Fundamental Principles of Assurance & Audit Services – Core Vocabulary

Chapter 1 – Fundamental Principles of Assurance Services

Chapter overview

• 10 target competencies (concept, definition, planning, risk, levels, structures, non-assurance, global bodies, standards, Philippine adoption)
• Primary references: Philippine Framework for Assurance Engagements (PFAE), PSAE 3000 (Revised), Preface to Philippine Standards on QC, Auditing, Review, Other Assurance & Related Services

Assurance: concept & importance

• Decision-makers rely on information prepared by others ⇒ conflict of interest between provider & user
• Assurance = practitioner’s degree of satisfaction about reliability of an assertion made by one party for use by another
• Output is an assurance report that increases users’ confidence in the information

Typical business users & decisions

• Investors (buy/hold/sell, stewardship evaluation)
• BOD (dividend policy)
• Employees (entity’s ability to pay & grant benefits)
• Government (taxation, statistics, regulation)
• Lenders & creditors (loan security)

Assurance engagements – definition

• A three-party contract in which an independent practitioner expresses a conclusion to enhance intended users’ confidence about the outcome of evaluating/measuring a subject matter against suitable criteria
• Broad, info-quality–enhancement services; provided only by CPAs (or firms) who are independent and competent

Elements of an assurance engagement (3SECC)

1. Three-party relationship
   • Practitioner (independent; obeys ethical code; designs procedures; may use experts)
   • Responsible party (prepares subject matter or assertion)
   • Intended users (receive report; may be a subset if interests align)
2. Subject matter & subject-matter information
   • Forms: \text{FS}, control effectiveness statement, performance metrics, GHG statement, compliance statement, etc.
   • Qualitative vs quantitative, objective vs subjective, historical vs prospective, point-in-time vs period ⇒ affects precision & evidence persuasiveness
   • Appropriate when identifiable, consistently measurable, and auditable (records exist)
3. Suitable criteria – benchmarks for evaluation (formal, less formal, established, specifically developed)
   • Must be RUN CR: Relevant, Understandable, Neutral, Complete, Reliable
   • Communicated publicly, in subject-matter info, in report, or by general understanding
4. Sufficient appropriate evidence
   • Sufficiency = quantity; Appropriateness = relevance + reliability
   • Determinants (see Exhibit 1-2): materiality, engagement risk, cost-benefit, prof. judgment, skepticism
   • Evidence hierarchy: external > effective-control internal > direct > written > original
5. Conclusion / written report
   • Expresses reasonable (positive) or limited (negative) assurance
   • Possible opinions: Unmodified, Qualified (“except for”), Adverse, Disclaimer (“we do not express”)

Practitioner considerations when planning & performing

• Materiality: factors influencing user decisions; assessed quantitatively & qualitatively
• Assurance engagement risk (AER) =\text{Risk of misstatement} \times \text{Risk of non-detection}
  • Risk of misstatement = Inherent Risk (IR) + Control Risk (CR)
  • Non-detection = Detection Risk (DR)
• Cost-benefit constraint: necessary work may not be omitted solely because it is costly or difficult; alternatives first, else proceed
• Professional skepticism: questioning mind throughout; examples include reconciling discrepancies, authenticity checks, being alert for fraud indicators

Types of assurance engagements

By level of assurance

• Reasonable (high) – positive wording; example: audits (“In our opinion …”)
• Limited (moderate) – negative wording; example: reviews (“Nothing has come to our attention …”)

By structure

• Attestation / assertion-based
  • Responsible party measures & asserts; practitioner opines on that assertion
  • Includes financial statement audits, reviews, examinations of forecasts, etc.
• Direct (direct-reporting)
  • Practitioner measures/evaluates subject matter and reports results & conclusion directly
  • Example: reporting on effectiveness of internal control when management provides no separate assertion

Non-assurance engagements (lack ≥1 element)

• Agreed-upon procedures – report factual findings; users draw own conclusions (restricted use)
• Compilation – assemble info into FS; no assurance
• Tax services (returns preparation, consulting) – advice only
• Management advisory / consulting – recommendations for improvement

Summary: Assurance = opinion/conclusion; Non-assurance = advice/recommendation

Global professional infrastructure

• IFAC (1977; ~180 bodies / 3 million CPAs)
  • Standard-setting boards it supports:
  1. IAASB – auditing, assurance, QC
  2. IAESB (ceased 2019; education now under IFAC)
  3. IESBA – ethics (Code of Ethics & auditor independence)
  4. IPSASB – public-sector accounting

Philippine professional standards & adoption

• Issued by AASC (formerly ASPC); largely adopt IAASB pronouncements
  • Engagement standards: PSAs, PSRES, PSAES, PSRSS
  • Quality: PSQC
  • Related practice statements: PAPS, PREPSS, PAEPSS, PRSPSS
• Adoption process (Exhibit 1-7): workgroups draft → exposure ≥ 90 days → revisions → approval (≥ 10 votes) → PRC-BOA → Official Gazette
• Departures from standards allowed only in exceptional cases; CPA must justify

Chapter 2 – Introduction to Audit Services & Financial Statements Audit

Role & perception of audit services

• Audit is flagship CPA service globally; underpins market integrity & investor confidence
• Enhances credibility of information and deters misreporting

Definition & key concepts of audit (AAA)

• Systematic process of objectively obtaining & evaluating evidence regarding assertions about economic actions/events to ascertain correspondence with criteria and communicate results
• Key attributes:
  1. Structured methodology
  2. Objective evidence gathering & evaluation
  3. Use of criteria (e.g., GAAP)
  4. Communication via auditor’s report

Types of audit

By nature of assertions / data

1. Financial Statement (FS) audit – fairness of FS vs GAAP/IFRS
2. Operational (performance/management) audit – efficiency & effectiveness vs management objectives
3. Compliance audit – adherence to laws, regulations, contracts

By auditor

1. External (independent) auditors – public practitioners; can perform FS, operational, compliance for private entities
2. Internal auditors – in-house, report to audit committee; perform operational & compliance (not FS audit due to independence)
3. Government auditors – e.g., COA; focus on proper use of public funds; can audit GOCCs, etc.

Comparative snapshot

Notes:

• FS & compliance audits use established criteria; operational uses specifically developed
• Internal auditors assist management; not independent enough for statutory FS audit

Financial Statements (FS) audit specifics

Objective (PSA 200)

• Reasonable assurance that FS as a whole are free of material misstatement (fraud or error) ⇒ express opinion on conformity with framework & report accordingly

General principles

• Comply with Code of Ethics & PSAs
• Maintain professional skepticism & judgment
• Obtain sufficient appropriate evidence

Conceptual / theoretical framework (“VIC Bpl”)

• Verifiable data (supporting docs)
• Independence of auditor
• No long-term conflict with management
• Audit benefits public (adds credibility)
• Effective internal control reduces risk

Elements applied to FS audit

• Parties: Auditor (opinion), Management/TCWG (prepare FS, prevent & detect fraud, maintain controls), Users (rely on report)
• Subject matter: Management assertions within FS
• Criteria: GAAP / PFRS / IFRS or other disclosed framework
• Evidence: Sufficiency & appropriateness underpin audit risk model AR = IR \times CR \times DR
• Written report: Auditor’s report (types as earlier)

Modified opinions matrix

Assurance & inherent limitations (SEPIA)

1. Selective testing – sampling risk
2. Internal-control limitations – control risk
3. Persuasive, not conclusive evidence
4. Judgment permeation – non-sampling risk
5. Assertions’ nature – inherent risk
   ⇒ Absolute assurance impossible; residual audit risk remains

Demand for FS audit

• Business risk: events preventing org from meeting objectives ⇒ need sound decisions
• Information risk: probability info is misstated; inverse of reliability (5 % risk = 95 % reliability)

Info-risk drivers (Voluminous, Complex, Remote, Conflict)

• Large transaction volume
• Complex transactions
• User remoteness from records
• Management conflict of interest

How users mitigate info risk

1. Verify information themselves – usually impractical
2. Have FS audited – leverages auditor’s independence & expertise
3. Share risk with management – legal recourse for losses

Extra conditions creating audit need (CERF)

• Conflict of interest, Expertise requirement, Remoteness of users, Financial consequence

Statutory & regulatory audit requirements (Philippines)

Revised SRC Rule 68 thresholds (audited FS to SEC)

• Stock & non-stock corps, foreign branches, regional HQs with \ge P600{,}000 assets or liabilities; others: thresholds listed per entity type (see transcript)

Tax code (NIRC § 232 A)

• Audit & AIF required when gross annual sales/receipts > P3{,}000{,}000

Value of FS audit

• Reduces information risk ⇒ lower cost of capital
• Deters fraud & inefficiency by independent scrutiny
• Enhances internal controls by identifying deficiencies & recommending improvements

Key formulas / quantitative references

• Reliability level = 1 - \text{Information Risk}
• Audit Risk Model AR = IR \times CR \times DR
• Engagement Risk (general) =\text{Risk of material misstatement} \times \text{Risk of non-detection}