Addresses the following (HARLEM)
o Human resources-perform in accordance with professional standards, and issue report
that is appropriate in the circumstance
o Acceptance and continuance of client relationships and specific engagements-
engagement partner shall see to it that the appropriate procedures have been followed
and determine that conclusion reached are appropriate
o Relevant ethical requirements-engagement partner shall form a conclusion on
noncompliance with independence requirements that apply to audit engagement
o Leadership responsibility for quality within the firm-engagement partner is responsible
for overall quality on each audit
o Engagement performance
o Monitoring
Engagement letters- contains agreed terms of the audit engagement. Includes:
Objective and scope of the audit of financial statements
Responsibilities of the auditor
Responsibilities of management
Identification of the applicable financial reporting framework for the preparation of the financial
statements
Reference to the expected form and content of any reports to be issued by the auditor and a statement
that there may be circumstances in which a report may differ from its expected form and content
Assessment of risks of material misstatements includes (1) inquiries within the entity,(2) analytical procedures, (3)
observation and (4) inspection
Internal Control- the process designed, implemented and maintained by those charged with governance,
management and other personnel to provide reasonable assurance about the achievement of an entity’s
objectives with regard to: RELIABILITY OF FINANCIAL REPORTING, EFFECTIVENESS AND EFFICIENCY OF OPERATIONS
and COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS
COMPONENTS ( CRIMC)
 Control environment- includes the governance and management functions and the attitudes,
awareness, and actions of those charged with governance and management concerning the
entity’s internal control and its importance in the entity.
o ELEMENTS (IMACPA)
 Integrity and ethical values
 Management philosophy and operating style
 Active participation of those charged with governance
 Commitment to competence
 Personnel policies and procedures
 Assignment of responsibility and authority/ organizational structure
 Risk Assessment
 Information system
 Monitoring- assess the design and operation of controls on a timely basis
 Control activities- policies and procedures to help ensure that management directives are carried
out
Accounting system means the series of tasks and records of an entity by which transactions are processed as a
means of maintaining financial records. Such systems identify, assemble, analyze, calculate, classify, record,
summarize and report transactions and other events.

Internal Control System means all the policies and procedures (internal controls) adopted by the management of
an entity to assist in achieving management’s objective of ensuring, as far as practicable,:
• orderly and efficient conduct of its business, including adherence to management policies;
• safeguarding of assets;
• prevention and detection of fraud and error;
• accuracy and completeness of the accounting records; and
• timely preparation of reliable financial information.

The internal control system extends beyond those matters which relate directly to the functions of the accounting
system.
Control environment- The control environment includes the attitudes, awareness, and actions of management
and those charged with governance concerning the entity’s internal control and its importance in the entity. The

2|AMST, CPA
 AUDITING THEORY
Notes to Remember
AIR 2015
control environment also includes the governance and management functions and sets the tone of an
organization, influencing the control consciousness of its people. It is the foundation for effective internal control,
providing discipline and structure.

The control environment encompasses the following elements:

• Communication and enforcement of integrity and ethical values.

• Commitment to competence.
• Participation by those charged with governance.
• Management’s philosophy and operating style.
• Organizational structure.
• Assignment of authority and responsibility.
• Human resource policies and practices.

Entity’s risk assessment process - An entity’s risk assessment process is its process for identifying and responding
to business risks and the results thereof. For financial reporting purposes, the entity’s risk assessment process
includes how management identifies risks relevant to the preparation of financial statements that are presented
fairly, in all material respects in accordance with the entity’s applicable financial reporting framework, estimates
their significance, assesses the likelihood of their occurrence, and decides upon actions to manage them.
Risks can arise or change due to circumstances such as the following:

• Changes in operating environment. Changes in the regulatory or operating environment can result in changes in
competitive pressures and significantly different risks.

• New personnel. New personnel may have a different focus on or understanding of internal control.
• New or revamped information systems. Significant and rapid changes in information systems can change
the risk relating to internal control.
• Rapid growth. Significant and rapid expansion of operations can strain controls and increase the risk of a
breakdown in controls.
• New technology. Incorporating new technologies into production processes or information systems may
change the risk associated with internal control.
• New business models, products, or activities. Entering into business areas or transactions with which an entity
has little experience may introduce new risks associated with internal control.
• Corporate restructurings. Restructurings may be accompanied by staff reductions and changes in
supervision and segregation of duties that may change the risk associated with internal control.
• Expanded foreign operations. The expansion or acquisition of foreign operations carries new and often unique risks
that may affect internal control, for example, additional or changed risks from
foreign currency transactions.
• New accounting pronouncements. Adoption of new accounting principles or changing accounting principles may
affect risks in preparing financial statements.

Information system, including the related business processes, relevant to financial reporting, and
communication

An information system consists of infrastructure (physical and hardware components), software, people,
procedures, and data. Infrastructure and software will be absent, or have less significance, in systems that are
exclusively or primarily manual.

The information system relevant to financial reporting objectives, which includes the financial reporting system,
consists of the procedures and records established to initiate, record, process, and report entity transactions (as
well as events and conditions) and to maintain accountability for the related assets, liabilities, and equity.

Accordingly, an information system encompasses methods and records that:

• Identify and record all valid transactions.

3|AMST, CPA
 AUDITING THEORY
Notes to Remember
AIR 2015
• Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions
for financial reporting.
• Measure the value of transactions in a manner that permits recording their proper monetary value in the
financial statements.
• Determine the time period in which transactions occurred to permit recording of transactions in the proper
accounting period.
• Present properly the transactions and related disclosures in the financial statements.

Communication involves providing an understanding of individual roles and responsibilities pertaining to internal
control over financial reporting. It includes the extent to which personnel understand how their activities in the
financial reporting information system relate to the work of others and the means of reporting exceptions to an
appropriate higher level within the entity. Open communication channels help ensure that exceptions are
reported and acted on.

Control activities

Control activities are the policies and procedures that help ensure that management directives are carried out, for
example, that necessary actions are taken to address risks that threaten the achievement of the entity’s
objectives.
Generally, control activities that may be relevant to an audit may be categorized as policies and procedures that
pertain to the following:

• Performance reviews.
• Information processing.
• Physical controls.
• Segregation of duties.

Monitoring of controls

Management’s monitoring of controls includes considering whether they are operating as intended and that they
are modified as appropriate for changes in conditions. Monitoring of controls may include activities such as
management’s review of whether bank reconciliations are being prepared on a timely basis, internal auditors’
evaluation of sales personnel’s compliance with the entity’s policies on terms of sales contracts, and a legal
department’s oversight of compliance with the entity’s ethical or business practice policies.

Inherent Limitations of Internal Controls

1. Management’s usual requirement that the cost of an internal control does not exceed the expected benefits
to be derived.
2. Most internal controls tend to be directed at routine transactions rather than non-routine transactions.
3. The potential for human error due to carelessness, distraction, mistakes of judgment and the
misunderstanding of instructions.
4. The possibility of circumvention of internal controls through the collusion of a member of management or an
employee with parties outside or inside the entity.
5. The possibility that a person responsible for exercising an internal control could abuse that responsibility, for
example, a member of management overriding an internal control.
6. The possibility that procedures may become inadequate due to changes in conditions, and compliance with
procedures may deteriorate.

Accounting and Internal Control Assessment

1st Understanding of accounting and internal control system
nd
2 Plan the assessed level of control risk
3rd Performance of tests of controls (if appropriate)
4th Reassessment of control risk
5th Final assessment of control risk

(1st) Understanding of Accounting and Internal Control Systems

In the audit of financial statements, the auditor is only concerned with those policies and procedures within the
accounting and internal control systems that are relevant to the financial statement assertions. The understanding

4|AMST, CPA
 AUDITING THEORY
Notes to Remember
AIR 2015
of relevant aspects of the accounting and internal control systems, together with the inherent and control risk
assessments and other considerations, will enable the auditor to:
(a) identify the types of potential material misstatements that could occur in
the financial statements;
(b) consider factors that affect the risk of material misstatements; and (c)
design appropriate audit procedures.

The nature, timing and extent of the procedures performed by the auditor to obtain an understanding of the
accounting and internal control systems will vary with, among other things:
• The size and complexity of the entity and of its computer system.
• Materiality considerations.
• The type of internal controls involved.
• The nature of the entity’s documentation of specific internal controls.
• The auditor’s assessment of inherent risk.
• Experience gained from prior audits.

Procedures in Obtaining Understanding

1. Make inquiries of appropriate company personnel
2. Inspect documents and records
3. Observe the company’s activities and operations 4. Walk-through

Documentation of Understanding
The auditor should document his understanding of internal control. The extent of documentation is a matter of
the CPA’s judgment and the form of documentation depends upon his preference and skills.
1. Narrative descriptions 3. Flowcharts
2. Internal control questionnaires (ICQ) 4. Checklists

(2nd) Preliminary Assessment of Control Risk

The preliminary assessment of control risk is the process of evaluating the effectiveness of an entity’s accounting
and internal control systems in preventing or detecting and correcting material misstatements. There will always
be some control risk because of the inherent limitations of any accounting and internal control system.

After obtaining an understanding of the accounting and internal control systems, the auditor should make a
preliminary assessment of control risk, at the assertion level, for each material account balance or class of
transactions.

The auditor ordinarily assesses control risk at a high level for some or all assertions when:
(a) the entity’s accounting and internal control systems are not effective; or
(b) evaluating the effectiveness of the entity’s accounting and internal control systems would not be
efficient.

The preliminary assessment of control risk for a financial statement assertion should be high unless the auditor:
(a) is able to identify internal controls relevant to the assertion which are likely to prevent or detect and
correct a material misstatement; and
(b) plans to perform tests of control to support the assessment.
(3rd) Test of Controls
If appropriate, tests of control are performed to obtain audit evidence about the effectiveness of the:
(a) design of the accounting and internal control systems, that is, whether they are suitably designed to
prevent or detect and correct material misstatements; and (b) operation of the internal controls throughout the
period.
Procedures for Performing Tests of Controls
1. Inspection 2. Inquiry 3. Observation 4. Reperformance 5. Walk-through
REQUIRED DOCUMENTATION
ASSESSED CONTROL RISK
HIGH (Maximum) LESS THAN HIGH(Below maximum)
Understanding of ICS Required Required
Tests of controls Required Required

5|AMST, CPA
 AUDITING THEORY
Notes to Remember
AIR 2015
Assessment of Control risk required not required
Reason for assessment Not Required Required

(4th) Reassessment of control risk

Based on the results of the tests of control, the auditor should evaluate whether the internal controls are designed
and operating as contemplated in the preliminary assessment of control risk. The evaluation of deviations may
result in the auditor concluding that the assessed level of control risk needs to be revised. In such cases, the
auditor would modify the nature, timing and extent of planned substantive procedures.

(5th) Final Assessment of Control Risk

Before the conclusion of the audit, based on the results of the substantive procedures and other audit evidence
obtained by the auditor, the auditor should consider whether the assessment of control risk is confirmed.
Communication of Weaknesses

As a result of obtaining an understanding of the accounting and internal control systems and tests of control, the
auditor may become aware of weaknesses in the systems. The auditor should make management aware, as soon
as practical and at an appropriate level of responsibility, of material weaknesses in the design or operation of the
accounting and internal control systems, which have come to the auditor’s attention. The communication to
management of material weaknesses would ordinarily be in writing. However, if the auditor judges that oral
communication is appropriate, such communication would be documented in the audit working papers. It is
important to indicate in the communication that only weaknesses which have come to the auditor’s attention as a
result of the audit have been reported and that the examination has not been designed to determine the
adequacy of internal control for management purposes.

Related PSA: PSA 530

When designing audit procedures, the auditor should determine appropriate means of selecting items for testing.
The means available to the auditor are:
(a) Selecting all items (100% examination); (b)
Selecting specific items, and (c) Audit sampling.

The decision as to which approach to use will depend on the circumstances, and the application of any one or
combination of the above means may be appropriate in particular circumstances. While the decision as to which
means, or combination of means, to use is made on the basis of audit risk and audit efficiency, the auditor needs
to be satisfied that methods used are effective in providing sufficient appropriate audit evidence to meet the
objectives of the test.
Selecting All Items

The auditor may decide that it will be most appropriate to examine the entire population of items that make up an
account balance or class of transactions (or a stratum within that population). 100% examination is unlikely in the
case of tests of control; however, it is more common for substantive procedures. 100% examination may be
appropriate on the following:

a) When the population constitutes a small number of large value items;

b) When both inherent and control risks are high and other means do not provide sufficient appropriate
audit evidence; or
c) When the repetitive nature of a calculation or other process performed by a computer
information system makes a 100% examination cost effective.
Selecting Specific Items

The auditor may decide to select specific items from a population based on such factors as knowledge of the
client’s business, preliminary assessments of inherent and control risks, and the characteristics of the population
being tested. The judgmental selection of specific items is subject to non-sampling risk. Specific items selected
may include:

• High value or key items. The auditor may decide to select specific items within a population because they
are of high value, or exhibit some other characteristic, for example items that are suspicious, unusual,
particularly risk-prone or that have a history of error.

6|AMST, CPA
 AUDITING THEORY
Notes to Remember
AIR 2015

• All items over a certain amount. The auditor may decide to examine items whose values exceed a certain
amount so as to verify a large proportion of the total amount of an account balance or class of
transactions.

• Items to obtain information. The auditor may examine items to obtain information about matters such as
the client’s business, the nature of transactions, accounting and internal control systems.

• Items to test procedures. The auditor may use judgment to select and examine specific items to
determine whether or not a particular procedure is being performed.

While selective examination of specific items from an account balance or class of transactions will often be an
efficient means of gathering audit evidence, it does not constitute audit sampling. The results of procedures
applied to items selected in this way cannot be projected to the entire population. The auditor considers the need
to obtain appropriate evidence regarding the remainder of the population when that remainder is material.

Audit Sampling

The auditor may decide to apply audit sampling to an account balance or class of transactions. Audit sampling
(sampling) involves the application of audit procedures to less than 100% of items within an account balance or
class of transactions such that all sampling units have a chance of selection.

Terms normally associated with sampling:

Population - means the entire set of data from which a sample is selected and about which the auditor wishes to
draw conclusions. For example, all of the items in an account balance or a class of transactions constitute a
population. A population may be divided into strata, or subpopulations, with each stratum being examined
separately. The term population is used to include the term stratum.

Sampling unit - means the individual items constituting a population, for example checks listed on deposit slips,
credit entries on bank statements, sales invoices or debtors’ balances, or a monetary unit.

Sampling frame – means the documentary evidence which physically represents the sampling units in a given
population.

Sample – the portion of the population that will be subjected to audit testing. The selected sample should be
representative of the population.

Error - For purposes of PSA 530, means either control deviations, when performing tests of control, or
misstatements, when performing substantive procedures.

Tolerable error - means the maximum error in a population that the auditor is willing to accept.

Stratification - is the process of dividing a population into subpopulations, each of which is a group of sampling
units which have similar characteristics (often monetary value).

Sampling is not involved in:

1) 100% examination;
2) Selective testing; and
3) Audit procedures which either (1) have very limited purposes and provide only a small portion of the
evidence needed to meet an audit objective or (2) intentionally exclude a portion of the population such as:
a) Performing a walkthrough test;
b) Testing controls that leave no audit trail (such as observing client personnel as they perform internal
control activities);
c) Performing analytical procedures;

Advantages of sampling over complete (100%) verification

7|AMST, CPA
 AUDITING THEORY
Notes to Remember
AIR 2015
1) Timeliness – Sampling requires lesser time; audit would be completed on a more timely basis.
2) Efficiency – Sampling can considerably reduce audit costs.
3) Effectiveness – Sampling can provide valid conclusions that the sample reflects the same characteristics as
the population.

Risk Considerations in Obtaining Evidence

Sampling risk and non-sampling risk can affect the components of audit risk.

Sampling risk arises from the possibility that the auditor’s conclusion, based on a sample may be different from the
conclusion reached if the entire population were subjected to the same audit procedure.

Nonsampling risk arises from factors that cause the auditor to reach an erroneous conclusion for any reason not
related to the size of the sample, such as:

1) Failure to select appropriate audit procedures

2) Failure to recognize errors in documents examined
3) Misinterpreting the results of audit tests

For both tests of control and substantive tests, sampling risk can be reduced by increasing sample size, while non-
sampling risk can be reduced by proper engagement planning, supervision, and review.

Types of Sampling Risks

Tests of Controls

1) Risk of under-reliance – Sample does not support the auditor’s planned degree of reliance on the control
when true compliance rate supports such reliance. Also known as the risk of assessing control risk too
high - the risk the auditor will conclude that control risk is higher than it actually is.

2) Risk of over-reliance – Sample supports the auditor’s planned degree of reliance on the control when true
compliance rate does not justify such reliance. Also known as the risk of assessing control risk too low -
the risk the auditor will conclude that control risk is lower than it actually is.

Substantive Testing

1) Risk of incorrect rejection – the risk the auditor will conclude that a material error exists when in fact it
does not.

2) Risk of incorrect acceptance – the risk the auditor will conclude that a material error does not exist when
in fact it does.

Effect of sampling risk on audit

1) Efficiency – The risk of under-reliance and the risk of incorrect rejection (both referred to as Alpha Risk)
affect audit efficiency as it would usually lead to additional work to establish that initial conclusions were
incorrect.

2) Effectiveness – The risk of over-reliance and the risk of incorrect acceptance (both referred to as Beta
Risk) affect audit effectiveness and is more likely to lead to an inappropriate audit opinion.

General approaches to audit sampling

Statistical sampling – approach to sampling that has the characteristics of:

• random selection of a sample; and
• use of probability theory to evaluate sample results, including measurement of sampling risk.

Advantages Disadvantages

8|AMST, CPA
 AUDITING THEORY
Notes to Remember
AIR 2015
Helps auditor May involve additional costs in
1) Design an efficient sample; 1) Training auditors;
2) Measure the sufficiency of evidential 2) Designing samples;
matter obtained; 3) Selecting items to be tested.
3) Objectively evaluate sample results.

When applying statistical sampling, the sample size can be determined using either probability theory or
professional judgment.

Nonstatistical sampling – A sampling approach that does not have characteristics of statistical sampling.

Reasons for use – Often less costly and time-consuming to apply than statistical sampling, but can be as effective in
achieving audit objectives.

Similarities – Both statistical and nonstatistical sampling

1) Can provide sufficient, competent evidential matter;
2) Involve judgment in planning, executing the sampling plan, and evaluating the sample results;
3) Require that sample item be selected in such a way that sample can be expected to be
representative of the population.
Choice of approach – The decision whether to use a statistical or non-statistical sampling approach is a matter for
the auditor’s judgment regarding the most efficient manner to obtain sufficient appropriate audit evidence in the
particular circumstances.
Sample size is not a valid criterion to distinguish between statistical and non-statistical approaches. Sample size is
a function of various factors. When circumstances are similar, the effect on sample size of certain factors will be
similar regardless of whether a statistical or non-statistical approach is chosen.

Sample Selection Methods

Appropriate for statistical and non statistical sampling

(a) Use of a computerized random number generator or random number tables.

(b) Systematic selection, in which the number of sampling units in the population is divided by the sample
size to give a sampling interval, for example 50, and having determined a starting point within the first
50, each 50th sampling unit thereafter is selected. Although the starting point may be determined
haphazardly, the sample is more likely to be truly random if it is determined by use of a computerized
random number generator or random number tables. When using systematic selection, the auditor
would need to determine that sampling units within the population are not structured in such a way
that the sampling interval corresponds with a particular pattern in the population.

Not appropriate for statistical sampling

(c) Haphazard selection, in which the auditor selects the sample without following a structured technique.
Although no structured technique is used, the auditor would nonetheless avoid any conscious bias or
predictability (for example avoiding difficult to locate items, or always choosing or avoiding the first or
last entries on a page) and thus attempt to ensure that all items in the population have a chance of
selection. Haphazard selection is not appropriate when using statistical sampling.

(d) Block selection involves selecting a block(s) of contiguous items from within the population. Block
selection cannot ordinarily be used in audit sampling because most populations are structured such that
items in a sequence can be expected to have similar characteristics to each other, but different
characteristics from items elsewhere in the population. Although in some circumstances it may be an
appropriate audit procedure to examine a block of items, it would rarely be an appropriate sample
selection technique when the auditor intends to draw valid inferences about the entire population
based on the sample.

Characteristic of Interest

The characteristic of interest depends on the type of test that will be performed on the sample selected.

9|AMST, CPA
 AUDITING THEORY
Notes to Remember
AIR 2015

Test of controls – the characteristic of interest is the deviation or occurrence rate, which is the number of times a
deviation from the prescribed internal control occurs in the sample.

Substantive testing – the characteristic of interest is the monetary amount of misstatement in an account balance.

Types of Sampling Plans

Attributes sampling – a statistical sampling plan used in test of controls. This is appropriate: 1) When the
auditor wishes to estimate the true but unknown population deviation rate; 2) If the expected deviation
rate is high based on prior experience.

Variables sampling – a sampling plan used in substantive testing to estimate the total peso amount (or possibly
units) of a population or the peso amount of an error in a population.

Attribute Sampling Plan

1) Determine the objective(s) of the tests

2) Define the attribute (characteristic of a control) and deviation (absence of an attribute) conditions
3) Define the population
4) Determine the method of sample selection
5) Determine sample size
6) Perform the sampling plan
7) Evaluate sample results
8) Document the sampling plan, the procedures performed, and the conclusions reached
Other Sampling Techniques for Test of Controls
Sequential (Stop-or-Go) sampling
Audit sampling can be accomplished with either a fixed or sequential sampling plan.
1) Fixed sampling plan – the auditor tests a single plan, such as attribute estimation.
2) Sequential sampling plan – the sampling is performed in several steps. Following each step, the
auditor decides whether to stop testing or to go on to the next step.
Sequential sampling plan can be used as an alternative to attribute estimation when an auditor expects zero or
very few deviations within an audit population.

Discovery sampling- Discovery sampling plan may be appropriate when:

1) the audit objective is to observe at least one deviation at a specified critical rate;
2) the expected population deviation rate is near zero; and
3) the auditor desires a specified probability of observing at least one deviation of the actual
population rate exceeds the critical rate (this is comparable to the tolerable rate in attribute estimation
and sequential sampling).
Variables Sampling Plan

1) Determine the objective(s) of the tests

2) Define the population
3) Choose an audit sampling approach/technique
4) Determine sample size
5) Determine the method of sample selection
6) Perform the sampling plan
7) Evaluate sample results
8) Document the sampling plan, the procedures performed, and the conclusions reached Sampling techniques

Probability-proportional-to-size (PPS) sampling

PPS sampling is a sampling technique that uses attribute sampling theory to evaluate the results when a large
number of transactions are captured within a single account. In PPS sampling, the auditor randomly selects
individual pesos from a population and then audits the balances, transactions, or documents – called logical units –
that include the pesos selected. Each peso in the population has an equal chance of being selected, but the
likelihood of selecting any one logical unit for testing is directly proportional to its size.

10 | A M S T , C P A
 AUDITING THEORY
Notes to Remember
AIR 2015
PPS sampling is most appropriate when:
1) no errors are expected (although it is also appropriate when one or few errors are expected); and
2) testing for overstatement (normally for assets and income).

Classical variables sampling

Classical variables sampling relies on normal distribution theory to evaluate audit samples. These may be
appropriate when the audit objective is to estimate the true but unknown monetary balance. The three commonly
used classical variables sampling techniques are:

1) Ratio estimation – uses the ratio of audited amounts to recorded amounts in the sample to estimate the total
peso amount of the population (also called point estimate) and an allowance for sampling risk. Where: SAV =
sample audited value; SBV = sample recorded book value; PBV = population book value; and EPAV =
estimated population audited value, the formula is: SAV/SBV x PBV = EPAV +(-) sampling risk

The use of ratio estimation is appropriate when the misstatement in an account is directly proportional to its
book value.

2) Difference estimation – uses the average difference between audited amounts and individual recorded
amounts in the sample to estimate the total audited amount of the population and an allowance for sampling
risk. Where: SAV = sample audited value; SBV = sample recorded book value; SS = sample size; and P =
number of items in population, the formula is:
(SAV – SBV)/SS x P = Projected error

The use of difference estimation is more appropriate when the misstatement in an account is not affected by
the book value of the item being examined.

3) Mean-per-unit estimation – projects sample average (mean) to the total population by multiplying the sample
average by the number of items in the population. Using the same legend above, the formula is:
SAV/SS x P = EPAV +(-) sampling risk

The use of mean-per-unit estimation is appropriate when the individual population items do not have recorded
values.

Before applying ratio or difference estimation, the following three conditions must exist:

1) Each population item must have a recorded value (e.g., perpetual rather than periodic, inventory)
2) Total population book value must be known (e.g., a recorded general ledger book value) and must
correspond to the sum of all individual population items.
3) Expected differences between audited and recorded book values must not be too rare.
Factors Influencing Sample Size for Substantive Procedures
The following are factors that the auditor considers when determining the sample size for a substantive procedure.
These factors need to be considered together.

EFFECT ON
FACTOR SAMPLE SIZE

An increase in the auditor’s assessment of inherent risk Increase

An increase in the auditor’s assessment of control risk (or a decrease in reliance on Increase
internal controls)

An increase in the use of other substantive procedures directed at the same

financial statement assertion Decrease

An increase in the auditor’s required confidence level (or conversely, a

decrease in the risk that the auditor will conclude that a material error does
not exist, when in fact it does exist – risk of incorrect acceptance) Increase

11 | A M S T , C P A
 AUDITING THEORY
Notes to Remember
AIR 2015
An increase in the total error that the auditor is willing to accept (tolerable error)
Decrease
An increase in the amount of error the auditor expects to find in the population
(expected error) Increase

Stratification of the population when appropriate Decrease

The number of sampling units in the population Negligible Effect

AUDIT PROCEDURES
RISK ASSESSMENT PROCEDURES- Obtain an understanding of the entity and its environment, including its
internal control, to assess the risks of material misstatement at the financial statement and assertion
levels.
TESTS OF CONTROLS- When necessary or when the auditor has determined to do so, test the operating
effectiveness of controls in preventing, or detecting and correcting, material misstatements at the
assertion level.
SUBSTANTIVE PROCEDURES- detect material misstatements at the assertion level. These include
substantive analytical review procedures and tests of details.
Individual Audit Level: The auditor should implement those quality control procedures which are, in the context
of the policies and procedures of the firm, appropriate to the individual audit.

Direction: Direction involves informing assistants of their responsibilities and the objectives of the
procedures they are to perform. It also involves informing them of matters, such as the nature of the
entity’s business and possible accounting or auditing problems that may affect the nature, timing and
extent of audit procedures with which they are involved
Supervision: Supervision is closely related to both direction and review and may involve elements of
both. Personnel carrying out supervisory responsibilities perform the following functions during the
audit:
 monitor the progress of the audit to consider whether (1) assistants have the necessary skills
and competence to carry out their assigned tasks; (2) assistants understand the audit directions;
and (3) the work is being carried out in accordance with the overall audit plan and the audit
program
 become informed of and address significant accounting and auditing questions raised during the
audit
 resolve any differences of professional judgment between personnel and consider the level of
consultation that is appropriate
Review: The work performed by each assistant needs to be reviewed by personnel of least equal
competence.

GENERALLY ACCEPTED AUDITING STANDARDS

General standards
1. The examination is to be performed by a person or persons having adequate technical training and proficiency
as an auditor.
2. In all matters relating to the assignment, an independence in mental attitude is to be maintained by the
auditor or auditors.
3. Due professional care is to be exercised in the performance of the examination and the preparation of the
report.
Standards of Fieldwork
1. The work is to be adequately planned, and assistants, if any, are to be properly supervised.
2. There is to be a proper study and evaluation of the existing internal control as a basis for reliance thereon and
for the determination of the resultant extent of the tests to which auditing procedures are to be restricted.
3. Sufficient, competent evidential matter is to be obtained through inspection, observation, inquiries, and
confirmations to afford a reasonable basis for an opinion regarding the financial statements under
examination.
Standards of Reporting
1. The report shall state whether the financial statements are presented in accordance with generally accepted
principles of accounting.
2. The report shall identify those circumstances in which principles have not been consistently observed in the
current period in relation to the preceding period.
3. Informative disclosures are to be regarded as reasonably adequate unless otherwise stated in the report.

12 | A M S T , C P A
 AUDITING THEORY
Notes to Remember
AIR 2015
The report shall either contain an expression of opinion regarding the financial statements, taken as a whole,
or an assertion to the effect that an opinion cannot be expressed. When an overall opinion cannot be
expressed, the reasons therefor should be stated. In all cases where an auditor’s name is associated with
financial statements, the report should contain a clear-cut indication of the character of the auditor’s
examination, if any, and the degree of responsibility the auditor is taking.
PSA 210 - Terms of Audit Engagements
The auditor and the client should agree on the terms of the engagement. The agreed terms would need to be
recorded in an audit engagement letter or other suitable form of contract. It is in the interest of both client and
auditor that the auditor sends an engagement letter, preferably before the commencement of the engagement, to
help in avoiding misunderstandings with respect to the engagement.
The engagement letter documents and confirms:
 the auditor’s acceptance of the appointment;
 the objective and scope of the audit;
 the extent of the auditor’s responsibilities to the client; and
 the form of any reports.
Principal Contents
The form and content of audit engagement letters may vary for each client, but they would generally include
reference to:
 The objective of the audit of financial statements.
 Management’s responsibility for the financial statements.
 The scope of the audit, including reference to applicable legislation, regulations, or pronouncements of
professional bodies to which the auditor adheres.
 The form of any reports or other communication of results of the engagement.
 The fact that because of the test nature and other inherent limitations of an audit, together with the
inherent limitations of any accounting and internal control system, there is an unavoidable risk that
even some material misstatement may remain undiscovered.
 Unrestricted access to whatever records, documentation and other information requested in
connection with the audit.
The auditor may also wish to include in the letter:
 Arrangements regarding the planning of the audit.
 Expectation of receiving from management written confirmation concerning representations made in
connection with the audit.
 Request for the client to confirm the terms of the engagement by acknowledging receipt of the
engagement letter.
 Description of any other letters or reports the auditor expects to issue to the client.
 Basis on which fees are computed and any billing arrangements.
When relevant, the following points could also be made:
 Arrangements concerning the involvement of other auditors and experts in some aspects of the
audit.
 Arrangements concerning the involvement of internal auditors and other client staff.
 Arrangements to be made with the predecessor auditor, if any, in the case of an initial audit.
 Any restriction of the auditor’s liability when such possibility exists.
 A reference to any further agreements between the auditor and the client.
Audits of Components
When the auditor of a parent entity is also the auditor of its subsidiary, branch or division (component), the factors
that influence the decision whether to send a separate engagement letter to the component include:

• Who appoints the auditor of the component.

• Whether a separate audit report is to be issued on the component.
• Legal requirements.
• The extent of any work performed by other auditors.
• Degree of ownership by parent.
• Degree of independence of the component’s management.
Recurring Audits
On recurring audits, the auditor should consider whether circumstances require the terms of the engagement to
be revised and whether there is a need to remind the client of the existing terms of the engagement.
The auditor may decide not to send a new engagement letter each period. However, the following factors may
make it appropriate to send a new letter:

13 | A M S T , C P A
 AUDITING THEORY
Notes to Remember
AIR 2015
• Any indication that the client misunderstands the objective and scope of the audit.
• Any revised or special terms of the engagement.
• A recent change of senior management, board of directors or ownership.
• A significant change in nature or size of the client’s business.
• Legal requirements.
Acceptance of a Change in Engagement
A request from the client for the auditor to change the engagement may result from:
1. a change in circumstances affecting the need for the service;
2. a misunderstanding as to the nature of an audit or related service originally requested; or
3. a restriction on the scope of the engagement, whether imposed by management or caused by
circumstances.
Items 1 and 2 would ordinarily be considered a reasonable basis for requesting a change in the engagement. In
contrast a change would not be considered reasonable if it appeared that the change relates to information that is
incorrect, incomplete or otherwise unsatisfactory.
If the auditor agreed to a change of the engagement:
• the auditor and the client should agree on the new terms;
• the report issued would be that appropriate for the revised terms of engagement; and
• in order to avoid confusing the reader, the report would not include reference to: (a) The original
engagement; or
(b) Any procedures that may have been performed in the original engagement, except where the
engagement is changed to an engagement to undertake agreed-upon procedures and thus
reference to the procedures performed is a normal part of the report.

If the auditor is unable to agree to a change of engagement and is not permitted to continue the original
agreement:

• the auditor should withdraw; and

• consider whether there is any obligation, either contractual or otherwise, to report to other parties,
such as the board of directors or shareholders, the circumstances necessitating the withdrawal.
Appointment of the Independent Auditor
Early appointment of the independent auditor has many advantages to both the auditor and his client. Early
appointment enables the auditor to plan his work so that it may be done expeditiously and to determine the
extent to which it can be done before the balance sheet date.
Although early appointment is preferable, an independent auditor may accept an engagement near or after the
close of the fiscal year. In such instances, before accepting the engagement, he should ascertain whether
circumstances are likely to permit an adequate audit and expression of an unqualified opinion and, if they will not,
he should discuss with the client the possible necessity for a qualified opinion or disclaimer of opinion.
PSA 300 - Planning
The first standard of fieldwork (performance standards) states that:

”The work is to be adequately planned and assistants, if any, are to be properly supervised.”
The auditor should plan the audit work so that the audit will be performed in an effective manner.
“Planning” means developing a general strategy and a detailed approach for the expected nature, timing and
extent of the audit. The auditor plans to perform the audit in an efficient and timely manner.
Importance of Adequate Planning
Adequate planning of the audit work helps to ensure that:
1) Appropriate attention is devoted to important areas of the audit; 2)
Potential problems are identified; and 3) The work is completed
expeditiously.
Planning also assists in proper:
1) Assignment of work to assistants; and
2) Coordination of work done by other auditors and experts.
Extent of Planning
The extent of planning will vary according to the following:
1) Size of the entity;
2) Complexity of the audit; and
3) Auditor’s experience with the entity and knowledge of the business.
The Overall Audit Plan

14 | A M S T , C P A
 AUDITING THEORY
Notes to Remember
AIR 2015
The auditor should develop and document an overall audit plan describing the expected scope and conduct of the
audit.
While the record of the overall audit plan will need to be sufficiently detailed to guide the development of the
audit program, its precise form and content will vary depending on the following:
1) Size of the entity;
2) Complexity of the audit; and
3) Specific methodology and technology used by the auditor.
Matters to be considered by the auditor in developing the overall audit plan include:
Knowledge of the Business
• General economic factors and industry conditions affecting the entity’s business.
• Important characteristics of the entity, its business, its financial performance and its reporting requirements
including changes since the date of the prior audit.
• The general level of competence of management.
Understanding the Accounting and Internal Control Systems
• The accounting policies adopted by the entity and changes in those policies.
• The effect of new accounting or auditing pronouncements.
• The auditor’s cumulative knowledge of the accounting and internal control systems and the relative
emphasis expected to be placed on tests of control and substantive procedures.
Risk and Materiality
• The expected assessments of inherent and control risks and the identification of significant audit areas.
• The setting of materiality levels for audit purposes.
• The possibility of material misstatement, including the experience of past periods, or fraud.
• The identification of complex accounting areas including those involving accounting estimates.

Nature, Timing and Extent of Procedures

• Possible change of emphasis on specific audit areas.
• The effect of information technology on the audit.
• The work of internal auditing and its expected effect on external audit procedures.
Coordination, Direction, Supervision and Review
• The involvement of other auditors in the audit of components, for example, subsidiaries, branches and
divisions.
• The involvement of experts.
• The number of locations.
• Staffing requirements.
Other Matters
• The possibility that the going concern assumption may be subject to question.
• Conditions requiring special attention, such as the existence of related parties.
• The terms of the engagement and any statutory responsibilities.
• The nature and timing of reports or other communication with the entity that are expected under the
engagement.
The Audit Program
The auditor should develop and document an audit program setting out the nature, timing and extent of planned
audit procedures required to implement the overall audit plan.
The audit program serves as a:
1) Set of instructions to assistants involved in the audit; and
2) Means to control and record the proper execution of the work.
The audit program also contains:
1) The audit objectives for each area; and
2) A time budget in which hours are budgeted for the various audit areas or procedures.
In preparing the audit program, the auditor would consider the following:
1) Specific assessments of inherent and control risks and the required level of assurance to be provided by
substantive procedures;
2) Timing of tests of controls and substantive procedures;
3) Coordination of any assistance expected from the entity, the availability of assistants and the involvement
of other auditors or experts; and
4) Other matters considered by the auditor in developing the overall audit plan need to be
considered in more detail during the development of the audit program.

15 | A M S T , C P A
 AUDITING THEORY
Notes to Remember
AIR 2015
Changes to the Overall Audit Plan and Audit Program
The overall audit plan and the audit program should be revised as necessary during the course of the audit.
Planning is continuous throughout the engagement because of changes in conditions or unexpected results of
audit procedures. The reasons for significant changes would be recorded.
PSA 310 - Knowledge of Business
In performing an audit of financial statements, the auditor should have or obtain a knowledge of the business
sufficient to enable the auditor to identify and understand the events, transactions and practices that, in the
auditor’s judgment, may have a significant effect on the financial statements or on the examination or audit
report.
Required Level of Knowledge
The auditor’s level of knowledge for an engagement would include:
• a general knowledge of the economy and the industry within which the entity operates, and
• a more particular knowledge of how the entity operates.
The level of knowledge required by the auditor would, however, ordinarily be less than that possessed by
management.
Obtaining the Knowledge
Prior to accepting an engagement, the auditor would obtain:
• a preliminary knowledge of the industry and of the ownership,
• management and operations of the entity to be audited, and
• would consider whether a level of knowledge of the business adequate to perform the audit can
be obtained.
Following acceptance of the engagement, further and more detailed information would be obtained. To the
extent practicable, the auditor would obtain the required knowledge at the start of the engagement. As the audit
progresses, that information would be assessed and updated and more information would be obtained.
For continuing engagements, the auditor would:
• update and reevaluate information gathered previously, including information in the prior year’s working
papers.
• also perform procedures designed to identify significant changes that have taken place since the
last audit.
The auditor can obtain knowledge of the industry and the entity from a number of sources. For example:
• Previous experience with the entity and its industry.
• Discussion with people with the entity (for example, directors and senior operating personnel).
• Discussion with internal audit personnel and review of internal audit reports.
• Discussion with other auditors and with legal and other advisors who have provided services to the entity
or within the industry.
• Discussion with knowledgeable people outside the entity (for example, industry economists, industry
regulators, customers, suppliers, competitors).
• Publications related to the industry (for example, government statistics, surveys, texts, trade journals,
reports prepared by banks and securities dealers, financial newspapers).
• Legislation and regulations that significantly affect the entity.
• Visits to the entity’s premises and plant facilities.
• Documents produced by the entity (for example, minutes of meetings, material sent to
shareholders or filed with regulatory authorities, promotional literature, prior years’ annual and financial
reports, budgets, internal management reports, interim financial reports, management policy manual,
manuals of accounting and internal control systems, chart of accounts, job descriptions, marketing and
sales plans).
Using the Knowledge
A knowledge of the business is a frame of reference within which the auditor exercises professional judgment.
Understanding the business and using this information appropriately assists the auditor in:

• Assessing risks and identifying problems.

• Planning and performing the audit effectively and efficiently.
• Evaluating audit evidence.
• Providing better service to the client.
The auditor makes judgments about many matters throughout the course of the audit where knowledge of the
business is important. For example:
• Assessing inherent risk and control risk.
• Considering business risks and management’s response thereto.
• Developing the overall audit plan and the audit program.

16 | A M S T , C P A
 AUDITING THEORY
Notes to Remember
AIR 2015
• Determining a materiality level and assessing whether the materiality level chosen remains appropriate.
• Assessing audit evidence to establish its appropriateness and the validity of the related financial
statement assertions.
• Evaluating accounting estimates and management representations.
• Identifying areas where special audit consideration and skills may be necessary.
• Identifying related parties and related party transactions.
• Recognizing conflicting information (for example, contradictory representations).
• Recognizing unusual circumstances (for example, fraud and noncompliance with laws and regulations,
unexpected relationships of statistical operating data with reported financial results).
• Making informed inquiries and assessing the reasonableness of answers.
• Considering the appropriateness of accounting policies and financial statement disclosures.
The auditor should ensure that assistants assigned to an audit engagement obtain sufficient knowledge of the
business to enable them to carry out the audit work delegated to them.
To make effective use of knowledge about the business, the auditor should consider how it affects the financial
statements taken as a whole and whether the assertions in the financial statements are consistent with the
auditor’s knowledge of the business.
PSA 320 – Audit Materiality
The auditor should consider materiality and its relationship with audit risk when conducting an audit.
“Information is material if its omission or misstatement could influence the economic decisions of users taken on
the basis of the financial statements. Materiality depends on the size of the item or error judged in the particular
circumstances of its omission or misstatement. Thus, materiality provides a threshold or cut-off point rather than
being a primary qualitative characteristic which information must have if it is to be useful.”

The auditor considers materiality at both the overall financial statement level and in relation to individual account
balances, classes of transactions and disclosures.

Materiality should be considered by the auditor when:

(a) determining the nature, timing and extent of audit procedures; and (b)
evaluating the effect of misstatements.

The Relationship Between Materiality and Audit Risk

There is an inverse relationship between materiality and the level of audit risk, that is, the higher the materiality
level, the lower the audit risk and vice versa.
Materiality and Audit Risk in Evaluating Audit Evidence

The auditor's assessment of materiality and audit risk may be different at the time of initially planning the
engagement from at the time of evaluating the results of audit procedures. This could be because of:
• a change in circumstances; or
• because of a change in the auditor's knowledge as a result of the audit.
Evaluating the Effect of Misstatements
In evaluating the fair presentation of the financial statements the auditor should assess whether the aggregate of
uncorrected misstatements that have been identified during the audit is material.
The aggregate of uncorrected misstatements comprises:
(a) specific misstatements identified by the auditor including the net effect of uncorrected misstatements
identified during the audit of previous periods; and
(b) the auditor's best estimate of other misstatements which cannot be specifically identified (i.e.,
projected errors).
If the auditor concludes that the misstatements may be material the auditor needs to:
• consider reducing audit risk by extending audit procedures; or
• requesting management to adjust the financial statements.
If management refuses to adjust the financial statements and the results of extended audit procedures do not
enable the auditor to conclude that the aggregate of uncorrected misstatements is not material, the auditor
should consider the appropriate modification to the auditor’s report in accordance with PSA 700 “The Auditor’s
Report on Financial Statements.”
The auditor should obtain an understanding of the accounting and internal control systems sufficient to plan the
audit and develop an effective audit approach.
~STUDY WELL~

17 | A M S T , C P A