GOVERNANCE, BUSINESS ETHICS, RISK MANAGEMENT AND INTERNAL CONTROL

MIDTERMS REVIEWER

UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ITS INTERNAL CONTROL

ACCOUNTING ENTITY (DEFINITION)

● An entity is an organizational structure that has its own goals, processes, and records.
● Separate and distinct from its owners.
● Fictitious person (only exist in paper)
● Examples: partnerships and corporations

ACCOUNTING / BUSINESS ENTITY CONCEPT

● The business entity concept states that the transactions associated with a business must
be separately recorded from those of its owners or other businesses. Doing so requires
the use of separate accounting records for the organization that completely exclude the
assets and liabilities of any other entity or the owner.

PSA 315 (REDRAFTED) REQUIREMENTS:

The standard presents an overview of the requirements such as:
● Risk assessment procedures and sources of information about the entity and its
environment, including its internal control
● Understanding the entity and its environment, including its internal control
● Identifying and assessing the risks of material misstatements
● Material weakness in internal control
● Documentation

REQUIRED UNDERSTANDING OF THE ENTITY AND ITS ENVIRONMENT, INCLUDING ITS

INTERNAL CONTROL
The auditor shall obtain an understanding of the following:
● Relevant industry, regulatory, and other external factors including the applicable financial
reporting framework
● The nature of the entity
● The entity’s selection and application of accounting policies, including the reasons for
changes thereto
● The entity’s objectives and strategies, and those related business risks that may result in
risks to material misstatement
● The measurement and review of the entity’s financial performance
● Internal control

SOURCES OF INFORMATION
● The auditor can obtain knowledge of the industry and the entity from a number of
sources. These may include:
● Review of prior years’ working papers
● Tour of client’s facilities
 ● Discussion with people within and outside the entity
● Reading books, periodicals, and other publications related to the client’s entity
● Reading corporate documents and financial reports

UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT, INCLUDING ITS INTERNAL

CONTROL
● Obtaining an understanding of the entity and its environment is an essential aspect of
performing an audit in accordance with PSAs. In particular, that understanding
establishes a frame of reference within which the auditor plans the audit and exercises
professional judgment about assessing risks of material misstatement of the financial
statements and responding to those risks throughout the audit
● Auditors use professional judgment to determine the extent of the understanding
required of the entity and its environment, including its internal control

UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT (RELEVANCE)

● Establishing materiality and its appropriateness
● Considering the appropriateness of the selection and application of accounting policies,
and the adequacy of financial statement disclosures
● Identifying areas where special audit consideration may be necessary
● Developing expectations for use when performing analytical procedures
● Designing and performing further audit procedures to reduce audit risk to an acceptably
low level
● Evaluating the sufficiency and appropriateness of audit evidence obtained

USES OF INFORMATION OBTAINED

Understanding the business and using this information appropriately assists the auditor in:
● Assessing the risks and identifying potential problems
● Planning and performing the audit effectively and efficiently
● Evaluating audit evidence as well as the reasonableness of client’s representations and
estimates
● Providing better service to the client
● The auditor should consider how the information affects the financial statements and
whether the assertions in the financial statements are consistent
● It is a continuous and cumulative process
- For continuing engagement, it should be updated and reevaluated
- For first-time audits, they require more work than repeat engagements

THE ENTITY AND ITS ENVIRONMENT (INDUSTRY FACTOR)

● Industry factors include those affecting the economic sector in which the company
operates
● Includes study of competitive environment, supplier and customer relationships, and
technological developments
● The more competitive the industry is, the more materially misstated the financial
statement can be
 ● Auditor should consider the specific risk unique to the industry
Examples of matters the auditor may consider include:
● The market and competition, including demand, capacity, and price competition.
● Cyclical or seasonal activity.
● Product technology relating to the entity’s products.
● Energy supply and cost.
● Government regulations
● Financial trends
● Economic conditions
Concerning the overall attractiveness of the industry, auditors consider such factors as:
● Barriers to entry
● Strength of competitors
● Bargaining power of suppliers of raw materials and labor
● Bargaining power of customers

THE ENTITY AND ITS ENVIRONMENT (REGULATORY FACTOR)

● Relevant regulatory factors include the regulatory environment. The regulatory
environment encompasses, among other matters, the applicable financial reporting
framework and the legal and political environment.
● Regulatory Factors depend on the federal or state laws as laid down by different
governments for the company or the industry
● This determines the applicable financial reporting framework to be used by management
in preparing the entity’s financial statements.
● The entity can follow the financial reporting framework set by the jurisdiction to which
they are registered
● If no framework is set, the entity can follow the local practice, industry practice, user
needs, or other factors
Regulatory factors include:
● Financial reporting principles and accounting rules
● Industry-specific regulatory framework
● Taxation policies
● Macroeconomic and foreign policies
● Environmental regulations
Examples of matters that auditors may consider:
● Accounting principles and industry specific practices
● Regulatory framework for a regulated industry
● Legislation and regulation that significantly affect the entity’s operations
● Taxation (corporate and other)
● Government policies currently affecting the conduct of the entity’s business
● Environmental requirements affecting the industry and the entity’s business
According to PSA 250, the auditor shall obtain a general understanding of:
● The legal and regulatory framework applicable to the entity and the industry or sector in
which the entity operates
● How the entity is complying with that framework
What can the auditor do to obtain such information?
● Inquiry of management
1. Philippine Financial Reporting Standards (PFRS)
2. Philippine Accounting Standards
*to govern the preparation of financial statements

THE ENTITY AND ITS ENVIRONMENT (OTHER FACTORS)

Other external factors currently affecting the entity’s business:
● General level of economic activity (recession, growth)
● Interest rates and availability of financing
● Inflation, currency revaluation

NATURE OF THE ENTITY

● An understanding of the nature of an entity enables the auditor to understand the
classes of transactions, account balances, and disclosures to be expected in the
financial statements.
- “What is the client’s business model?”
- “Who are its major customers and suppliers?”
- “What types of transactions does the client engage in?”
- “How are they accounted for?”
● The auditor’s understanding of the nature of the client will include the client’s competitive
position, organizational structure, governance processes, accounting policies and
procedures, ownership, capital structure, and product lines.
● For example, if the client is a manufacturing entity, the following information are usually
asked by the auditor:
- The processes used to procure, store, and manage raw materials
- The processes used to machine, assemble, package and test products
- The processes used to create demand for products and services and to manage
relations with customers
- The processes used to take orders and deliver goods

ENTITY’S SELECTION AND APPLICATION OF ACCOUNTING POLICIES

● ACCOUNTING POLICIES
- Accounting policies are the specific procedures implemented by a company's
management team that are used to prepare its financial statements. These
include any accounting methods, measurement systems, and procedures for
presenting disclosures. Accounting policies differ from accounting principles in
that the principles are the accounting rules, and the policies are a company's way
of adhering to those rules.
● ACCOUNTING POLICIES examples:
- Valuation of inventory
- Valuation of investments
- Valuation of fixed assets
- Depreciation methods
 - Costs of R&D
- Translation of foreign currency
● ACCOUNTING PRINCIPLES are the standardized set of rules governed by a governing
body
● ACCOUNTING POLICIES are the methods or guidelines injected by the management to
its operation to adhere to the rules set by governing body and generate financial
statement
● The auditor should obtain an understanding of the entity’s selection and application of
accounting policies and consider whether they are appropriate for its business and
consistent with the applicable financial reporting framework and accounting policies used
in the relevant industry.
● The auditor also identifies financial reporting standards and regulations that are new to
the entity and considers when and how the entity will adopt such requirements.
● The presentation of financial statements in conformity with the applicable financial
reporting framework includes adequate disclosure of material matters
● The auditor considers whether the entity has disclosed a particular matter appropriately
in light of the circumstances and facts of which the auditor is aware at the time
Examples of matters that auditors usually consider
● Business Operations, such as:
- Nature of revenue sources, products or services, and markets, including
involvement in electronic commerce such as Internet sales and marketing
activities.
- Conduct of operations
- Alliances, joint ventures, and outsourcing activities.
- Location of production facilities, warehouses, and offices, and location and
quantities of inventories.
- Key customers and important suppliers of goods and services, employment
arrangements.
● Investment and Investment Activities, such as:
- Planned or recently executed acquisitions or divestitures.
- Investments and dispositions of securities and loans.
- Capital investment activities, including investments in plant and equipment and
technology, and any recent or planned changes
- Investments in non-consolidated entities, including partnerships, joint ventures
and special-purpose entities.
● Financing and Financing Activities, such as:
- Major subsidiaries and associated entities, including consolidated and
nonconsolidated structures.
- Debt structure and related terms, including off-balance-sheet financing
arrangements and leasing arrangements.
- Beneficial owners
- Use of derivative financial instruments.
- Leasing of property, plant or equipment for use in the business
- Related parties
 ● Financial Reporting, such as:
- Accounting principles and industry specific practices, including industry specific
significant categories
- Revenue recognition practices.
- Accounting for fair values
- Foreign currency assets, liabilities and transactions.
- Accounting for unusual or complex transactions including those in controversial
or emerging areas
- Financial statement presentation and disclosure
An understanding of the entity’s selection and application of accounting policies may
encompass such matters as:
● The methods the entity uses to account for significant and unusual transactions.
● The effect of significant accounting policies in controversial or emerging areas for which
there is a lack of authoritative guidance or consensus.• Changes in the entity’s
accounting policies.
● Financial reporting standards and laws and regulations that are new to the entity and
when and how the entity will adopt such requirements.

OBJECTIVES AND STRATEGIES AND RELATED BUSINESS RISKS

● Business risks are the UNCERTAINTIES that could potentially expose the business in a
position that will lower the business’ profits or cause it to fail.
● These are just POSSIBILITIES.
● It could be caused by external and internal factors
● The auditor should obtain an understanding of the entity’s objectives and strategies, and
the related business risks that may result in material misstatement of the financial
statements.
● Strategies are the operational approaches by which management intends to achieve its
objectives.
● Business risks result from significant conditions, events, circumstances, actions or
inactions that could adversely affect the entity’s ability to achieve its objectives and
execute its strategies, or through the setting of inappropriate objectives and strategies.
● Business risk particularly may arise from change or complexity, though a failure to
recognize the need for change may also give rise to risk.
● An understanding of business risks increases the likelihood of identifying risks of
material misstatement.
● However, not all business risks give rise to risks of material misstatement. A business
risk may have an immediate consequence for the risk of misstatement for classes of
transactions, account balances, and disclosures at the assertion level or the financial
statements as a whole
● Significant risks that may be identified for a particular client might include risks related to
competition, changes in government regulations, changes in technology, volatility of raw
material prices, interruption of supplies of critical raw materials, changes in major
markets, or increases in interest rates.
 ● An understanding of this process can assist the auditors in identifying significant
business risks and evaluating their audit significance.
Examples of matters to be considered:
● Industry developments
● New products and services
● Expansion of the business
● New accounting requirements
● Regulatory requirements
● Current and prospective financing requirements
● Use of IT

MEASUREMENT AND REVIEW OF THE ENTITY’S FINANCIAL PERFORMANCE

● Performance measurement is the process used to assess the efficiency and
effectiveness of projects, programs and initiatives. It is a systematic approach to
collecting, analyzing and evaluating how “on track” a project/program is to achieve its
desired outcomes, goals and objectives.
● The auditor should obtain an understanding of the measurement and review of the
entity’s financial performance.
● Performance measures, whether external or internal, create pressures on the entity that,
in turn, may motivate management to take action to improve the business performance
or to misstate the financial statements
● Management may use a variety of techniques to measure and review performance, such
as budgets, key performance indicators, variance analysis, and segment performance
reports. Balanced scorecards may have been developed.
● The methods of measuring and reviewing performance are important to the auditors in
determining the incentives of management and other employees because their
compensation is often tied to the measures. These measures could be used by the
auditors to provide evidence about the fairness of the financial statements.
● Internally-generated information used by management for this purpose may include key
performance indicators (financial and non-financial), budgets, variance analysis,
segment information and divisional, departmental or other level performance reports,
and comparisons of an entity’s performance with that of competitors. External parties
may also measure and review the entity’s financial performance
● Performance measures may indicate that the entity has unusually rapid growth or
profitability when compared to that of other entities in the same industry. Such
information, particularly if combined with other factors such as performance-based
bonus or incentive remuneration, may indicate the potential risk of management bias in
the preparation of the financial statements.
● When the auditor intends to make use of the performance measures for the purpose of
the audit (for example, for analytical procedures), the auditor considers whether the
information related to management’s review of the entity’s performance provides a
reliable basis and is sufficiently precise for such a purpose.
● If making use of performance measures, the auditor considers whether they are precise
enough to detect material misstatements
 ● Smaller entities ordinarily do not have formal processes to measure and review the
entity’s financial performance.
Examples of matters that could concern the auditor:
● Key performance indicators (financial and non-financial) and key ratios, trends and
operating statistics.
● Period-on-period financial performance analyses.
● Budgets, forecasts, variance analyses, segment information and divisional, departmental
or other level performance reports.
● Employee performance measures and incentive compensation policies.
● Comparisons of an entity’s performance with that of competitors.

CONSIDERATION OF INTERNAL CONTROLS

INTERNAL CONTROLS (DEFINED)

● PSA 315 DEFINES INTERNAL CONTROL AS THE PROCESS DESIGNED AND
EFFECTED BY THOSE CHARGED WITH GOVERNANCE, MANAGEMENT, AND
OTHER PERSONNEL TO PROVIDE REASONABLE ASSURANCE ABOUT THE
ACHIEVEMENT OF THE ENTITY'S OBJECTIVES WITH REGARD TO RELIABILITY
OF FINANCIAL REPORTING, EFFECTIVENESS AND EFFICIENCY OF OPERATIONS
AND COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS.
● REASONABLE ASSURANCE MEANS A HIGH BUT NOT ABSOLUTE LEVEL OF
ASSURANCE.
- CATEGORIES OF COMPANY OBJECTIVES:
- RELIABILITY OF FINANCIAL REPORTING
- EFFECTIVENESS AND EFFICIENCY OF OPERATIONS
- COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS
● INTERNAL CONTROL SYSTEM MEANS ALL POLICIES AND PROCEDURES
ADOPTED BY THE MANAGEMENT TO ASSIST IN ACHIEVING MANAGEMENT'S
OBJECTIVE OF ENSURING, AS FAR AS PRACTICABLE, THE ORDERLY AND
EFFICIENT CONDUCT OF ITS BUSINESS, INCLUDING ADHERENCE TO
MANAGEMENT POLICIES, THE SAFEGUARDING OF ASSETS, THE PREVENTION
AND DETECTION OF FRAUD AND ERROR, THE ACCURACY OF COMPLETENESS
OF THE ACCOUNTING RECORDS, AND THE TIMELY PREPARATION OF RELIABLE
FINANCIAL INFORMATION.
● INTERNAL CONTROL STRUCTURE VARY SIGNIFICANTLY FROM ONE COMPANY
TO THE NEXT, FACTORS THAT COULD BE THE CAUSE OF DIFFERENTIATIONS:
- SIZE OF THE BUSINESS
- NATURE OF OPERATIONS
- GEOGRAPHICAL DISPERSION OF ITS ACTIVITIES
- OBJECTIVES OF THE ORGANIZATION

INTERNAL CONTROLS (COMPONENTS)

C 1. THE CONTROL ENVIRONMENT
R 2. THE ENTITY'S RISK ASSESSMENT PROCEDURES
I 3. THE INFORMATION SYSTEM, INCLUDING THE RELATED BUSINESS PROCESSES,
RELEVANT TO FINANCIAL REPORTING, AND COMMUNICATION
C 4. CONTROL ACTIVITIES
M 5. MONITORING OF CONTROLS

CONTROL ENVIRONMENT
● THE CONTROL ENVIRONMENT MEANS THE OVERALL ATTITUDE, AWARENESS
AND ACTIONS OF DIRECTORS AND MANAGEMENT REGARDING THE INTERNAL
CONTROL SYSTEM AND ITS IMPORTANCE IN THE ENTITY
● STRONG CONTROL ENVIRONMENT EFFECTIVE INTERNAL CONTROL SYSTEM
● THE ENVIRONMENT IN WHICH INTERNAL CONTROL OPERATES HAS AN IMPACT
ON THE EFFECTIVENESS OF THE SPECIFIC CONTROL PROCEDURES

CONTROL ENVIRONMENT FACTORS

1. COMMUNICATION AND ENFORCEMENT OF INTEGRITY AND ETHICAL VALUES
● AN ENTITY'S ETHICAL AND BEHAVIORAL STANDARDS AND THE MANNER
IN WHICH IT COMMUNICATES AND REINFORCES THEM DETERMINE THE
ENTITY'S INTEGRITY AND ETHICAL BEHAVIOR
● IT INCLUDE MANAGEMENT'S ACTION TO REMOVE OR REDUCE
INCENTIVES AND TEMPTATIONS THAT MIGHT PROMPT PERSONNEL TO
ENGAGE IN DISHONEST, ILLEGAL, OR UNETHICAL ACTS
2. COMMITMENT TO COMPETENCE
● COMPETENCE IS THE KNOWLEDGE AND SKILLS NECESSARY TO
ACCOMPLISH TASK
● MANAGEMENT SHOULD HIRE EMPLOYEES COMPETENT TO PERFORM A
SPECIFIC TASK TO ACHIEVE ITS OBJECTIVES
3. PARTICIPATION BY THOSE CHARGED WITH GOVERNANCE
● THOSE CHARGED WITH GOVERNANCE THE PERSON(5) OR
ORGANIZATION(S) (FOR EXAMPLE, A CORPORATE TRUSTEE) WITH
RESPONSIBILITY FOR OVERSEEING THE STRATEGIC DIRECTION OF THE
ENTITY AND OBLIGATIONS RELATED TO THE ACCOUNTABILITY OF THE
ENTITY, THIS INCLUDES OVERSEEING THE FINANCIAL REPORTING
PROCESS.
● AN ENTITY'S CONTROL CONSCIOUSNESS IS INFLUENCED
SIGNIFICANTLY BY THOSE CHARGED WITH GOVERNANCE
4. MANAGEMENT'S PHILOSOPHY AND OPERATING STYLE
● THIS REFERS TO MANAGEMENT'S ATTITUDE TOWARDS (A) BUSINESS
RISK (8) FINANCIAL REPORTING, (C) MEETING BUDGET, PROFIT AND
OTHER ESTABLISHED GOALS WHICH ALL HAVE IMPACT ON THE
RELIABILITY OF THE FINANCIAL STATEMENTS
5. ORGANIZATIONAL STRUCTURE
● THE RESPONSIBILITIES AND AUTHORITIES OF VARIOUS PERSONNEL
SHOULD BE DESIGNED TO
- ASSIST THE ENTITY IN MEETING ITS GOALS AND OBJECTIVES
 - ENSURE THAT TRANSACTIONS ARE PROCESSED, RECORDED,
SUMMARIZED, AND REPORTED IN AN ACCURATE AND TIMELY
MANNER
6. ASSIGNMENT OF AUTHORITY AND RESPONSIBILITY
● PERSONNEL SHOULD HAVE A CLEAR UNDERSTANDING OF THEIR
RESPONSIBILITIES AND THE RULES AND REGULATIONS THAT GOVERN
THEIR ACTIONS
● JOB DESCRIPTIONS, COMPUTER SYSTEM DOCUMENTATIONS
7. HUMAN RESOURCES POLICIES AND PROCEDURES
● PERSONNEL POLICIES SHOULD BE ADOPTED BY THE CLIENT TO REASONABLY
ENSURE THAT ONLY CAPABLE AND HONEST PERSONS ARE HIRED AND
RETAINED
● ADEQUATE PERSONNEL POLICIES CAN ENHANCE THE LIKELIHOOD THAT THE
CLIENT'S POLICIES AND PROCEDURES WILL BE FOLLOWED

RISK ASSESSMENT PROCESS

● RISK ASSESSMENT IS THE IDENTIFICATION, ANALYSIS, AND MANAGEMENT OF
RISKS PERTAINING TO THE PREPARATION OF THE FINANCIAL STATEMENTS,
● RISKS RELEVANT TO FINANCIAL REPORTING INCLUDE EXTERNAL AND
INTERNAL EVENTS AND CIRCUMSTANCES THAT COULD ADVERSELY AFFECT
AND ENTITY'S ABILITY TO INITIATE, RECORD, PROCESS, AND REPORT
FINANCIAL DATA CONSISTENT WITH THE ASSERTIONS OF MANAGEMENT IN
THE FINANCIAL STATEMENTS.
● THE FOLLOWING ARE THE COMMON CAUSES WHERE RISK ARISES
- CHANGES IN OPERATING ENVIRONMENT
- NEW PERSONNES
- NEW OR REVAMPED INFORMATION SYSTEMS
- RAPID GROWTH
- NEW TECHNOLOGY
- NEW BUSINESS MODELS PRODUCTS, OR ACTIVITIES
- CORPORATE RESTRUCTURING
- EXPANDED FOREIGN OPERATIONS
- NEW ACCOUNTING PRONOUNCEMENTS

INFORMATION SYSTEM
● AN INFORMATION SYSTEM CONSISTS OF INFRASTRUCTURE (PHYSICAL AND
HARDWARE COMPONENTS), SOFTWARE, PEOPLE, PROCEDURE, AND DATA
● BUSINESSES WITH MANUAL PROCESSES HAVE NO INFORMATION SYSTEM
● AN ENTITY'S CONTROL STRUCTURE MUST PROVIDE FOR THE IDENTIFICATION,
CAPTURE AND EXCHANGE OF INFORMATION BOTH WITHIN THE CHAPTER AND
WITH EXTERNAL PARTIES. INFORMATION COMMUNICATED SHOULD BE TIMELY
AND ACCURATE.
 ● INFORMATION SYSTEM RELEVANT TO FINANCIAL REPORTING OBJECTIVES
FOCUSES ON PROPER INITIATION, RECORDING, AND REPORTING OF
TRANSACTIONS
● RELATED BUSINESS PROCESSES ARE THE ACTIVITIES DESIGNED TO (1)
DEVELOP, PRODUCE AND BELL AN ENTITY'S FRODUCTS, (2) ENSURE
COMPLIANCE WITH LAWS AND REGULATIONS, AND (3) RECORD INFORMATION
● INFORMATION SYSTEM RELEVANT TO FINANCIAL REPORTING OBJECTIVES
FOCUSES ON PROPER INITIATION, RECORDING, AND REPORTING OF
TRANSACTIONS
● RELATED BUSINESS PROCESSES ARE THE ACTIVITIES DESIGNED TO (1)
DEVELOR, PRODUCE AND SELL AN ENTITY'S PRODUCTS, (2) ENSURE
COMPLIANCE WITH LAWS AND REGULATIONS, AND (3) RECORD INFORMATION
● COMMUNICATION INVOLVES PROVIDING AN UNDERSTANDING OF INDIVIDUAL
ROLES AND RESPONSIBILITIES PERTAINING TO INTERNAL CONTROL OVER
FINANCIAL REPORTING
● COMMUNICATION CAN TAKE SUCH FORMS AS POLICY MANUALS, ACCOUNTING
AND FINANCIAL REPORTING MANUALS, AND MEMORANDA

CONTROL ACTIVITIES
● CONTROL ACTIVITIES HELP ENSURE RISK RESPONSES ARE EFFECTIVELY
CARRIED OUT AND INCLUDE POLICIES AND PROCEDURES, APPROVALS,
AUTHORIZATIONS, VERIFICATIONS, RECONCILIATIONS, SECURITY OVER
ASSETS, AND SEGREGATION OF DUTIES, THESE ACTIVITIES OCCUR ACROSS
AN ENTITY, AT ALL LEVELS AND IN ALL FUNCTIONS, AND ARE DESIGNED TO
HELP PREVENT OR REDUCE THE RISK THAT ENTITY OBJECTIVES WILL NOT BE
ACHIEVED.
● THESE ARE THE POLICIES AND PROCEDURES THAT HELP ENSURE THAT
MANAGEMENT DIRECTIVES ARE CARRIED OUT
● THE MAJOR CATEGORIES OF CONTROL PROCEDURES ARE:
- PERFORMANCE REVIEW
- INFORMATION PROCESSING CONTROLS
- PHYSICAL CONTROLS
● IN PERFORMANCE REVIEW MANAGEMENT USES ACCOUNTING AND
OPERATING DATA TO ASSESS PERFORMANCE, AND IT THEN TAKES
CORRECTIVE ACTIONS
● PERFORMANCE REVIEWS MAY BE USED BY MANAGERS FOR THE SOLE
PURPOSE OF MAKING OPERATING DECISIONS
● FOR EXAMPLE THE USE OF STANDARDS, BUDGETS, FORECASTS, PRIOR
PERIOD PERFORMANCE
● INFORMATION PROCESSING CONTROLS ARE POLICIES AND PROCEDURES
DESIGNED TO REQUIRE AUTHORIZATION OF TRANSACTIONS AND TO ENSURE
THE ACCURACY AND COMPLETENESS OF TRANSACTION PROCESSING
● CONTROL ACTIVITIES MAY BE CLASSIFIED INTO GENERAL AND APPLICATION
CONTROLS,
 ● PROPER SEGREGATION OF TRANSACTIONS AND ACTIVITIES, SEGREGATION
OF DUTIES, ADEQUATE DOCUMENTS AND RECORDS, ACCESS TO ASSETS, AND
INDEPENDENT CHECKS ON PERFORMANCE
● THE EXTENT TO WHICH PHYSICAL CONTROLS INTENDED TO PREVENT THE
THEFT OF ASSETS ARE RELEVANT TO THE RELIABILITY OF FINANCIAL
STATEMENT PREPARATIONS, AND THEREFORE THE AUDIT, DEPENDS ON
CIRCUMSTANCES SUCH AS WHEN ASSETS MISAPPROPRIATION ARE HIGHLY
SUSCEPTIBLE TO

MONITORING OF CONTROLS
● MONITORING INVOLVES ASSESSING THE DESIGN AND OPERATION OF
CONTROLS ON A TIMELY SASIS AND TAKING CORRECTIVE ACTION AS
NECESSARY
● MONITORING IS EFFECTIVE WHEN IT LEADS TO THE IDENTIFICATION AND
CORRECTION OF CONTROL WEAKNESSES BEFORE THEY MATERIALLY AFFECT
THE ACHIEVEMENT OF THE CHAPTER'S OBJECTIVES

OBJECTIVE OF THE STUDY OF INTERNAL CONTROL

● THE AUDITOR SHOULD OBTAIN AN UNDERSTANDING OF THE ACCOUNTING AND
INTERNAL CONTROL SYSTEMS SUFFICIENT TO PLAN THE AUDIT AND DEVELOP
AN EFFECTIVE AUDIT APPROACH
● THE AUDITOR'S UNDERSTANDING OF THEIR CLIENT'S INTERNAL CONTROL
PROVIDES A BASIS BOTH TO (1) PLAN THE AUDIT AND (2) ASSESS CONTROL
RISK
● TO UNDERSTAND THE DESIGN OF THE ACCOUNTING INFORMATION SYSTEM,
THE AUDITOR DETERMINES:
- THE MAJOR CLASSES OF TRANSACTIONS
- HOW THOSE TRANSACTIONS ARE INITIATED
- WHAT ACCOUNTING RECORDS EXISTS AND THEIR NATURE
- HOW TRANSACTIONS ARE PROCESSED
● AUDITORS OFTEN USE FLOWCHARTING TO PROVIDE FOR A NARRATIVE
DESCRIPTION OF THIS UNDERSTANDING
● AUDITS MAY ALSO PERFORM "WALK-THROUGHS”
● AUDITOR'S UNDERSTANDING OF ACCOUNTING AND INTERNAL CONTROL
SYSTEM IS SUPPLEMENTED BY:
- INQUIRIES OF APPROPRIATE MANAGEMENT, SUPERVISORY AND OTHER
PERSONNEL AT VARIOUS ORGANIZATIONAL LEVELS
- INSPECTION OF DOCUMENTS AND RECORDS
- OBSERVATION OF THE ENTITY'S ACTIVITIES AND OPERATIONS

DOCUMENTATION OF UNDERSTANDING
● THE AUDITOR SHOULD DOCUMENT THE UNDERSTANDING OF THE ENTITY'S
INTERNAL CONTROL STRUCTURE ELEMENTS OBTAINED TO PLAN THE AUDIT
 ● THE MORE COMPLEX THE INTERNAL CONTROL STRUCTURE AND THE MORE
EXTENSIVE THE PROCEDURES PERFORMED, THE MORE EXTENSIVE THE
AUDITOR'S DOCUMENTATION SHOULD BE
1. INTERNAL ACCOUNTING CONTROL QUESTIONNAIRES CONTAINS A SERIES OF
QUESTIONS DESIGNED TO DETECT CONTROL WEAKNESSES.
● MOSTLY ANSWERABLE BY "YES" OR "NO"
- "YES" GENERALLY INDICATES SATISFACTORY DEGREE OF INTERNAL
ACCOUNTING CONTROL
- "NO" INDICATES A POSSIBLE WEAKNESS IN CONTROL OR AT LEAST
INDICATES FURTHER INVESTIGATION IS NEEDED
2. FLOWCHART IS A SYMBOLIC DIAGRAM OF A SPECIFIC PART OF AN INTERNAL
ACCOUNTING CONTROL SYSTEM INDICATING THE SEQUENTIAL FLOW OF DATA
AND/OR AUTHORITY
● IT PROVIDES A PICTORIAL OVERVIEW OF A CLIENT'S INTERNAL CONTROL
ACTIVITIES
● TECHNIQUES OFTEN USED BY AUDITORS: (1) STANDARDIZED SYMBOLS (2)
FLOWLINES, (3) DOCUMENTS, (4) PROCESSING, AND (5) ANNOTATIONS
3. NARRATIVE DESCRIPTION IS A WRITTEN DESCRIPTION OF A PARTICULAR
PHASE OR PHRASES OR A CONTROL SYSTEM
● IF THE SYSTEMS ARE EXTENSIVE AND/OR COMPLEX, SEPARATE NARRATIVES
MAY BE PREPARED FOR SMALLER GROUPS OF CONTROLS WHICH RELATE TO
SPECIFIC CLASSES OF TRANSACTIONS OF ACCOUNTS
4. INTERNAL CONTROL CHECKLIST CONTAINS A DETAILED ENUMERATION OF THE
METHODS AND PRACTICES WHICH CHARACTERIZE GOOD INTERNAL CONTROL
OR OF ITEM TO BE CONSIDERED IN REVIEWING INTERNAL CONTROL
● PROVIDES ONLY A GUIDE TO REVIEW THE INTERNAL CONTROL, NOT A
RECORD OF AUDIT FINDINGS

Assessment of Control Risk

AUDIT RISK
The term audit risk refers to the possibility that the auditors fail to appropriately modify their
opinion on financial statements that are materially misstated. It consists of the following:
● A material misstatement in an assertion about the account has occurred; and
- (inherent risk, and control risk)
● The auditors do not detect the misstatement
- (detection risk)

Inherent Risk
● This refers to the susceptibility of an account balance to material errors assuming the
client does not have any related internal controls.
>The more complex the computation is, the more it is prone to errors.
>Cash is more likely to be stolen than plant assets.
 ● Major factors that auditors consider when assessing inherent risk:
- Nature of the client’s business
- Integrity of management
- Client motivation
- Results of previous audit
- Initial versus repeat engagement
● Major factors that auditors consider when assessing inherent risk:
- Related parties
- Nonroutine transactions
- Susceptibility to defalcation
- Judgment required to correctly record account balances and transactions
- Make up of population

Control Risk
● Control Risk is a risk that a misstatement, that could occur in an account balance or
class of transactions and that could be material, individually or when aggregated with
misstatements in other balances or classes, will not be prevented or detected and
corrected on a timely basis by the accounting and internal control system.

Preliminary Assessment of Control Risk

● It is the process of evaluating the effectiveness of an entity’s accounting and internal
control systems in preventing or detecting, and correcting material misstatements.
>auditor should make a preliminary assessment of control risk, at the assertion level, for
each material account balance or class of transactions.
● Control risk may be assessed in quantitative terms or in nonquantitative terms that range
from a maximum to minimum.
>For conservatism, auditors use the maximum level of control risk
>Auditors use the concept of professional skepticism
● Assessing control risk at below maximum level involves:
1. Identifying specific internal control structure policies and procedures relevant to specific
assertions
2. Performing test of controls to evaluate the effectiveness

Management Assertions
● Management assertions refer to management claims in relation to their financial
statement presentations.
- Existence
- Occurrence
- Completeness
- Rights and Obligations
- Valuation
- Measurement
- Presentation and Disclosure
Test of Controls
● These are the procedures conducted by the auditor to obtain audit evidence about the
effectiveness of the:
a) Design of the accounting and internal control system
b) Operation of the internal controls throughout the period
● These are concerned with:
a) How the policy was applied
b) The consistency of application of internal control
c) By whom it was applied
>The lower the assessment of control risk, the more support the auditor should present.
● Tests of controls ordinarily include procedures such as inquiries of appropriate
personnel, inspection of documents and reports, and observation of the application of
specific internal control structure policies and procedures.

Detection Risk
● This refers to the risk that the auditor’s examination will not detect material misstatement
or error in an account balance.
>Influenced by the nature, timing, and extent of the auditor’s procedures (substantive
testing).

Inherent Risk, Control Risk, and Detection Risk

● The inherent risk and the control risk are the risks that the assertion is misstated; while
the detection risk is the risk that the auditor cannot detect that misstatement
● The inherent risk and the control risk exist independently of the audit of the financial
statements
● The auditors control detection risk by the amount of evidence they accumulate

Audit Risk Model

● Auditors use this relationship to determine the nature, timing, and extent of audit
procedures to manage and control audit risk.
AR = IR x CR x DR

Assessing the Risk of Material Misstatements

Fraud and Error

● Misstatements in the financial statements can arise from either fraud or error.
>Fraud is intentional
>Error is unintentional
● Take note that auditors are only concerned with fraud and errors that could
MATERIALLY misstate the financial statements.

Components of Fraud
● The three components of fraud are:
1. Incentive or pressure to commit fraud
 2. Opportunity to commit fraud
3. Rationalization of the fact

Types of Fraud
● Two types of intentional misstatements (fraud) that are relevant to audit:
1. Fraudulent financial reporting
2. Misappropriation of assets

Fraudulent Financial Reporting

● This involves intentional misstatements including omissions of amounts or disclosures in
financial statements to deceive financial statement users.
>commonly done by the MANAGEMENT
● May be accomplished by the following:
1. Manipulation, falsification, or alteration of accounting records or supporting
documentation
2. Misrepresentation in, or intentional omission from, the financial statements of events,
transactions, or other significant information
3. Intentional misapplication of accounting principles relating to amounts, classification,
manner of presentation, or disclosure

Misappropriation of Assets
● It involves the theft of an entity’s assets and is often perpetrated by employees in
relatively small and immaterial amounts.
>often accompanied by false or misleading records or documents in order to conceal the
fact
● Can be accompanied in a variety of ways such as:
1. Embezzling receipts
2. Stealing physical assets or intellectual property
3. Causing an entity to pay for goods and services not received
4. Using an entity’s assets for personal use

Who is Responsible for Fraud?

● The primary responsibility for the prevention and detection of fraud rests with both those
charged with governance and management of the entity.
>An auditor is responsible for obtaining reasonable assurance that the financial
statements are free from material misstatements, whether caused by error or fraud.

Risk Assessment Procedures

● The audit procedures are performed to obtain an understanding of the entity and its
environment, including the entity’s internal control, to identify and assess the risks of
material misstatement, whether due to fraud or error, at the financial statement and
assertion levels.
 ● The auditor should perform risk assessment procedures to provide a basis for the
identification and assessment of risk of material misstatements of the financial
statements and assertion levels:
a) Inquiries of Management and others within the entity
b) Analytical Procedures
c) Observation and Inspection

Inquiries
● Although much of the information the auditor obtains by inquiries can be obtained from
management and those responsible for financial reporting, inquiries of others within the
entity, such as production and internal audit personnel, and other employees with
different levels of authority, may be useful in providing the auditor with different
perspective in identifying risks of material misstatements.
A. Inquiries directed towards those charged with governance
B. Inquiries directed toward internal audit personnel
C. Inquiries of employees
D. Inquiries directed toward in-house legal counsel
E. Inquiries directed towards marketing or sales personnel

Analytical Procedures
● May be helpful in identifying the existence of unusual transactions or events, and
amounts, ratios, and trends that might indicate matters that have financial statements
and audit implications.
● >The main premise of analytical procedure is that there is a plausible relationship for
each account.

Observation and Inspection

● Observation and inspection may support inquiries of management and others, and may
also provide information about the entity and its environment. Examples of such audit
procedures include observation or inspection of the following:
- The entity’s operations.
- Documents (such as business plans and strategies), records, and internal control
manuals.
- The entity’s premises and plant facilities.
- Reports by management and those charged with governance.

Discussion Among the Engagement Team

● Provides an opportunity for more experienced engagement team members, including the
engagement partner, to share their insights based on their knowledge of the entity.
● Allows the engagement team members to exchange information about the business
risks to which the entity is subject and about how and where the financial statements
might be susceptible to material misstatement due to fraud or error.
Significant Risks
● Significant risks often relate to significant non-routine transactions or judgmental
matters. Non-routine transactions are transactions that are unusual, due to either size or
nature, and that therefore occur infrequently. Judgmental matters may include the
development of accounting estimates for which there is significant measurement
uncertainty.
● Although risks relating to significant non-routine or judgmental matters are often less
likely to be subject to routine controls, management may have other responses intended
to deal with such risks. Accordingly, the auditor’s understanding of whether the entity
has designed and implemented controls for significant risks arising from non-routine or
judgmental matters includes whether and how management responds to the risks.

Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate Audit
Evidence
● In respect of some risks, the auditor may judge that it is not possible or practicable to
obtain sufficient appropriate audit evidence only from substantive procedures. Such risks
may relate to the inaccurate or incomplete recording of routine and significant classes of
transactions or account balances, the characteristics of which often permit highly
automated processing with little or no manual intervention. In such cases, the entity’s
controls over such risks are relevant to the audit and the auditor shall obtain an
understanding of them.

Revision of Risk Assessment

● The auditor’s assessment of the risks of material misstatement at the assertion level
may change during the course of the audit as additional audit evidence is obtained. In
circumstances where the auditor obtains audit evidence from performing further audit
procedures, or if new information is obtained, either of which is inconsistent with the
audit evidence on which the auditor originally based the assessment, the auditor shall
revise the assessment and modify the further planned audit procedures accordingly.