0% found this document useful (0 votes)
112 views82 pages

Risk-Based Audit Approach

The document discusses the risk-based audit approach which begins by assessing types and likelihood of misstatements and adjusting audit work accordingly. It then outlines the three phases of the risk-based audit process: risk assessment, risk response, and reporting. Each phase involves specific activities like planning, risk identification, response design, and opinion formation.

Uploaded by

Joy Hazel Romero
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
112 views82 pages

Risk-Based Audit Approach

The document discusses the risk-based audit approach which begins by assessing types and likelihood of misstatements and adjusting audit work accordingly. It then outlines the three phases of the risk-based audit process: risk assessment, risk response, and reporting. Each phase involves specific activities like planning, risk identification, response design, and opinion formation.

Uploaded by

Joy Hazel Romero
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 82

Risk-based Audit Approach

Risk-based Audit Approach


Audit approach that begins with assessment of types and likelihood of misstatements in balances and then
adjusts the amount and type of audit work to the likelihood of material misstatement occurring

LIMITATIONS:
1. Inherent Risk
2. Treat risks as independent and separate
3. Professional Judgment
4. Inaccuracy
THE RISK - BASED AUDIT PROCESS
 Phase I. Risk Assessment: This phase involves the following activities:
 a. Performance of preliminary engagement activities to decide whether to accept / continue an audit
engagement.
 b. Planning the audit to develop an overall audit strategy and audit plan. –
 c. Performance of risk assessment procedures to identify / assess risk of, material misstatement through
understanding the entity.

 Phase II. Risk Response This phase covers the following activities:
 a. Designing overall responses and further audit procedures to develop appropriate responses to the
assessed risk of material misstatement.
 b. Implementing responses to assessed risk of material misstatement to reduce audit risk to an acceptably
low level.
THE RISK - BASED AUDIT PROCESS
 Phase III. Reporting : This phase involves the following activities:

 a. Evaluating the audit evidence obtained to determine what additional audit work (if any) is required.

 b. Forming an opinion based on audit findings and preparing the auditor's report.
Nature of Risk
Risk is a concept used to express uncertainty about events and/or their outcomes that
could have a material effect on the organization.

The four critical components of risk that are relevant


 1. Audit Risk. The risk that an auditor may give an unqualified opinion on financial statements that are
materially misstated,
 2. Engagement Risk. The economic risk that a CPA Firm is exposed to, simply because it is associated with a
particular client including loss of reputation, inability of the client to pay the auditor, or financial loss
because management is not honest and inhibits the audit process. Engagement risk is controlled by careful
selection and retention of client.
 3. Financial Reporting Risk. Those risks that relate directly to the recording of transactions and the
presentation of financial data in an organization's financial statements.
 4. Business Risk. Those risks that affect the operations and potential outcomes of organizational activities.
PHASE I-A: PERFORMANCE OF PRELIMINARY
ENGAGEMENT ACTIVITIES
 At the beginning of the current audit engagement, the auditor should perform the following activities:
 a. Perform procedures required by PSA 220, "Quality Control of an Audit of Financial Statements"
regarding the continuance of the client relationship and the specific audit engagement.

 b. Evaluate compliance with ethical requirements, including independence as required by PSA 220.

 c. Establish an understanding of the terms of engagement as required by PSA 210, "Agreeing the Terms of
Audit Engagements
PSA 220 (Redrafted) (Effective for audits of financial statements for
periods beginning on or after December 15, 2009)

 The firm has an obligation to establish and maintain a system of quality control to provide it with
reasonable assurance that:

 (a) The firm and its personnel comply with professional standards and regulatory and legal requirements;
and

 (b) The reports issued by the firm or engagement partners are appropriate in the circumstances
PSA 220 (Redrafted) (Effective for audits of financial statements for
periods beginning on or after December 15, 2009)

 Engagement partner – The partner or other person in the firm who is responsible for the audit
engagement and its performance, and for the auditor’s report that is issued on behalf of the firm, and
who, where required, has the appropriate authority from a professional, legal or regulatory body.

 Engagement quality control review – A process designed to provide an objective evaluation, on or


before the date of the auditor’s report, of the significant judgments the engagement team made and
the conclusions it reached in formulating the auditor’s report.

 Engagement team – All partners and staff performing the engagement, and any individuals engaged by
the firm or a network firm who perform audit procedures on the engagement. This excludes an
auditor’s external expert engaged by the firm or a network firm.
PHASE I-A: PERFORMANCE OF PRELIMINARY
ENGAGEMENT ACTIVITIES
a. Perform procedures required by PSA 220, "Quality Control of an Audit of Financial Statements" regarding
the continuance of the client relationship and the specific audit engagement.

Acceptance and Continuance of Client Relationships and Audit Engagements


The engagement partner shall be satisfied that appropriate procedures regarding the acceptance and
continuance of client relationships and audit engagements have been followed, and shall determine that
conclusions reached in this regard are appropriate. (Ref: Para. A8-A9)
If the engagement partner obtains information that would have caused the firm to decline the audit
engagement had that information been available earlier, the engagement partner shall communicate that
information promptly to the firm, so that the firm and the engagement partner can take the necessary
action.
PHASE I-A: PERFORMANCE OF PRELIMINARY
ENGAGEMENT ACTIVITIES
Information such as the following assists the engagement partner in determining whether the conclusions
reached regarding the acceptance and continuance of client relationships and audit engagements are
appropriate:

• The integrity of the principal owners, key management and those charged with governance of the
entity;
• Whether the engagement team is competent to perform the audit engagement and has the necessary
capabilities, including time and resources;
• Whether the firm and the engagement team can comply with relevant ethical requirements; and
• Significant matters that have arisen during the current or previous audit engagement, and their
implications for continuing the relationship.
PHASE I-A: PERFORMANCE OF PRELIMINARY
ENGAGEMENT ACTIVITIES
b. Evaluate compliance with ethical requirements, including independence as required by PSA 220.
 The engagement partner shall form a conclusion on compliance with independence requirements that
apply to the audit engagement. In doing so, the engagement partner shall:
(a) Obtain relevant information from the firm and, where applicable, network firms, to identify and
evaluate circumstances and relationships that create threats to independence;
(b) Evaluate information on identified breaches, if any, of the firm’s independence policies and
procedures to determine whether they create a threat to independence for the audit engagement;
and
(c) Take appropriate action to eliminate such threats or reduce them to an acceptable level by applying
safeguards, or, if considered appropriate, to withdraw from the audit engagement, where withdrawal
is permitted by law or regulation. The engagement partner shall promptly report to the firm any
inability to resolve the matter for appropriate action.
PSA 220 (Redrafted) (Effective for audits of financial statements for
periods beginning on or after December 15, 2009)

 INTERNATIONAL STANDARD ON AUDITING 220 QUALITY MANAGEMENT FOR AN AUDIT OF FINANCIAL


STATEMENTS

 (Effective for audits of financial statements for periods beginning on or after December 15, 2022)
Philippine Standard on Auditing 210 (Redrafted)
AGREEING THE TERMS OF AUDIT
ENGAGEMENTS

(Effective for audits of financial statements for periods


beginning on or after December 15, 2009)
Objective

The objective of the auditor is to accept or continue an audit engagement


only when the basis upon which it is to be performed has been agreed,
through:

(a) Establishing whether the preconditions for an audit are present; and

(b) Confirming that there is a common understanding between the auditor


and management and, where appropriate, those charged with governance of
the terms of the audit engagement.
Preconditions for an Audit
6. In order to establish whether the preconditions for an audit are present,
the auditor shall:

(a) Determine whether the financial reporting framework to be applied in


the preparation of the financial statements is acceptable; and

For purposes of the PSAs, the applicable


financial reporting framework provides the criteria the auditor uses to audit
the financial statements, including where relevant their fair presentation.
Factors that are relevant to the auditor’s determination of the acceptability
of the financial reporting framework to be applied in the preparation of the
financial statements include:

• The nature of the entity


• The purpose of the financial statements
• The nature of the financial statements; and
• Whether law or regulation prescribes the applicable financial reporting
framework.
Financial statements prepared in accordance with a financial reporting
framework designed to meet the common financial information needs of a
wide range of users are referred to as general purpose financial statements.

In some cases, the financial statements will be prepared in accordance with


a financial reporting framework designed to meet the financial information
needs of specific users. Such financial statements are referred to as special
purpose financial statements. The financial information needs of the
intended users will determine the applicable financial reporting framework
in these circumstances
(b) Obtain the agreement of management that it acknowledges and
understands its responsibility: (Ref: Para A11-A14, A20)

(i) For the preparation of the financial statements in accordance with the
applicable financial reporting framework, including where relevant
their fair presentation; (Ref: Para. A15)

(ii) For such internal control as management determines is necessary to


enable the preparation of financial statements that are free from
material misstatement, whether due to fraud or error; and (Ref: Para.
A16-A19)
(iii) To provide the auditor with

a. Access to all information of which management is aware that


is relevant to the preparation of the financial statements such
as records, documentation and other matters;

b. Additional information that the auditor may request from


management for the purpose of the audit; and

c. Unrestricted access to persons within the entity from whom


the auditor determines it necessary to obtain audit evidence.
If the preconditions for an audit are not present, the auditor shall discuss the
matter with management. Unless required by law or regulation to do so, the
auditor shall not accept the proposed audit engagement:

(a) If the auditor has determined that the financial reporting framework to
be applied in the preparation of the financial statements is unacceptable,
except as provided in paragraph 19; or

(b) If the agreement referred to in paragraph 6(b) has not been obtained
If the auditor has determined that the financial reporting framework prescribed by law or regulation
would be unacceptable but for the fact that it is prescribed by law or regulation, the auditor shall
accept the audit engagement only if the following conditions are present:

(a) Management agrees to provide additional disclosures in the financial statements required to avoid
the financial statements being misleading; and

(b) It is recognized in the terms of the audit engagement that:

(i) The auditor’s report on the financial statements will incorporate an Emphasis of Matter
paragraph, drawing users’ attention to the additional disclosures, in accordance with PSA 706 (Revised
and Redrafted);and

(ii) Unless the auditor is required by law or regulation to express the auditor’s opinion on the
financial statements by using the phrases “present fairly, in all material respects” in accordance with
the applicable financial reporting framework, the auditor’s opinion on the financial statements will not
include such phrases.
Subject to paragraph 11, the agreed terms of the audit engagement shall be
recorded in an audit engagement letter or other suitable form of written
agreement and shall include:

(a) The objective and scope of the audit of the financial statements;
(b) The responsibilities of the auditor;
(c) The responsibilities of management;
(d) Identification of the applicable financial reporting framework for the
preparation of the financial statements; and
(e) Reference to the expected form and content of any reports to be issued
by the auditor and a statement that there may be circumstances in which a
report may differ from its expected form and content
Recurring Audits

13. On recurring audits, the auditor shall assess whether circumstances


require the terms of the audit engagement to be revised and whether there
is a need to remind the entity of the existing terms of the audit engagement.
The auditor may decide not to send a new audit engagement letter or other written
agreement each period. However, the following factors may make it appropriate to revise
the terms of the audit engagement or to remind the entity of existing terms:

• Any indication that the entity misunderstands the objective and scope of the audit.
• Any revised or special terms of the audit engagement.
• A recent change of senior management.
• A significant change in ownership.
• A significant change in nature or size of the entity’s business.
• A change in legal or regulatory requirements.
• A change in the financial reporting framework adopted in the preparation of the financial
statements.
• A change in other reporting requirements.
PHILIPPINE STANDARD ON AUDITING 300 (REDRAFTED)
PLANNING AN AUDIT OF FINANCIAL STATEMENTS
(Effective for audits of financial statements for periods beginning
on or after December 15, 2009)

Objective
The objective of the auditor is to plan the audit so that it
will be performed in an effective manner.
Planning Activities
6. The auditor shall establish an overall audit
strategy that
>sets the scope, timing and direction of the audit,
and
>that guides the development of the audit plan.
In establishing the overall audit strategy, the auditor shall:
(a) Identify the characteristics of the engagement that define its scope;
(b) Ascertain the reporting objectives of the engagement to plan the timing
of the audit and the nature of the communications required;
(c) Consider the factors that, in the auditor’s professional judgment, are
significant in directing the engagement team’s efforts;
(d) Consider the results of preliminary engagement activities and, where
applicable, whether knowledge gained on other engagements performed by
the engagement partner for the entity is relevant; and
(e) Ascertain the nature, timing and extent of resources necessary to
perform the engagement.
In establishing the overall audit strategy, the auditor shall:
(a) Identify the characteristics of the engagement that define its
scope;
Characteristics of the Engagement
• The financial reporting framework on which the financial information to be audited
has been prepared, including any need for reconciliations to another financial
reporting framework.
• Industry-specific reporting requirements such as reports mandated by industry
regulators.
• The expected audit coverage, including the number and locations of components
to be included.
• The nature of the control relationships between a parent and its components that
determine how the group is to be consolidated.
In establishing the overall audit strategy, the auditor shall:

(b) Ascertain the reporting objectives of the engagement to


plan the timing of the audit and the nature of the
communications required;
• The entity's timetable for reporting, such as at interim and final stages.

• The organization of meetings with management and those charged with


governance to discuss the nature, timing and extent of the audit work.

• The discussion with management and those charged with governance


regarding the expected type and timing of reports to be issued and other
communications,
In establishing the overall audit strategy, the auditor
shall:

(c) Consider the factors that, in the auditor’s


professional judgment, are significant in directing
the engagement team’s efforts;
• The determination of appropriate materiality levels
• Preliminary identification of areas where there may be a higher risk of
material misstatement.
In establishing the overall audit strategy, the auditor shall:
(e) Ascertain the nature, timing and extent of resources
necessary to perform the engagement.
The selection of the engagement team (including, where necessary, the
engagement quality control reviewer) and the assignment of audit work to
the team members, including the assignment of appropriately experienced
team members to areas where there may be higher risks of material
misstatement.
• Engagement budgeting, including considering the appropriate amount of
time to set aside for areas where there may be higher risks of material
misstatement.
The auditor shall develop an audit plan that shall include a description
of:

(a) The nature, timing and extent of planned risk assessment


procedures, as determined under PSA 315, “Identifying and Assessing
the Risks of Material Misstatement Through Understanding the Entity
and Its Environment.”

(b) The nature, timing and extent of planned further audit procedures
at the assertion level, as determined under PSA 330, “The Auditor’s
Responses to Assessed Risks.”

(c) Other planned audit procedures that are required to be carried out
so that the engagement complies with PSAs.
Documentation
11. The auditor shall document:

(a) The overall audit strategy;

(b) The audit plan; and

(c) Any significant changes made during the audit engagement to the
overall audit strategy or the audit plan, and the reasons for such
changes. (Ref: Para. A17-A20)
Additional Considerations in Initial Audit Engagements
12. The auditor shall undertake the following activities prior to starting
an initial audit:

(a) Performing procedures required by PSA 220 regarding the


acceptance of the client relationship and the specific audit
engagement; and

(b) Communicating with the predecessor auditor, where there has


been a change of auditors, in compliance with relevant ethical
requirements
PHILIPPPINE STANDARD ON AUDITING 610
(REDRAFTED)

USING THE WORK OF INTERNAL AUDITORS


(Effective for audits of financial statements for periods beginning on
or after December 15, 2009)
Objectives
6. The objectives of the external auditor, where the entity has an
internal audit function that the external auditor has determined is
likely to be relevant to the audit, are to determine:

(a) Whether, and to what extent, to use specific work of the internal
auditors;
And

(b) If so, whether such work is adequate for the purposes of the audit.
Determining Whether and to What Extent to Use the Work of the
Internal Auditors
8. The external auditor shall determine:

(a) Whether the work of the internal auditors is likely to be adequate


for purposes of the audit; and

(b) If so, the planned effect of the work of the internal auditors on the
nature, timing or extent of the external auditor’s procedures.
In determining whether the work of the internal auditors is likely to be
adequate for purposes of the audit, the external auditor shall evaluate:

(a) The objectivity of the internal audit function;


(b) The technical competence of the internal auditors;
(c) Whether the work of the internal auditors is likely to be carried out
with due professional care; and
(d) Whether there is likely to be effective communication between the
internal auditors and the external auditor
10. In determining the planned effect of the work of the internal
auditors on the nature, timing or extent of the external auditor’s
procedures, the external auditor shall consider:

(a) The nature and scope of specific work performed, or to be


performed, by the internal auditors;
(b) The assessed risks of material misstatement at the assertion level
for particular classes of transactions, account balances, and
disclosures; and
(c) The degree of subjectivity involved in the evaluation of the audit
evidence gathered by the internal auditors in support of the relevant
assertions. (Ref: Para. A5)
PHILIPPINE STANDARD ON AUDITING 620
(REVISED AND REDRAFTED)
USING THE WORK OF AN AUDITOR’S EXPERT(Effective for audits of financial statements
for periods beginning on or after December 15, 2009)
The Auditor’s Responsibility for the Audit Opinion

The auditor has sole responsibility for the audit opinion expressed,
and that responsibility is not reduced by the auditor’s use of the work
of an auditor’s expert.

Nonetheless, if the auditor using the work of an auditor’s expert,


having followed this PSA, concludes that the work of that expert is
adequate for the auditor’s purposes, the auditor may accept that
expert’s findings or conclusions in the expert’s field as appropriate
audit evidence.
(a) Auditor’s expert – An individual or organization possessing expertise in a
field other than accounting or auditing, whose work in that field is used by
the auditor to assist the auditor in obtaining sufficient appropriate audit
evidence.

An auditor’s expert may be either an auditor’s internal expert (who is a


Partner or staff, including temporary staff, of the auditor’s firm or a network
firm), or an auditor’s external expert. (Ref: Para. A1-A3)

(b) Expertise – Skills, knowledge and experience in a particular field.

(c) Management’s expert – An individual or organization possessing


expertise in a field other than accounting or auditing, whose work in that
field is used by the entity to assist the entity in preparing the financial
statements.
Determining the Need for an Auditor’s Expert
7. If expertise in a field other than accounting or auditing is necessary
to obtain sufficient appropriate audit evidence, the auditor shall
determine whether to use the work of an auditor’s expert.

The Competence, Capabilities and Objectivity of the Auditor’s Expert


9. The auditor shall evaluate whether the auditor’s expert has the
necessary competence, capabilities and objectivity for the auditor’s
purposes. In the case of an auditor’s external expert, the evaluation of
objectivity shall include inquiry regarding interests and relationships
that may create a threat to that expert’s objectivity
Obtaining an Understanding of the Field of Expertise of the Auditor’s
Expert

10. The auditor shall obtain a sufficient understanding of the field of


expertise of the auditor’s expert to enable the auditor to: (Ref:
Para. A21-A22)

(a)Determine the nature, scope and objectives of that expert’s work


for the auditor’s purposes; and

(b) Evaluate the adequacy of that work for the auditor’s purposes.
11. The auditor shall agree, in writing when appropriate, on the following
matters with the auditor’s expert: (Ref: Para. A23-A26)

(a) The nature, scope and objectives of that expert’s work; (Ref: Para.
A27)

(b) The respective roles and responsibilities of the auditor and that
expert; (Ref: Para. A28-A29)

(c) The nature, timing and extent of communication between the auditor
and that
expert, including the form of any report to be provided by that expert;
and (Ref: Para. A30)

(d) The need for the auditor’s expert to observe confidentiality


requirements. (Ref: Para. A31)
12. The auditor shall evaluate the adequacy of the auditor’s expert’s
work for the auditor’s purposes, including: (Ref: Para. A32)

(a) The relevance and reasonableness of that expert’s findings or


conclusions, and their consistency with other audit evidence; (Ref:
Para. A33-A34)

(b) If that expert’s work involves use of significant assumptions and


methods, the relevance and reasonableness of those assumptions
and methods in the circumstances; and (Ref: Para. A35-A37)

(c) If that expert’s work involves the use of source data that is
significant to that expert’s work, the relevance, completeness, and
accuracy of that source data. (Ref: Para. A38-A39)
13. If the auditor determines that the work of the auditor’s expert is
not adequate for the auditor’s purposes, the auditor shall: (Ref:
Para. A40)

(a) Agree with that expert on the nature and extent of further work
to be performed by that expert; or

(b) Perform further audit procedures appropriate to the


circumstances.
Reference to the Auditor’s Expert in the Auditor’s Report
14. The auditor shall not refer to the work of an auditor’s expert in
an auditor’s report containing an unmodified opinion unless required
by law or regulation to do so. If such reference is required by law or
regulation, the auditor shall indicate in the auditor’s report that the
reference does not reduce the auditor’s responsibility for the audit
opinion.

15. If the auditor makes reference to the work of an auditor’s expert


in the auditor’s report because such reference is relevant to an
understanding of a modification to the auditor’s opinion, the auditor
shall indicate in the auditor’s report that such reference does not
reduce the auditor’s responsibility for that opinion.
PHILIPPINE STANDARD ON AUDITING 315 (REDRAFTED)
IDENTIFYING AND ASSESSING THE RISKS OF
MATERIAL MISSTATEMENT THROUGH UNDERSTANDING
THE ENTITY AND ITS ENVIRONMENT
(Effective for audits of financial statements for periods beginning on or after December 15, 2009)
Obtaining an understanding of the entity and its environment, including the
entity’s internal control (referred to hereafter as an “understanding of the
entity”), is a continuous, dynamic process of gathering, updating and analyzing
information throughout the audit. The understanding establishes a frame of
reference within which the auditor plans the audit and exercises professional
judgment throughout the audit.
The Entity and Its Environment
11. The auditor shall obtain an understanding of the following:
(a)Relevant industry, regulatory, and other external factors including the
applicable financial reporting framework. (Ref: Para. A15-A20)

(b) The nature of the entity, including:


(i) Its operations;
(ii) Its ownership and governance structures;
(iii) The types of investments that the entity is making and plans to make; and
(iv) The way that the entity is structured and how it is financed, to enable the
auditor to understand the classes of transactions, account balances, and
disclosures to be expected in the financial statements. (Ref: Para. A21-
A23)

(c) The entity’s selection and application of accounting policies, including the
reasons for changes thereto.
(d) The entity’s objectives and strategies, and those related business risks that
may result in risks of material misstatement.

The entity’s management or those charged with governance define objectives, which
are the overall plans for the entity. Strategies are the approaches by which management intends
to achieve its objectives. The entity’s objectives and strategies may change over time.

An understanding of the business risks facing the entity increases the likelihood of identifying risks of
material misstatement, since most business risks will eventually have financial consequences and, therefore, an effect
on the financial statements.

(e) The measurement and review of the entity’s financial performance. (Ref:
Para. A32-A37)

Management and others will measure and review those things they regard as important. Performance
measures, whether external or internal, create pressures on the entity. These pressures, in turn, may
motivate management to take action to improve the business performance or to misstate the financial
statements.
The Entity and Its Environment
11. The auditor shall obtain an understanding of the following:
(a)Relevant industry, regulatory, and other external factors including the applicable financial
reporting framework. (Ref: Para. A15-A20)

Relevant industry factors include industry conditions such as the competitive environment,
supplier and customer relationships, and technological developments.

The regulatory environment encompasses, among other matters, the applicable financial
reporting framework and the legal and political environment.

Examples of other external factors affecting the entity that the auditor may consider include
the general economic conditions, interest rates and availability of financing, and inflation or
currency revaluation.
The Entity and Its Environment
(b) The nature of the entity, including:
(i) Its operations;
(ii) Its ownership and governance structures;
(iii) The types of investments that the entity is making and plans to make; and
(iv) The way that the entity is structured and how it is financed, to enable the auditor to understand the
classes of transactions, account balances, and disclosures to be expected in the financial statements. (Ref:
Para. A21- A23)

Examples of matters that the auditor may consider when obtaining an understanding of the nature of the
entity include:

• Business operations – such as: ○ Nature of revenue sources, products or services, and markets, including
involvement in electronic commerce such as Internet sales and marketing activities.

Investments and investment activities – such as: ○ Planned or recently executed acquisitions or
divestitures. ○ Investments and dispositions of securities and loans.

Financial reporting – such as: ○ Accounting principles and industry specific practices, including industry
specific significant categories (for example, loans and investments for banks, or research and development
for pharmaceuticals). ○ Revenue recognition practices
Risk assessment procedures – The audit procedures
performed to obtain an understanding of the entity and its
environment, including the entity’s internal control, to
identify and assess the risks of material misstatement,
whether due to fraud or error, at the financial statement
and assertion levels.
The risk assessment procedures shall include the following:

(a) Inquiries of management, and of others within the entity who in


the auditor’s judgment may have information that is likely to
assist in identifying risks of material misstatement due to fraud
or error. (Ref: Para. A6)

• Towards those charged with governance


• Toward internal audit personnel m
• Inquiries of employees involved in initiating, processing or recording complex or unusual
transactions
• Inquiries directed toward in-house legal counsel
• Inquiries directed towards marketing or sales personnel
The risk assessment procedures shall include the following:

b. Analytical procedures. (Ref: Para. A7-A8)


Unusual or unexpected relationships that are identified may assist the
auditor in identifying risks of material misstatement, especially risks of
material misstatement due to fraud.

c. Observation and inspection. (Ref: Para. A9)


Observation and inspection may support inquiries of management
and others, and may also provide information about the entity and
its environment.
General on Analytical Procedures
1/3

 Timing of analytical procedures


 Risk assessment (sometimes referred to as planning
analytical procedures)
 Substantive procedures
 Final review

 Steps involved
 Develop expectation of account (or ratio) balance
 Determine amount of difference that can be accepted without
investigation
 Compare the company’s account (ratio) with the expectation
 Investigate and evaluate significant differences
General on Analytical Procedures
2/3

 Developing an expectation
 Prior period information
 Anticipated results
 Relationships among elements of financial information within a
period
 Industry information
 Relationships between financial information and relevant
nonfinancial data
General on Analytical Procedures
3/3

 Types of Expectations
 Trendanalysis—analyze changes in accounts of a
company over time
 Ratioanalysis — compare relationships between two or
more financial statement accounts or comparisons of
account balances to nonfinancial data
 Liquidity (e.g., current ratio)
 Leverage (e.g., debt to equity)
 Profitability (e.g., gross profit percentage)
 Activity (e.g., inventory turnover)
Identifying and Assessing the Risks of Material Misstatement

24. The auditor shall identify and assess the risks of material
misstatement at:

(a) The financial statement level; and (Ref: Para. A98-A101)

(b) The assertion level for classes of transactions, account balances,


and disclosures, (Ref: Para. A102-A106)

to provide a basis for designing and performing further audit


procedures.
Risks of material misstatement at the
financial statement level
 Refer to risks that relate pervasively to the financial statements as a whole and
potentially affect many assertions.
 Financial statement level risks may be especially relevant to the auditor’s consideration of
the risks of material misstatement arising from fraud.
 Risks at the financial statement level may derive in particular from a weak control
environment
 Risks at the financial statement level are those that relate to the overall financial
statements and potentially affect many individual assertions
Risks of material misstatement at the
assertion level for classes of transactions,
account balances, and disclosures
Assertions – Representations by management, explicit or otherwise, that are
embodied in the financial statements, as used by the auditor to consider the
different types of potential misstatements that may occur.

 (a) Assertions about classes of transactions and events for the period under audit:
(i) Occurrence—transactions and events that have been recorded have occurred and
pertain to the entity.
(ii) Completeness—all transactions and events that should have been recorded have
been recorded.
(iii) Accuracy—amounts and other data relating to recorded transactions and events
have been recorded appropriately.
(iv) Cutoff—transactions and events have been recorded in the correct accounting
period.
(v) Classification—transactions and events have been recorded in the proper accounts.
Assertions – Representations by management, explicit or otherwise, that are
embodied in the financial statements, as used by the auditor to consider the
different types of potential misstatements that may occur.

 (b) Assertions about account balances at the period end:


(i) Existence—assets, liabilities, and equity interests exist.
(ii) Rights and obligations—the entity holds or controls the rights to assets,
and liabilities are the obligations of the entity.
(iii) Completeness—all assets, liabilities and equity interests that should have
been recorded have been recorded.
(iv) Valuation and allocation—assets, liabilities, and equity interests are
included in the financial statements at appropriate amounts and any
resulting valuation or allocation adjustments are appropriately recorded.
Assertions – Representations by management, explicit or otherwise, that are
embodied in the financial statements, as used by the auditor to consider the
different types of potential misstatements that may occur.

 (c) Assertions about presentation and disclosure:


(i) Occurrence and rights and obligations—disclosed events, transactions, and
other matters have occurred and pertain to the entity.
(ii) Completeness—all disclosures that should have been included in the
financial statements have been included.
(iii) Classification and understandability—financial information is appropriately
presented and described, and disclosures are clearly expressed.
(iv) Accuracy and valuation—financial and other information are disclosed
fairly and at appropriate amounts.
Financial Statement Assertions: Auditing
Standards Board and International Standards
Accounts Transactions Disclosures
Existence Occurrence Occurrence
Rights and Rights and
obligations obligations
Completeness Completeness Completeness
Valuation and Accuracy Accuracy and
allocation valuation
Cutoff
Classification Classification and
understandability

©McGraw-Hill Education.
Audit Risk

 The possibility that the auditors may unknowingly


fail to appropriately modify their opinion on
financial statements that are materially
misstated.
 Thisis the risk that the auditors will issue an
unqualified opinion on financial statements that
contain a material departure from GAAP.
 Auditors must obtain sufficient appropriate audit
evidence to reduce audit risk to a low level in
every audit.
The Risk of Material Misstatement (Inherent Risk and Control Risk)
 Risks of the ENTITY and they exist independently of the audit of FS, which
means that the auditor has no control over them or that the auditor can not
manipulate them in any way during the audit

 Inherent risk is the possibility of material misstatement of an assertion


before considering the client’s internal control. Factors that affect inherent
risk relate to either the nature of the client and its environment or the
nature of the particular financial statement element.
 Inassessing inherent risk, it is often useful to segregate transactions into
three types— routine, nonroutine [High IR], and estimation [High IR]
Inherent Risk

 Factors that affect inherent risk:


 Nature of the client and its environment
 Nature of the particular financial statement element
 Business characteristics indicative of high inherent risk:
 Inconsistent profitability of client
 Operating results highly sensitive to economic factors
 Going concern problems
 Large misstatements detected in prior audits
 Substantial turnover, questionable reputation, or inadequate
accounting skills of the accounting department

©McGraw-Hill Education.
Assertions with High Inherent Risk

 Involve:
 Difficult-to-audit transactions or balances
 Complex calculations
 Difficult accounting issues
 Significant judgment by management
 Valuations that vary significantly based on economic factors

©McGraw-Hill Education.
Types of Transactions

 Routine
 Recurring financial statement activities recorded in the
accounting records in the normal course of business
 Lower inherent risk
 Nonroutine
 Involve activities that occur only periodically such as the
taking of physical inventories
 High inherent risk
 Estimation transactions
 Activities that create accounting estimates
 Higher inherent risk
©McGraw-Hill Education.
The Risk of Material Misstatement (Inherent Risk and Control Risk)

 Control risk is the risk that a material misstatement could occur in a


relevant assertion and not be prevented or detected on a timely basis by the
client’s internal control.

It is a function of the effectiveness of both the design and operation of


internal control in achieving the client’s objectives relevant to the preparation
of its financial statements.
Detection risk

 The risk that the auditors will fail to detect a material misstatement that
exists in a relevant assertion.

 Detection risk is a function of the effectiveness of the audit procedures and


their application by the auditors.
THE AUDIT RISK MODEL

 AUDIT RISK = INHERENT RISK X CONTROL RISK X DETECTION RISK

 Used as a planning tool (Actual Level may be greater)


 Based on professional judgment
The auditor shall:

(a) Identify risks throughout the process of obtaining an understanding of the entity
and its environment

(b) Assess the identified risks, and evaluate whether they relate more pervasively to
the financial statements as a whole and potentially affect many assertions;

(c) Relate the identified risks to what can go wrong at the assertion level, taking
account of relevant controls that the auditor intends to test; and

(d) Consider the likelihood of misstatement, including the possibility of multiple


misstatements, and whether the potential misstatement is of a magnitude that could
result in a material misstatement.
Significant risk
 In exercising judgment as to which risks are significant risks, the auditor shall consider at
least the following:
 (a) Whether the risk is a risk of fraud;
 (b) Whether the risk is related to recent significant economic, accounting or other
developments and, therefore, requires specific attention;
 (c) The complexity of transactions;
 (d) Whether the risk involves significant transactions with related parties;
 (e) The degree of subjectivity in the measurement of financial information related to the
risk, especially those measurements involving a wide range of measurement uncertainty;
and
 (f) Whether the risk involves significant transactions that are outside the normal course of
business for the entity, or that otherwise appear to be unusual.
PHILIPPINE STANDARD ON AUDITING 320
(REVISED AND REDRAFTED)
MATERIALITY IN PLANNING AND PERFORMING AN AUDIT
(Effective for audits of financial statements for periods beginning on
or after December 15, 2009)
Materiality generally explain that:

• Misstatements, including omissions, are considered to be material


if they, individually or in the aggregate, could reasonably be
expected to influence the economic decisions of users taken on the
basis of the financial statements;

• Judgments about materiality are made in light of surrounding


circumstances, and are affected by the size or nature of a
misstatement, or a combination of both; and

• Judgments about matters that are material to users of the


financial statements are based on a consideration of the common
financial information needs of users as a group.
The auditor’s determination of materiality is a matter of professional judgment,
and is affected by the auditor’s perception of the financial information needs of
users of the financial statements. In this context, it is reasonable for the
auditor to assume that users:

(a)Have a reasonable knowledge of business and economic activities and


accounting and a willingness to study the information in the financial
statements with reasonable diligence;
(b)Understand that financial statements are prepared, presented and audited
to levels of materiality;
(c)Recognize the uncertainties inherent in the measurement of amounts based
on the use of estimates, judgment and the consideration of future events;
and
(d)Make reasonable economic decisions on the basis of the information in the
financial statements.
In planning the audit, the auditor makes judgments about the size of
misstatements that will be considered material.

These judgments provide a basis for:

(a)Determining the nature, timing and extent of risk assessment


procedures;
(b)Identifying and assessing the risks of material misstatement; and
(c)Determining the nature, timing and extent of further audit
procedures.
Determining Materiality and Performance Materiality when Planning
the Audit

When establishing the overall audit strategy, the auditor shall


determine materiality for the financial statements as a whole.

If, in the specific circumstances of the entity, there is one or more


particular classes of transactions, account balances or disclosures
for which misstatements of lesser amounts than materiality for the
financial statements as a whole could reasonably be expected to
influence the economic decisions of users taken on the basis of the
financial statements, the auditor shall also determine the
materiality level or levels to be applied to those particular classes of
transactions, account balances or disclosures.

You might also like