Auditing
"Auditing is the bread and butter of the CPA profession! This subject covers Philippine Standards on Auditing (PSA), audit procedures, evidence gathering, and expressing opinions on financial statements. Master these concepts and you'll be ready to provide assurance like a pro, future CPA!"
1. Introduction to Auditing 🔍
Auditing is the systematic examination of financial statements to express an opinion on whether they present fairly in accordance with the applicable financial reporting framework (PFRS/PAS).
A. Types of Audit Engagements
| Type | Objective | Assurance Level | Report |
|---|---|---|---|
| Audit of FS | Express opinion on FS fairness | Reasonable (High) | Positive form |
| Review Engagement | State whether anything came to attention | Limited (Moderate) | Negative form |
| Agreed-Upon Procedures | Report factual findings | None | Findings only |
| Compilation | Assist in preparing FS | None | No assurance |
B. General Principles & Responsibilities
PSA 200 - Overall Objectives of Independent Auditor:
- Obtain reasonable assurance about whether FS are free from material misstatement
- Express an opinion on FS in accordance with applicable standards
- Communicate as required by PSAs
2. Audit Risk Model 🎯
Understanding audit risk is CRITICAL for the board exam! This determines your audit approach.
AR = IR × CR × DR
Audit Risk = Inherent Risk × Control Risk × Detection Risk
| Risk Component | Definition | Controlled By | Examples |
|---|---|---|---|
| Inherent Risk (IR) | Susceptibility of an assertion to material misstatement BEFORE controls | Client/Nature of business | Complex transactions, estimates, cash handling |
| Control Risk (CR) | Risk that internal control will NOT prevent or detect misstatements | Client's internal control | Weak segregation, override by management |
| Detection Risk (DR) | Risk that audit procedures will NOT detect material misstatements | AUDITOR (only controllable!) | Inadequate sample size, wrong procedures |
💡 BOARD EXAM TIP - Inverse Relationship:
Higher RMM (IR × CR) = Lower DR required = MORE audit work needed
Lower RMM (IR × CR) = Higher DR acceptable = LESS audit work needed
Risk of Material Misstatement (RMM)
RMM = IR × CR
This is assessed by the auditor at both:
- Financial statement level - Overall (affects many assertions)
- Assertion level - Specific to account balances, classes of transactions, disclosures
3. Types of Audit Opinions 📝
The audit report is the final output of an audit engagement. Know these opinion types inside out!
| Opinion Type | When Issued | Key Phrase | Material + Pervasive? |
|---|---|---|---|
| Unmodified (Clean) | FS present fairly in all material respects | "present fairly" | No material misstatement |
| Qualified | Misstatement OR inability to obtain evidence that is material but NOT pervasive | "except for" | Material but NOT pervasive |
| Adverse | Misstatements are both material AND pervasive | "do not present fairly" | Material AND pervasive |
| Disclaimer | Unable to obtain sufficient appropriate evidence AND effects are material and pervasive | "do not express an opinion" | Material AND pervasive (scope limitation) |
📊 Opinion Decision Tree:
1. Is there a misstatement or scope limitation? → No = UNMODIFIED
2. Is it material? → No = UNMODIFIED
3. Is it pervasive? → No = QUALIFIED
4. If pervasive AND misstatement = ADVERSE
5. If pervasive AND scope limitation = DISCLAIMER
Emphasis of Matter vs Other Matter Paragraphs
Emphasis of Matter (EOM)
- Matter disclosed in FS
- Fundamental to users' understanding
- Examples: Going concern, significant uncertainty
Other Matter (OM)
- Matter NOT disclosed in FS
- Relevant to understanding the audit
- Examples: Prior period FS audited by another auditor
4. Internal Control (COSO Framework) 🏛️
The COSO Internal Control Framework is essential for understanding and evaluating client controls:
| Component | Description | Key Elements |
|---|---|---|
| 1. Control Environment | "Tone at the top" - foundation for all components | Integrity, ethics, competence, management philosophy, HR policies |
| 2. Risk Assessment | Identifying and analyzing risks to objectives | Risk identification, analysis, response to change |
| 3. Control Activities | Policies and procedures addressing risks | Authorization, segregation of duties, reconciliations, physical controls, IT controls |
| 4. Information & Communication | Identifying, capturing, and exchanging information | Accounting system, communication channels |
| 5. Monitoring Activities | Ongoing and periodic evaluation of controls | Internal audit, management reviews, self-assessments |
⚠️ Memorization Tip - CRIME:
- Control Environment
- Risk Assessment
- Information & Communication
- Monitoring Activities
- Control ActivitiEs (or just remember "E" for Everything else)
Limitations of Internal Control
- Management override (most significant!)
- Collusion among employees
- Human error or judgment
- Cost-benefit constraints
5. Audit Evidence & Procedures 📋
Sufficient appropriate audit evidence is the foundation of the audit opinion:
A. Characteristics of Audit Evidence
Sufficiency (Quantity)
The measure of QUANTITY of audit evidence. Affected by:
- Risk of material misstatement (higher risk = more evidence)
- Quality of evidence obtained
Appropriateness (Quality)
The measure of QUALITY of audit evidence:
- Relevance - Related to the assertion being tested
- Reliability - Trustworthiness of evidence
B. Reliability of Audit Evidence (Hierarchy)
| MORE Reliable | LESS Reliable |
|---|---|
| External sources (independent 3rd party) | Internal sources (client-prepared) |
| Documentary evidence | Oral evidence |
| Original documents | Copies/photocopies |
| Directly obtained by auditor | Indirectly obtained |
| Strong internal control environment | Weak internal control environment |
C. Audit Procedures (Types)
| Procedure | Description | Examples |
|---|---|---|
| Inspection | Examining records, documents, or physical assets | Examining invoices, counting inventory |
| Observation | Watching a process or procedure | Observing inventory count, cash receipts |
| Inquiry | Seeking information from knowledgeable persons | Asking management about accounting policies |
| Confirmation | Obtaining written response from 3rd party | Bank confirmations, AR confirmations |
| Recalculation | Checking mathematical accuracy | Recomputing depreciation, payroll |
| Reperformance | Independently executing procedures/controls | Re-performing bank reconciliation |
| Analytical Procedures | Evaluating through analysis of relationships | Ratio analysis, trend analysis, reasonableness tests |
6. Management Assertions 📊
Assertions are representations by management that are embodied in the financial statements:
| Category | Assertion | Meaning | Key Audit Concern |
|---|---|---|---|
| Classes of Transactions & Events | Occurrence | Transactions actually happened | OVERSTATEMENT (fictitious) |
| Completeness | All transactions are recorded | UNDERSTATEMENT (omissions) | |
| Accuracy | Amounts are properly recorded | Wrong amounts | |
| Cutoff | Recorded in correct period | Wrong period | |
| Classification | Recorded in proper accounts | Wrong account | |
| Account Balances | Existence | Assets/liabilities exist | OVERSTATEMENT |
| Rights & Obligations | Entity owns/owes the items | Ownership/liability issues | |
| Completeness | All assets/liabilities recorded | UNDERSTATEMENT | |
| Valuation & Allocation | Proper amounts, adjustments | Improper valuation |
💡 BOARD EXAM TIP:
Existence/Occurrence = Test for OVERSTATEMENT (trace FROM books TO source documents)
Completeness = Test for UNDERSTATEMENT (trace FROM source documents TO books)
7. Practice Questions - Test Yourself! 📝
Auditing Practice Problems (Click to expand)
1. Which component of audit risk is CONTROLLABLE by the auditor?
A) Inherent Risk
B) Control Risk
C) Detection Risk
D) Business Risk
Answer: C - Detection Risk is the only component controllable by the auditor through the nature, timing, and extent of audit procedures.
2. When misstatements are material AND pervasive, the auditor should issue a:
A) Qualified opinion
B) Adverse opinion
C) Disclaimer of opinion
D) Unmodified opinion with EOM
Answer: B - Adverse opinion is issued when misstatements are both material and pervasive.
3. Which is NOT a component of the COSO Internal Control Framework?
A) Control Environment
B) Audit Procedures
C) Risk Assessment
D) Monitoring Activities
Answer: B - Audit Procedures is not a COSO component. The 5 components are: Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring Activities.
4. To test for UNDERSTATEMENT of liabilities, the auditor should:
A) Trace from liability records to source documents
B) Trace from source documents to liability records
C) Confirm balances with management
D) Recalculate depreciation
Answer: B - To test completeness (understatement), trace FROM source documents TO the accounting records to check if all items are recorded.
5. Which type of evidence is MOST reliable?
A) Inquiry of management
B) External confirmation from bank
C) Copy of sales invoice
D) Analysis prepared by client
Answer: B - External confirmation from independent third party (bank) is more reliable than client-prepared documents or oral evidence.
6. The "tone at the top" relates to which COSO component?
A) Risk Assessment
B) Control Environment
C) Control Activities
D) Monitoring
Answer: B - Control Environment sets the "tone at the top" and is the foundation for all other components.
🎯 Auditing Board Exam Tips!
- Master the Audit Risk Model - AR = IR × CR × DR
- Know when to issue each type of opinion - material vs pervasive!
- Understand COSO Framework - memorize all 5 components
- Remember the evidence hierarchy - external > internal, original > copy
- Learn audit procedures - inspection, observation, inquiry, confirmation, recalculation, reperformance, analytical
- Know management assertions - existence/occurrence (overstatement) vs completeness (understatement)
Auditing is about professional skepticism - question everything! Kaya mo yan, future CPA! 💪
Test Your Knowledge! 🧠
Ready ka na ba? Take the practice quiz for Auditing to reinforce what you just learned.
Start Practice Quiz 📝