Manila * Cavite * Laguna * Cebu * Cagayan De Oro * Davao

Since 1977

AT.3610 SOLIMAN/UY/AGUILA/RICAFRENTE
Overall Audit Strategy and the Audit Program May 2024

Topic Outline Reporting Objectives, Timing of the Audit, and

Nature of Communications
a) Establishing Overall Audit Strategy
• The entity’s timetable for reporting
b) Types of Audit Procedures
c) Designing the Audit Program
• Meetings with management and those charged with
governance (TCWG) to discuss the nature, timing and
d) Audit Considerations Relating to Entity Using a Service
extent of the audit work.
Organization
e) Initial Audit Engagements – Opening Balances • The discussion with management and TCWG
f) Using the Work of Internal Auditors regarding the expected type and timing of reports to
g) Using the Work of an Expert be issued and other communications, both written and
h) Audit Considerations for Group Audits oral, including the auditor’s report, management
letters and communications to TCWG, and regarding
the expected communications on the status of audit
work throughout the engagement.
Establishing Overall Audit Strategy
• Communication with auditors of components.
The final step in planning an audit of financial statements • Communications among engagement team members,
is finalizing the auditor’s overall audit strategy and the including the nature and timing of team meetings and
preparation of the audit program which contains all audit timing of the review of work performed.
procedures to be performed including the sample sizes, • Any other expected communications with third
items to select, and timing of audit procedures. parties, including any statutory or contractual
reporting responsibilities arising from the audit.
Overall audit strategy sets the scope, timing, and direction
of the audit, and guides the development of the audit plan. Communicating with TCWG and Management
The auditor shall document the overall audit strategy
commonly in the form of a memorandum. The auditor may decide to discuss elements of planning
with the entity’s management to facilitate the conduct and
In establishing the overall audit strategy, the auditor is management of the audit engagement (for example, to
required to: coordinate some of the planned audit procedures with the
work of the entity's personnel), but not so detailed to
1. Identify the characteristics of the engagement that compromise the effectiveness of the audit or making the
define its scope audit procedures too predictable.
2. Ascertain the reporting objectives of the engagement
to plan the timing of the audit and the nature of the Nature, Timing and Extent of Necessary Resources
communications required
3. Consider the factors that, in our professional • The selection of the engagement team (including,
judgment, are significant in directing the engagement where necessary, the engagement quality control
team’s efforts reviewer) and the assignment of audit.
4. Consider the results of preliminary engagement • Engagement budgeting and timetable.
activities and, where applicable, whether knowledge
Audit Engagement Team
gained on other engagements performed by the
engagement partner for the entity is relevant Engagement team comprises all partners and staff (i.e.,
5. Ascertain the nature, timing, and extent of resources professionals, other than partners, including any experts
necessary to perform the engagement. the firm employs) performing the engagement, and any
individuals engaged by the firm or a network firm who
Characteristics that define the Scope of
perform audit procedures on the engagement. This
Engagement
excludes an auditor’s external expert engaged by the firm
• The applicable financial reporting framework or a network firm.
• Industry-specific reporting requirements Engagement partner is the partner (any individual with
• The expected audit coverage authority to bind the firm with respect to the performance
• The work of internal auditors of a professional services engagement) or other person in
• The entity’s use of service organizations the firm who is responsible for the audit engagement and
• The effect of information technology its performance, and for the auditor’s report that is issued
• The availability of client personnel and data. on behalf of the firm, and who, where required, has the
appropriate authority from a professional, legal or
regulatory body.

Page 1 of 12 www.teamprtc.com.ph AT.3610

TEAM PRTC

The typical organizational hierarchy of a CPA firm follows b. Audit manager

that of pyramidal structure. They include, from the top of c. Senior auditor or in-charge accountant
the pyramid, partners, managers or directors, supervisors d. Junior auditor
or seniors or in-charge associates, and staff or junior or
associates. 5. When discussing elements of planning with the
entity’s management, why should the auditor avoid
Position Responsibilities/Functions detailing the audit procedures?
Owners of the firm. The assigned a. To prevent the entity's management from
Partners partner has the overall responsibility for understanding the audit process.
the quality of each audit engagement. b. To ensure the effectiveness of the audit and
Managers/ Supervises the audits conducted by the avoid making the audit procedures too
Directors seniors. predictable.
In charge of audit fieldwork. The senior c. To avoid overloading the entity's management
supervises the work of the audit staff, with information.
In-charge/ d. To maintain the auditor's competitive advantage
reviews working papers and time
Seniors over other audit firms.
budgets, and assists in drafting the
audit report
Staff/Junior/ Perform the more detailed routine audit Types of Audit Procedures
Associates tasks.
In developing the auditor’s overall audit strategy, the
The engagement partner and other key members of the auditor uses a combination of audit procedures to
engagement team shall be involved in planning the audit, determine whether the client’s financial statements are
including planning and participating in the discussion fairly stated. These procedures are enumerated below:
among engagement team members, to draw on their
experience and insight, thereby enhancing the • Risk Assessment Procedures
effectiveness and efficiency of the planning process. • Test of Controls
• Substantive Tests of Transactions
The auditor shall plan the nature, timing and extent of • Substantive Analytical Procedures
direction and supervision of engagement team members • Substantive Tests of Balances
and the review of their work.
The first type, risk assessment procedures, is used by the
✎ Concept check: Answer question nos. 1 to 5: auditor to identify significant risks due to fraud or error,
and design procedures to address those risks. The
1. In developing an overall audit strategy, an auditor auditors also use risk assessment procedures to assess
should consider: the risk of material misstatement arising from inherent
a. Whether the allowance for sampling risk exceeds risk and control risk. The other four procedures above
the achieved upper precision limit. represent further audit procedures which are performed
b. Findings from substantive tests performed at to respond to the risks identified at the assertions level.
interim dates. Risk Assessment Procedures
c. Whether the inquiry of the client's attorney
identifies any litigation, claims, or assessments Auditing standards require the auditor to obtain an
not disclosed in the financial statements. understanding of the entity and its environment, including
d. Preliminary evaluations of materiality, audit risk, its internal control, to assess the risk of material
and internal control. misstatement in the client’s financial statements.

2. What is a factor that defines the scope of the audit Risk assessment procedures are the audit procedures
engagement? performed by the auditor to provide a ‘sufficient and
a. The entity's marketing strategy. appropriate’ audit evidence as the basis for identifying and
b. The entity's use of service organizations. assessing risks of material misstatement and include the
c. The entity's product development plan. following:
d. The entity's customer service policies.
1. Inquiries of management, and of others within the
3. The following are the matters to be considered by the entity.
auditor in establishing the overall audit strategy, 2. Analytical procedures.
except 3. Observation and inspection.
a. Defining the scope of the examination 4. Discussion among engagement team members.
b. Assess risk and materiality 5. Other risk assessment procedures.
c. Computation of audit fees
d. Ascertaining the reporting objectives of the Risk assessment procedures are required to be performed
engagement in every audit. However, risk assessment procedures
alone do not provide sufficient and appropriate evidence
4. Who in a public accounting firm is most likely to from which to base the auditor’s audit opinion.
schedule the audit staff to perform the audit
engagement?
a. Audit partner

Page 2 of 12 www.teamprtc.com.ph AT.3610

TEAM PRTC

Test of Controls The concept of effectiveness of the operation of controls

recognizes that some deviations in the way controls are
The auditor shall design and perform tests of controls to applied by the entity may occur. Deviations from
obtain sufficient appropriate audit evidence as to the prescribed controls may be caused by such factors as
operating effectiveness of relevant controls when: changes in key personnel, significant seasonal fluctuations
1. The auditor’s assessment of risks of material in volume of transactions and human error. The detected
misstatement at the assertion level includes an rate of deviation, in particular in comparison with the
expectation that the controls are operating effectively expected rate, may indicate that the control cannot be
(i.e., the auditor intends to rely on the operating relied on to reduce risk at the assertion level to that
effectiveness of controls and therefore setting control assessed by the auditor.
risk below maximum or low); or Substantive Audit Procedures
2. Substantive procedures alone cannot provide
sufficient appropriate audit evidence at the assertion Substantive audit procedures are designed to test the
level. peso misstatements that directly affect the correctness of
financial statement balances and disclosures.
Designing and Performing Tests of Controls
Irrespective of the assessed risks of material
Tests of controls are performed only on those controls that misstatement, the auditor shall design and perform
the auditor has determined are suitably designed to substantive procedures for each material class of
prevent, or detect and correct, a material misstatement in transactions, account balance, and disclosure.
an assertion. If substantially different controls were used Substantive procedures consist of
at different times during the period under audit, each is
considered separately. • Substantive tests of transactions,
• Substantive analytical procedures, and
Nature of Tests of Controls • Substantive tests of details of balances.
The nature of tests of controls, either manual or Nature of Substantive Procedures
automated, is that the tests generally consist of one (or a
combination) of four types of evidence-gathering Substantive procedures comprise test of details (of
techniques: classes of transactions, account balances, and
disclosures), and substantive analytical procedures.
1. Inquiry of client personnel, Analytical procedures generally provide less reliable
2. Observation, evidence than the tests of detail.
3. Inspection of documents and processes,
4. Reperformance Substantive analytical procedures are generally more
applicable to large volumes of transactions that tend to be
Inquiry alone does not provide sufficient and appropriate predictable over time.
evidence about the operating effectiveness of internal
controls. In designing and performing tests of controls, The nature of the risk and assertion is relevant to the
the auditor shall perform other audit procedures in design of tests of details. For example, tests of details
combination with inquiry to obtain audit evidence about related to the existence or occurrence assertion may
the operating effectiveness of the controls, including how involve selecting from items contained in a financial
the controls were applied at relevant times during the statement amount and obtaining the relevant audit
period under audit, the consistency with which they were evidence. On the other hand, tests of details related to the
applied, by whom or by what means they were applied completeness assertion may involve selecting from items
and determine whether the controls to be tested depend that are expected to be included in the relevant financial
upon other controls (indirect controls), and if so, whether statement amount and investigating whether they are
it is necessary to obtain audit evidence supporting the included.
effective operation of those indirect controls. Thus, inquiry
together with inspection and observation often provide Timing of Substantive Procedures
sufficient and appropriate evidence as to the operating Substantive procedures may be performed at interim
effectiveness of the client’s internal controls. In certain dates or at period end depending on the auditor’s
instances, the auditor may also decide to reperform the judgment.
internal controls as part of the auditor’s test of the When substantive procedures are performed at an interim
control’s operating effectiveness. date, the auditor shall cover the remaining period by
Evaluating the Operating Effectiveness of Controls performing:

The auditor shall evaluate whether, on the basis of the 1. Substantive procedures, combined with tests of
audit work performed, the auditor has identified a material controls for the intervening period; or
weakness in the operating effectiveness of controls. A 2. If the auditor determines that it is sufficient,
material misstatement detected by the auditor’s further substantive procedures only, that provide
procedures may indicate the existence of a material a reasonable basis for extending the audit
weakness in internal control. conclusions from the interim date to the period
end.

Page 3 of 12 www.teamprtc.com.ph AT.3610

TEAM PRTC

Performing substantive procedures at an interim date and other computer assisted audit techniques may also be
without undertaking additional procedures at a later date used to test automated controls and even manual controls
increases the risk that the auditor will not detect that are reflected in electronic files. The use of technology
misstatements that may exist at the period end–referred may also allow the auditor to examine 100 percent of an
to as incremental audit risk. This risk increases as the account balance in substantive audit procedures. The
remaining period is lengthened. discussion below shows how some emerging technologies
affect the way the auditors obtain audit evidence.
In most cases, audit evidence from a previous audit’s
substantive procedures provides little or no audit evidence a. Non-Predictive Analytics: Non-predictive analytics,
for the current period. There are, however, exceptions, often referred to as descriptive analytics, involves the
e.g., a legal opinion obtained in a previous audit related analysis of historical data to understand what has
to the structure of a securitization to which no changes happened in the past. Auditors can use non-predictive
have occurred, may be relevant in the current period. In analytics to gain insights into an entity's past financial
such cases, it may be appropriate to use audit evidence performance and to identify patterns or trends that
from a previous audit’s substantive procedures if that might be relevant to the audit.
evidence and the related subject matter have not
fundamentally changed, and audit procedures have been b. Big Data and Machine Learning: Big data refers to
performed during the current period to establish its large volumes of data that can be analyzed for
continuing relevance. patterns and trends. Auditors can leverage big data to
gain insights into an entity's transactions on a much
Extent of Substantive Procedures more detailed level than traditional sampling
methods. Machine learning, a subset of artificial
The greater the risk of material misstatement, the greater intelligence, allows systems to learn and improve from
the extent of substantive procedures. In designing tests experience without being explicitly programmed. In
of details, the extent of testing is ordinarily thought of in an audit context, machine learning can be used to
terms of the sample size. However, other matters are also identify patterns or anomalies in financial data that
relevant, including whether it is more effective to use might signify errors, fraud, or other risks of material
other selective means of testing. misstatement.
The use of Computer Assisted Audit Tools and Techniques c. Artificial Intelligence (AI): AI is transforming the audit
(CAATTs) may enable more extensive testing of electronic process by automating tasks that were previously
transactions and files. Because the risk of material performed manually, like data collection and analysis.
misstatement takes account of internal control, the extent For example, AI can be used to automatically review
of substantive procedures may be reduced if tests of and analyze contracts or invoices, freeing up the
control show that controls are adequate. auditor's time to focus on more complex areas of the
Test of controls vs. Test of transactions audit.

Both procedures are directed to the classes of transactions d. Robotic Process Automation (RPA): RPA uses software
of the client, however, their purposes are different. An robots or "bots" to automate routine tasks. In an audit
auditor performs test of controls to test the operating context, RPA can be used to automate processes like
effectiveness of controls while an auditor performs test of data extraction and reconciliation, making the audit
transactions to detect material misstatements in the process more efficient and reducing the risk of human
financial statements. In addition, in test of controls, error.
monetary amount is not relevant (the auditor determines e. Blockchain: Blockchain is a distributed ledger
whether a control operation is being carried out or not technology that provides a secure and transparent
regardless of the monetary amount of the transaction), way to record transactions. In the context of an audit,
while in test of transactions, the monetary amount is of blockchain could potentially provide a source of audit
particular importance to determine whether the evidence for transactions recorded in a blockchain. For
misstatements are material or not. Finally, performance example, it could provide evidence of the occurrence
of test of controls is not always required every audit but and accuracy of a transaction. However, the use of
warranted by circumstances (i.e., an auditor will perform blockchain in auditing is still an emerging field, and
test of controls if the auditor intends to rely on the control) auditors need to consider various risks and challenges
while test of transactions is always part of required audit associated with its use.
procedures every audit.
These technologies are not without their challenges and
Use of Data Analytics and Other Emerging risks, and auditors need to have sufficient understanding
Technologies in Audit Tests of these technologies to assess the risks associated with
Data analytics and other emerging technologies are their use. Nevertheless, they offer significant
increasingly being used throughout the audit. Data opportunities to enhance the efficiency and effectiveness
analytics can be used in all types of audit procedures of the audit process.
discussed above. For example, in risk assessment
procedures, the auditor may use text analysis software to
identify words or phrases in documents that may indicate
potential risks of material misstatements. Audit software

Page 4 of 12 www.teamprtc.com.ph AT.3610

TEAM PRTC

Deciding Which Types of Audit Procedures to c. properly accumulated into balance sheet totals.
Perform d. properly documented by the client.

Usually, auditors use all types of audit procedures when 9. After documenting internal control in an audit
performing an audit of financial statements, however, engagement, the auditor may perform tests on
certain types of audit procedures may be emphasized, a. those controls that the auditor plans to rely on.
depending on the circumstances. Below is a summary of b. those controls in which deficiencies were identified.
the different types of audit procedures an whether they c. those controls that have a material effect on the
are always required or not. financial statement balances.
d. a random sample of the controls that were
Audit Procedures Required? reviewed.
• Risk assessment Always required
procedures 10. Which of the following audit techniques would most
• Test of Controls Warranted by likely provide an auditor with the most assurance
circumstances about the effectiveness of the operation of an internal
• Substantive Test of Always required control procedure?
Transactions a. Inquiry of client personnel
• Substantive Analytical Warranted by b. Recomputation of an account balance
Procedures circumstances c. Observation of client personnel
• Substantive Test of Always Required. d. Confirmation of balances or transactions with
Details of Balances outside parties

The auditor considers several factors in choosing the types 11. After the study and evaluation of a client's internal
of audit procedures to perform such as the availability of control policies and procedures has been completed,
evidence, the relative costs of performing the procedure, an auditor might decide to
the effectiveness of internal controls, and degree of a. increase the extent of substantive testing in areas
inherent risk. where the internal control policies and procedures
are strong.
The cost of performing audit procedures or obtaining audit b. reduce the extent of control testing in areas where
evidence is considered in deciding the mix of audit tests the internal control policies and procedures are
to perform, however, the cost or difficulty of obtaining strong.
evidence should not be a valid basis in omitting an audit c. reduce the extent of both substantive and control
test for which there is no alternative. testing in areas where the internal control policies
and procedures are strong.
✎ Concept check: Answer question nos. 6 to 19: d. increase the extent of substantive testing in areas
where the internal controls are weak.
6. Which of the following statements relating to auditor’s
12. The auditor is studying internal control policies and
responses to assessed risk of material misstatement
procedures within the sales, shipping, and billing
considered significant risk is incorrect?
subset of the revenue cycle. Which of the following
a. The auditor shall obtain understanding of the
relevant control activities intended to address the conditions suggests a need for additional testing of
risk. controls?
a. Internal control is found to be weak with regard to
b. The auditor shall test the operating effectiveness
shipping and billing.
of the internal control in place to address the risk.
b. Internal control over sales, billing, and shipping
c. The auditor shall perform substantive procedures
appears strong, but 80% of sales revenue is
that are specifically responsive to significant risk.
attributable to three major customers.
d. When the approach to a significant risk consists
only of substantive procedures, those procedures c. Internal control over billing and shipping is thought
to be strong and the auditor considers additional
shall include tests of details.
testing of selected controls will result in a major
7. Which of the following steps or modifications to an reduction in substantive testing.
audit program is likely to be the most appropriate if d. Internal control over the recording of sales is found
an auditor assesses the level of the risk of material to be weak and the sales are evenly divided among
misstatement for a financial statement assertion to be a large number of customers.
relatively high?
13. To obtain an understanding of the relevant policies
a. Perform more intensive tests of the relevant
internal control and procedures of internal control, the auditor
b. Perform more intensive substantive tests of the performs all of the following except:
a. Make inquiries.
assertion
b. Make observations.
c. Increase the planning materiality level
c. Inspect documents and records.
d. Reduce the desired level of audit risk
d. Design substantive tests.
8. Tests of controls are used to test whether controls are
14. It is most appropriate that tests of controls be applied
a. operating effectively.
to transactions and controls
b. placed in operation (implemented).
a. at the balance sheet date.

Page 5 of 12 www.teamprtc.com.ph AT.3610

TEAM PRTC

b. at each quarterly interim period.

c. for the entire period under audit. For the areas that have no risks of material misstatement
d. at the beginning of the fiscal period. identified, generally no further audit procedures need to
be performed, except for material classes of transactions,
15. To obtain evidence about control risk, an auditor account balances and disclosures that are still subject to
ordinarily selects tests from a variety of techniques, some substantive procedures.
including:
a. Analysis c. Reperformance Overall responses
b. Confirmation d. Comparison The auditor’s overall responses may include:
16. An auditor wishes to perform tests of controls on a
• Emphasizing to the audit team the need to maintain
client’s cash disbursements procedures. If the
professional skepticism.
controls leave no audit trail of documentary evidence,
• Assigning more experienced staff or those with special
the auditor most likely will test the procedures by
skills or using experts.
a. confirmation and observation.
b. analytical procedures and confirmation. • Providing more supervision.
c. observation and inquiry. • Incorporating additional elements of unpredictability
d. inquiry and analytical procedures. in the selection of further audit procedures to be
performed.
17. The main purpose of substantive procedures is to • Making general changes to the nature, timing, or
a. Obtain an understanding of the entity and its extent of audit procedures.
environment, including its internal control, to
assess the risks of material misstatement at the Responses to the assessed risks of material misstatement
financial statement and assertion levels. at the assertion Level
b. Test the operating effectiveness of controls in
The auditor shall design and perform further audit
preventing, or detecting and correcting, material
procedures whose nature, timing, and extent are based
misstatement at the assertion level.
on and are responsive to the assessed risks of material
c. Detect material misstatements at the assertion
misstatement at the assertion level. Further audit
level.
procedures include:
18. What is one way in which machine learning can be
1. Test of controls – an audit procedure designed to
applied in an audit context?
evaluate the operating effectiveness of controls in
a. Machine learning can be used to facilitate
preventing, or detecting and correcting, material
communication with the client.
misstatements at the assertion level
b. Machine learning can be used to identify patterns
2. Substantive procedure – an audit procedure designed
or anomalies in financial data.
to detect material misstatements at the assertion
c. Machine learning can be used to draft the audit
level.
report.
d. Machine learning can be used to assess the The auditor’s assessment of the identified risks at the
client's ethical standards. assertion level provides a basis for considering the
appropriate audit approach for designing and performing
19. How can Artificial Intelligence (AI) transform the audit
further audit procedures. For example, the auditor may
process?
determine that:
a. By automating tasks like data collection and
analysis. 1. Only by performing tests of controls may the auditor
b. By replacing the need for a human auditor. achieve an effective response to the assessed risk of
c. By making financial decisions for the entity under material misstatement for a particular assertion.
audit.
d. By drafting the entity's financial statements. 2. Performing only substantive procedures is appropriate
for particular assertions and, therefore, the auditor
excludes the effect of controls from the relevant risk
Designing the Audit Program assessment. This may be because the auditor’s risk
assessment procedures have not identified any
Once the risks of material misstatement have been
effective controls relevant to the assertion, or because
identified, the auditor designs and implements
testing controls would be inefficient and therefore the
appropriate responses to those risks in order to obtain
auditor does not intend to rely on the operating
sufficient appropriate audit evidence about the assessed
effectiveness of controls in determining the nature,
risks of material misstatement.
timing and extent of substantive procedures; or
The auditor’s responses are classified into two according
3. A combined approach using both tests of controls and
to the level of risks of material misstatement, such as:
substantive procedures is an effective approach.
1. Overall responses to address the risks of material
Once the auditor has chosen the types of tests to perform,
misstatement at the financial statements level; and
the auditor should design the specific audit procedures to
2. Further audit procedures as responses to the
perform. These audit procedures are combined to form the
assessed risks of material misstatement at the
audit program. The auditor may prepare an audit program
assertion level.

Page 6 of 12 www.teamprtc.com.ph AT.3610

TEAM PRTC

from scratch or modify an existing program to satisfy all level for each material class of transactions,
audit objectives, considering various factors such as account balances and disclosures.
materiality, mix of evidence, inherent risk, control risk, c. Other planned audit procedures that are required
and identified significant risks, if any. to be carried out so that the engagement complies
with our audit approach.
✎ Concept check: Answer question nos. 20 to 28: d. All of the above.

20. Which statement is incorrect regarding the nature of 25. An auditor should design the written audit program so
further audit procedures? that
a. The nature of further audit procedures refers to a. all material transactions will be selected for
their purpose and their type substantive testing.
b. Certain audit procedures may be more b. substantive tests prior to the balance sheet date
appropriate for some assertions than others. will be minimized.
c. The higher the auditor’s assessment of risk, the c. the audit procedures selected will achieve specific
less reliable and relevant is the audit evidence objectives.
sought by the auditor from substantive d. each account balance will be tested under either
procedures. tests of controls or tests of transactions.
d. All of the above
26. When is a substantive only approach to auditing most
21. Which statement is incorrect regarding the timing of likely to be appropriate?
further audit procedures? a. When the entity has complex internal control
a. The timing refers to when audit procedures are systems and highly automated process.
performed or the period or date to which the audit b. When the entity's internal controls are ineffective
evidence applies. or non-existent.
b. The auditor may perform tests of controls or c. When the entity's internal controls are effective
substantive procedures at an interim date or at and the auditor intends to rely on them.
period end. d. When the entity has multiple locations and
c. If the auditor performs tests of controls or complex operations.
substantive procedures prior to period end, the
27. When using the combined approach, which of the
auditor considers the additional evidence required
following is a factor that an auditor is most likely to
for the remaining period.
consider?
d. All audit procedures can be performed prior to
a. The complexity of the entity's operations.
period end.
b. The extent to which the entity's controls are
22. Which statement is incorrect regarding the extent of automated.
further audit procedures? c. The extent of the entity's use of information
a. Extent includes the quantity of a specific audit technology in its operations.
procedure to be performed. d. All of the above.
b. The extent of an audit procedure is determined by
28. Which of the following best describes the purpose of
the judgment of the auditor after considering the
an audit program in an audit engagement?
materiality, the assessed risk, and the degree of
a. An audit program is used to prepare the entity's
assurance the auditor plans to obtain.
financial statements.
c. The auditor ordinarily decreases the extent of
b. An audit program is a tool for communicating with
audit procedures as the risk of material
the entity's management and those charged with
misstatement increases.
governance.
d. All of the above
c. An audit program outlines the procedures to be
23. Holding other planning considerations equal, a performed, including sample sizes, items to
decrease in the amount of misstatements in a class of select, and the timing of audit procedures.
transactions that an auditor could tolerate most likely d. An audit program is used to determine the entity's
would cause the auditor to: tax liabilities.
a. Perform less effective procedures.
b. Perform the planned auditing procedures closer to
the balance sheet date. Audit Considerations Relating to an Entity
c. Increase the assessed level of control risk for Using a Service Organization
relevant financial statement assertions.
d. Decrease the extent of auditing procedures to be Service organization is a third-party organization that
applied to the class of transactions. provides services to user entities that are part of those
entities’ information systems relevant to financial
24. The audit plan includes: reporting.
a. A description of the nature, timing and extent of
planned risk assessment procedures sufficient to Service auditor refers to an auditor who, at the request of
assess the risk of material misstatement. the service organization, provides an assurance report on
b. A description of the nature, timing and extent of the controls of a service organization. A service auditor
planned further audit procedures at the assertion

Page 7 of 12 www.teamprtc.com.ph AT.3610

TEAM PRTC

may issue the following on internal control of a service

organization: Predecessor auditor – The auditor from a different audit
firm, who audited the financial statements of an entity in
a. Type 1 report – Report on the description and design the prior period and who has been replaced by the current
of controls at a service organization. auditor.
b. Type 2 report – Report on the description, design, and
operating effectiveness of controls at a service Opening balances refer to those account balances that
organization. exist at the beginning of the period. Opening balances are
based upon the closing balances of the prior period and
In determining the sufficiency and appropriateness of the reflect the effects of transactions and events of prior
audit evidence provided by a type 1 or type 2 report, the periods and accounting policies applied in the prior
user auditor shall be satisfied as to: period. Opening balances also include matters requiring
a. The service auditor’s professional competence and disclosure that existed at the beginning of the period, such
independence from the service organization; and as contingencies and commitments.
b. The adequacy of the standards under which the type
1 or type 2 report was issued. In conducting an initial audit engagement, the objective
of the auditor with respect to opening balances is to obtain
User entity is an entity that uses a service organization sufficient appropriate audit evidence about whether:
and whose financial statements are being audited.
1. Opening balances contain misstatements that
User auditor refers to an auditor who audits and reports materially affect the current period’s financial
on the financial statements of a user entity. statements; and
The objectives of the user auditor, when the user entity 2. Appropriate accounting policies reflected in the
uses the services of a service organization, are: opening balances have been consistently applied in
a. To obtain an understanding of the nature and the current period’s financial statements, or changes
significance of the services provided by the service thereto are properly accounted for and adequately
organization and their effect on the user entity’s presented and disclosed in accordance with the
internal control relevant to the audit, sufficient to applicable financial reporting framework.
identify and assess the risks of material
misstatement; and Audit Procedures—Opening Balances
b. To design and perform audit procedures responsive to
those risks. The auditor shall read the most recent financial
statements, if any, and the predecessor auditor’s report
To achieve the objectives set out above, the auditor thereon, if any, for information relevant to opening
performs the risk-based audit procedures below: balances, including disclosures.

Risk assessment The auditor shall obtain sufficient appropriate audit

evidence about whether the opening balances contain
• Understanding services relevant to audit provided by misstatements that materially affect the current period’s
a service organization. financial statements by:
• Understanding relevant controls in place.
• Determine extent of reliance on the type 1 or type 2 1. Determining whether the prior period’s closing
report. balances have been correctly brought forward to the
current period or, when appropriate, have been
Risk response restated;
• Determine where sufficient appropriate audit evidence 2. Determining whether the opening balances reflect the
may be obtained. application of appropriate accounting policies; and
• Performing tests of controls. 3. Performing one or more of the following:
• Making inquiries about significant risks.
• Where the prior year financial statements were
Conclusion and Reporting audited, reviewing the predecessor auditor’s
working papers to obtain evidence regarding the
• No reference to work of a service auditor unless audit opening balances;
report is modified. • Evaluating whether audit procedures performed in
• If no sufficient appropriate evidence is obtained, the current period provide evidence relevant to
modify the audit report. the opening balances; or
• Performing specific audit procedures to obtain
Initial Audit Engagements—Opening Balances evidence regarding the opening balances.

Initial audit engagement – An engagement in which If the auditor obtains audit evidence that the opening
either: balances contain misstatements that could materially
affect the current period’s financial statements, the
1. The financial statements for the prior period were not auditor shall perform such additional audit procedures as
audited; or are appropriate in the circumstances to determine the
2. The financial statements for the prior period were effect on the current period’s financial statements. If the
audited by a predecessor auditor. auditor concludes that such misstatements exist in the

Page 8 of 12 www.teamprtc.com.ph AT.3610

TEAM PRTC

current period’s financial statements, the auditor shall

communicate the misstatements with the appropriate 31. When the user auditor’s risk assessment includes an
level of management and those charged with governance. expectation that controls at the service organization
are operating effectively, the user auditor shall obtain
Audit Conclusions and Reporting audit evidence about the operating effectiveness of
those controls from one or more of the following
Results Opinion procedures: (Choose the incorrect one)
Opening Balances: a. Obtaining a type 1 report, if available.
b. Obtaining a type 2 report, if available.
No material c. Performing appropriate tests of controls at the
misstatements, with service organization.
Unmodified
sufficient appropriate d. Using another auditor to perform tests of controls
audit evidence at the service organization on behalf of the user
Qualified or disclaimer; or auditor.
Qualified or disclaimed—
No sufficient appropriate 32. The following statements relate to the reporting
results of operations and
audit evidence requirements under PSA 402. Which is incorrect?
cash flows; and
a. The user auditor shall modify the opinion in the
unmodified—financial
user auditor’s report if the user auditor is unable
position.
to obtain sufficient appropriate audit evidence
Contain material regarding the services provided by the service
Qualified or adverse
misstatements organization relevant to the audit of the user
Consistency of Accounting Policies: entity’s financial statements.
Consistently applied Unmodified b. The user auditor shall not refer to the work of a
service auditor in the user auditor’s report
Not consistently applied Qualified or adverse
containing an unmodified opinion unless required
Modification to the Opinion in the Predecessor Auditor’s by law or regulation to do so.
Report: c. If reference to the work of a service auditor is
Modification relevant and relevant to an understanding of a modification to
Modified
material the user auditor’s opinion, the user auditor’s
Modification not relevant report shall indicate that such reference does not
Unmodified
and material diminish the user auditor’s responsibility for that
opinion.
d. The user auditor may not need the consent of the
✎ Concept check: Answer question nos. 29 to 37: service auditor when making such a reference as
it is implicitly and ethically permitted.
29. Under PSA 402, the objectives of the user auditor,
when the user entity uses the services of a service 33. For initial audit engagements, the auditor should
organization, are: obtain sufficient appropriate audit evidence that:
a. To obtain an understanding of the nature and a. The opening balances do not contain
significance of the services provided by the misstatements that materially affect the current
service organization and their effect on the user period's financial statements.
entity’s internal control relevant to the audit, b. The prior period's closing balances have been
sufficient to identify and assess the risks of correctly brought forward to the current period or,
material misstatement. when appropriate, have been restated.
b. To design and perform audit procedures c. Appropriate accounting policies are consistently
responsive to those risks. applied or changes in accounting policies have
c. Both a and b been properly accounted for and adequately
d. Either a or b disclosed.
d. All of the above.
30. If the user auditor is unable to obtain a sufficient
understanding from the user entity, the user auditor 34. Which of the following is least considered in
shall obtain that understanding from one or more of determining the sufficiency and appropriateness of
the following procedures, except: the audit evidence that the auditor will obtain
a. Obtaining a type 1 or type 2 report, if available. regarding opening balances?
b. Contacting the service organization, but not a. The materiality of the opening balances relative to
through the user entity, to obtain specific the current period’s financial statements.
information. b. The accounting policies adopted by the entity.
c. Visiting the service organization and performing c. The risk of misstatements of accounts.
procedures that will provide the necessary d. The length of years in operations of the entity.
information about the relevant controls at the
service organization. 35. The following audit procedures may be deemed
d. Using another auditor to perform procedures that necessary by the auditor in obtaining sufficient
will provide the necessary information about the appropriate audit evidence regarding opening
relevant controls at the service organization. balances, except:

Page 9 of 12 www.teamprtc.com.ph AT.3610

TEAM PRTC

a. Reading the most recent financial statements, if 4. Whether there is likely to be effective
any, and the predecessor auditor’s report thereon, communication between the internal auditors and the
if any, for information relevant to opening external auditor.
balances, including disclosures.
b. Reviewing the predecessor auditor’s audit
engagement letter. Using the Work of an Expert
c. Evaluating whether audit procedures performed in
An expert (or a specialist) refers to a person or firm
the current period provide evidence relevant to
possessing special skill, knowledge, and experience in a
the opening balances.
particular field other than accounting and auditing. An
d. Performing specific audit procedures to obtain
expert may be engaged by the entity or by the auditor,
evidence regarding the opening balances.
employed by the entity or by the auditor. Under PSAs,
36. Which of the following accounts is most difficult for the they are classified into the following two categories:
auditor to be satisfied as to the balance at the
beginning of the period? 1. Auditor’s expert—An individual or organization
a. Accounts receivable c. Inventory possessing expertise in a field other than accounting
b. Accounts payable d. Accrued interest or auditing, whose work in that field is used by the
payable auditor to assist the auditor in obtaining sufficient
appropriate audit evidence. An auditor’s expert may
37. If the opening balances contain misstatements which be either an auditor’s internal expert (who is a partner
could materially affect the current period's financial or staff, including temporary staff, of the auditor’s firm
statements and the effect of the misstatement is not or a network firm), or an auditor’s external expert.
properly accounted for and adequately disclosed, the
auditor should express a 2. Management’s expert—An individual or organization
a. Unqualified opinion with explanatory paragraph. possessing expertise in a field other than accounting
b. Qualified or adverse opinion. or auditing, whose work in that field is used by the
c. Qualified or disclaimer of opinion. entity to assist the entity in preparing the financial
d. Adverse or disclaimer of opinion. statements.

Determining adequacy of work of an auditor’s expert

Using the Work of Internal Auditors involves the process below:

The objectives of the external auditor, where the entity Risk assessment
has an internal audit function and the external auditor • Determine if there’s a need for work of an auditor’s
expects to use the work of the function to modify the expert by:
nature or timing, or reduce the extent, of audit procedures o Considering required procedures.
to be performed directly by the external auditor , or to use o Considering competence, capability, and
internal auditors to provide direct assistance, are: objectivity of expert.
• Understand the expert’s field of expertise.
a) To determine whether the work of the internal audit • Agree the terms of engagement with the auditor’s expert.
function or direct assistance from internal auditors can
be used, and if so, in which areas and to what extent; Risk response
and having made that determination:
b) If using the work of the internal audit function, to • Evaluate adequacy of expert’s work, including
determine whether that work is adequate for purposes findings, conclusions, assumptions used, and sources
of the audit; and of data.
c) If using internal auditors to provide direct assistance, • Determine if any further audit work required,
to appropriately direct, supervise and review their particularly when the work of an auditor’s expert lacks
work. adequacy to auditor’s purpose.

In determining whether the work of the internal auditors Conclusion and reporting
is likely to be adequate for purposes of the audit, the • No reference to work of an auditor’s expert unless the
external auditor shall evaluate: audit report is modified.
1. The objectivity (by identifying its line of reporting of • If no sufficient appropriate evidence is obtained,
results of internal audit that normally is directly to modify the audit report.
BOD’s audit committee) of the internal audit function; ✎ Concept check: Answer question nos. 38 to 37:
2. The technical competence (such as education,
experience, professional certification, etc.) of the 38. The work of internal auditors may affect the
internal auditors; independent’s auditor’s
3. Whether the work of the internal auditors is likely to I. Procedures performed in obtaining an
be carried out with due professional care (by understanding of internal control
reviewing adequate planning, supervision and II. Procedures performed in assessing the risk of
documentation of work); and material misstatement

Page 10 of 12 www.teamprtc.com.ph AT.3610

TEAM PRTC

III. Substantive procedures performed in gathering to have the expertise of a person trained for or
direct evidence qualified to engage in the practice of another
a. I and III only c. II and III only profession or occupation.
b. I and II only d. I, II and III d. In all cases, the auditor cannot obtain sufficient
appropriate audit evidence in areas that are other
39. In making judgments about the effect of the internal than accounting and auditing.
auditors’ work on the external auditor’s procedures in
specific audit areas, which of the following is not 44. Each of the following procedures requires the
among three issues related to the audit areas that assistance of an expert, except
should be considered by the external auditor? a. Determining the physical condition or quantity of
a. Materiality of the financial statement amounts. underground mineral.
b. Risk of material misstatement of the assertions b. Determining the value of works of art.
related to these financial statement amounts. c. Determining the adequacy of disclosure in the
c. Degree of subjectivity involved in the evaluation notes to the financial statements.
of the audit evidence gathered in support of the d. Interpreting major contracts.
assertions.
d. Review of quality of audit policies, programs, and 45. When determining the need to use the work of an
procedures. expert, the auditor would consider the following,
except
40. Under what circumstance is it appropriate for the a. The quantity and quality of other audit evidence
auditor to rely on the work of an internal auditor? available.
a. It is never acceptable for the external auditor to b. The materiality of the financial statements item
rely upon the work of the internal auditor. being considered.
b. The external auditor may rely on certain of the c. The risk of misstatement based on the nature and
work of the internal auditor after making a complexity of the matter being considered.
comprehensive assessment of the auditor and d. The professional certification or licensing by, or
his/her work. membership in, an appropriate professional body.
c. The external auditor may rely on the work of the
internal auditor if he/she is also a CPA. 46. When planning to use the work of an expert, the
d. There is no restriction in relying upon the work of auditor should assess the objectivity of the expert.
internal auditors. This will involve considering the expert's:
I. Professional certification or licensing by, or
41. External auditors would consider internal auditors membership in, an appropriate professional body.
effective if they are: II. Experience and reputation in the field in which the
a. Independent of the operating units being auditor is seeking audit evidence.
evaluated. III. Relationship to the entity.
b. Competent and well trained. a. I, II, III c. I and III
c. Have performed relevant audit tests of the b. I and II d. III only
internal controls and financial statements.
d. All of the above. 47. According to PSA 620, Using the Working of an
Auditor’s Expert, which is incorrect?
42. To assess the objectivity of the internal auditors, an a. The auditor shall not refer to the work of an
independent auditor would most likely auditor’s expert in an auditor’s report unless
a. Consider the professional qualifications and required by law or regulation to do so.
experience of the internal auditors. b. It may be appropriate to refer to the auditor’s
b. Consider the proper planning, supervision and expert in an auditor’s report containing a modified
documentation of internal auditor’s work. opinion to explain the nature of the modification.
c. Consider the nature and extent of the internal c. If the auditor makes reference to the work of an
auditors’ assignment. auditor’s expert in the auditor’s report, the auditor
d. Consider the organizational level to which the shall indicate in the auditor’s report that such
internal auditors report the results of their work. reference does not reduce the auditor’s
responsibility for that opinion.
43. Which statement is incorrect regarding the auditor’s d. The auditor may not need the permission of the
use of the work of an expert? auditor’s expert when making a reference in the
a. “Expert” means a person or firm possessing auditor’s report.
special skill, knowledge and experience in a
particular field other than accounting and
auditing. Audits of Considerations for Group Audit
b. When using the work performed by an expert, the
Group audit is the audit of group financial statements.
auditor should obtain sufficient appropriate audit
evidence that such work is adequate for the Group financial statements refer to financial statements
purposes of the audit. that include the financial information of more than one
c. The auditor's education and experience enable the component.
auditor to be knowledgeable about business
matters in general, but the auditor is not expected

Page 11 of 12 www.teamprtc.com.ph AT.3610

TEAM PRTC

A component is an entity or business activity for which Significant The group auditor or the component
group or component management prepares financial because it is auditor should perform one or more of:
information that should be included in the group financial likely to include • Audit component, adapted as
statements. significant risks necessary to the needs of the group
of material engagement team, using the
Component auditor is defined as an auditor who, at the misstatement materiality of the component.
request of the group engagement team, performs work on of the group • Audit one or more component
financial information related to a component for the group financial account balances, classes of
audit. statements transactions or disclosures that
relate to the significant risks.
To achieve the objectives set out above, the auditor • Perform specified audit procedures
performs risk-based audit procedures below: relating to the likely significant risks
of material misstatement of the
Risk Assessment group financial statements.
• Agree the terms of engagement to conclude client
acceptance and continuance decision. Answer question nos. 48 to 50:
• Establish and develop group audit plans. 48. When using the work of another auditor (component
• Determine group and component materiality. auditor), the principal auditor should ordinarily
• Obtain understanding of the group, its components perform the following procedure
and their environments, including component a. Obtain information regarding the professional
auditors, to identify and assess risks of material competence of the other auditor in the context of
misstatement. the specific assignment undertaken by the other
Risk Response auditor.
b. Advise the other auditor of the applicable
• Perform audit procedures on component or use work independence requirements as regards both the
of component auditor. entity and the component and obtain
• Perform procedures on consolidation process. representation as to his compliance with them.
• Communicate group audit requirements to component c. Advise the other auditor of the applicable
auditor. accounting, auditing and reporting requirements
and obtain representation of compliance.
Conclusion and reporting d. All of the above
• Perform procedures on subsequent events. 49. A group engagement partner decides not to refer to
• Evaluate audit evidence obtained and misstatements the audit of another CPA who audited a component of
identified to form an opinion. the overall group financial statements. After making
• Form opinion on group financial statements. inquiries about the other CPA’s professional reputation
• Communicate with management and TCWG of the and independence, the principal auditor most likely
group. would
• Complete audit documentation. a. Add an emphasis-of-matter paragraph.
Perform Audit Procedures on Component or Use Work of b. Document in the engagement letter that the
Component Auditor principal auditor assumes no responsibility for the
other CPA’s work and opinion.
The amount and nature of work required of the group c. Obtain written permission from the other CPA to
engagement team relating to that component depends omit the reference in the principal auditor’s
upon whether that component is considered to be report.
a significant component. d. Perform additional audit procedures based on the
significance of the subsidiary.
The following table summarizes the audit work ordinarily
needed for components. 50. In the auditor’s report, the group engagement partner
decides not to make reference to a component auditor
Not significant The group engagement team should who audited a client’s subsidiary. The group
perform analytical procedures at the
engagement partner could justify this decision if,
group level. Audit additional
among other requirements, he or she
components if sufficient appropriate
audit evidence has not been obtained.
a. Issues an unmodified opinion on the consolidated
financial statements.
Significant due The group auditor or component auditor
b. Learns that the component auditor issued an
to its individual should perform audit of component,
unmodified opinion on the subsidiary’s financial
financial adapted as necessary to the needs of
significance to the group engagement team, using the statements.
the group materiality of the component. c. Is unable to review the audit plan (programs) and
working papers of the component auditor.
d. Is satisfied as to the independence and
professional reputation of the other CPA.

***End***

Page 12 of 12 www.teamprtc.com.ph AT.3610