CHAPTER 9
OVERVIEW OF RISK-BASED AUDIT PROCESS
Introduction
-audit process - primarily an evidence-gathering process
3 phases:
1.
2.
3.
Risk assessment
Risk response
Reporting
*issuing a report - always the final phase
*auditors often finalize the audit program after performing the tests of controls
-reasonable assurance - is intended to inform the users that the audiotrs do not guarantee or
insure the fair presentation of the F.S; it communicates that there is some risk that the F.S are not
fairly stated even when the opinion of the auditor is unqualified
-free of material misstatement - is intended to inform the users tha the auditor’s responsibility
is limited to material financial information
*materiality and risk - fundamental concepts that are important to planning the audit and
designing the audit approach
Risk-Based Audit Approach Defined
-an audit approach that begins with an assessment of the types and likelihood of misstatements
in account balance and then adjusts the amount and type of audit work, to the likelihood of
material misstatements occurring in the account balances.
-under this approach, the auditor perform the ff:
1. Identification of the client’s strategy and the processes for developing that strategy
2. Examination of the core business process and resource management
3. Identification for each of the key processes(as well as subprocesses) the objectives, inputs,
activities, outputs,systems and transactions.
4. Assessment of the risks that the processes will not meet the goals and controls related to
those risks.
Risk-Based Audit Vs. Account-Based Audit
-account-based auditing - auditors 1st obtain an undertanding of control and assess control risk
for particular types of errors and frauds in specific accounts and cycle
-risk-based audit - the audit team views all the activities in the organization 1 st in terms of risks
to strategies and objectives and then in terms of management’s plans and to mitigate the risk
 Nature of Risk
Risk - concept used to express uncertainty about events and/or their outcomes that could have a
material effect on the organization
1.
2.
3.
4.
Audit Risk - risk that an auditor may give an unqualified opinion on F.S that are materially
misstated.
Engagement Risk - economic risk that a CPA firm is exposed to simply because it is
associated with a particular client : controlled by careful selection and retention of client
(ex: loss of reputation, inability of the client to pay the auditor, or financial loss bec.
management is not honest and inhibits the audit process)
Financial Reporting Risk - risk that relate directly to the recording of transactions and the
5.
presentation of financial data in an organization’s F.S
Business Risk - risk that affect the operations and potential outcomes of organizational
activities
Overview of Risk Elements Affecting an Audit
*Factors Affecting Business Risk
 Economic climate
 Technological change
 Competition
 Business Volatility
 Geographic location
*Factors Affecting Financial Reporting Risk
 Competence and integrity of management
 Incentive to management to misstated F.S
 Complexity of transactions
 Internal control
-Audit risk - risk that the auditor fails to find material misstatements in the client’s F.S and
thereby inappropriately issues an unqualified opinion on the F.S
*the auditor can control audit risk in 2 diff. ways:
1. Avoid audit risk by not accepting certain companies as client , i.e. reduce engagement risk
to zero
2. Set audit risk at a level that the auditor believes will mitigate the likelihood that the auditor
will fail to identify material misstatements
*business risk and financial reporting risk originate with the audit client and its environment,
and these risks then affect the auditor’s engagement risk and audit risk
-Finacial reporting business risk - arise from issues such as asset impairments, market to
market accounting warranties, pensions, estimates as well as competence and integrity of
management and its incentives to misstate the F.S
The Risk-Based Audit Process
 Phase I. Risk Assessment
1. Performance of preliminary engagement activities to decide whether to accept/continue an
audit engagement
2. Planning the audit to develop an overall audit strategy and audit plan
3. Performance of risk assessment procedures to identify/assess risk of material misstatement
through understanding the entity
 Phase II. Risk Response
1. Designing overall responses and further audit procdures to develop appropriate responses to
the assessed risk of material misstaement
2. Implementing responses to assessed risk of material misstatement to reduce audit risk to an
acceptably low level
 Phase III. Reporting
1. Evaluating the audit evidence obtained to determine what additional audit work(if any) is
required.
2. Forming an opinion based on audit findings and preparing the auditor’s report
PHASE I-A Perfomance of Preliminary Engagement Activities
 Introduction
At the beginning of the current audit engagement, the auditor should perform the ff. Activities:
1. Perfom procedures required by PSA 220(Clarified) , “ Quality Control of an Audit of
Financial Statements” regarding the continuance of the client relationship and specific audit
engagement.
2. Evaluate compliance with ethical requirements, including independence as required by PSA
220.
3. Establish an understanding of the terms of engagement as required by PSA 210(Clarified),
“Agreeing the Terms of Audit Engagements.”
 Client Selection and Retention
*the auditor’s consideration of client continuance and ethical requirements , including
independence , occurs throughout the performance of the audit engagement as conditions and
changes in circumstances occur.
*the purpose of performing these preliminary engagement activities is to help ensure that the
auditor has considered any events or circumstances that may adversely affect the auditor’s
ability to plan and perform the audit engagement to reduce audit risk to an acceptably low level
*Performing these preliminary engagement activities helps to ensure that the auditor plans an
audit engagement for which:
1.
2.
3.
The auditor maintains the necessary independence and ability to perform the engagement
There are no issues with management intergrity that may affect the auditor’s willingness to
continue the engagement
There is no misunderstanding with the client as to the terms of the enagagement.
*In summary, before accepting an engagement with a new client, the CPA firm shall assess
whether it
a.
b.
c.
Is competent to perform the engagement amd has the capabilities, including time and
resources to do so,
Can comply with the relevant ethical requirements , and
Has considered the integrity of the client and does not have information that would lead it to
conclude that the client lacks integrity
*As a final step, the CPA firm will confer and agree with management or those charged with
governance the appropriate terms of the audit engagement. The agreed terms of the audit
engagement shall be recorded in an audit engagement letter or other suitable form of written
agreement and shall include:
1.
2.
3.
4.
Objective and scope of the audit of the F.S
Responsibilities of management
Identification of the applicable financial reporting framework for the preparation of the F.S
Reference to the expected form and content of any reports to be issued by the auditor and a
statement that there may be circumstances in which a report may differ from its expected
form and content
 Recurring Audits
-the auditor shall assess whether circumstances require the terms of the audit engagement to be
revised and whether there is a need to remind the entity of the existing terms of the audit
engagement.
*If the auditor is unable to agree to a change in terms of the A.E and is not permitted by
management to continue the original A.E, the auditor shall:
a.
b.
Withdraw form the A.E where withdrawal is possible under applicable law or regulation
Determine whether there is any obligation, either contractual or otherwise, to report the
circumstances to other parties , such as those charged with governance, owners or
regulators.
PHASE I-B Planning the Audit to Develop an Overall Audit Strategy and Audit Plan
 Introduction
PSA 300(Clarified), “Planning on Audit of Financial Statements” - establishes standards and
provides guidance on the considerations and activities applicable to planning an audit of F.S;
requires that the auditor establishes the overall strategy for the audit
-plan of action - to organize, coordinate, and schedule activities of the audit staff
-audit plan - normally drafted prior to starting the work of the client’s offices
 Nature and Scope of Audit Planning
-audit planning- involves the establishment of the overall audit strategy for the engagement and
developing an audit plan, in order to reduce audit risk to an acceptably low level
-planning - is a continuous and iterative procees that often begins shortly after or in connection
with the completion of the previous audit and continues until the completion of the current audit
engagement
 Benefits of Audit Planning
a.
b.
c.
d.
e.
It helps ensure that appropriate attention is devoted to important areas of the audit.
It aids in identifying potential problems and resolving them on a timely basis
It helps ensure that the audit is properly organized, managed and performed in an effective
and efficient manner.
It assists in the proper assignment and review of the work of the engagement team members.
It helps coordinate the work to be done by auditors of components and other parties
involved such as experts, specialists, etc.
 The Overall Audit Strategy
-overall audit strategy - sets the scope, timing and direction of the audit and guides the
development of the more detailed audit plan.
*process of establishing the audit strategy:
a. Identifying the characteristics of the engagment that define its scope
b. Ascertaing the reporting objectives of the engagement to plan the timing of the audit and the
nature of the communication required
c. Considering the important factors that will determine the focus and direction of the
engagement teams efforts
d. Considering the results of the preliminary activities and , where applicable, whether
knowledge gained on other engagements performed by the engagement partner for the entity
is relevant
e. Ascertaining the nature, timing and extent of resources necessary to perform the
engagement
 Other Benefits of Developing the Audit Strategy
*The process of establishing the overall audit strategy assists the auditor to determine, subject to
the completion of the audiotr’s risk assessement procedures, such matters as:




The resources to deploy for specific audit areas
The amount of resources to allocate to specific audit areas
When these resources are to be deployed
How such resources are managed, directed and supervised
A.Materiality
 Application of the Concept of Materiality to Audit
-PSA 320 (Clarified) - “Materiality in Planning and Performing an Audit” - establishes standards
and deals with the auditor’s responsibility to appy the concept of materiality in planning and
performing an audit of F.S
-materiality - involves both quantitative and qualitative considerations
-quantitative - it is necessary to relate the peso amount of the error to the F.S under
exmanination
-qualitative considerations - relate to the causes of misstatement
Ex: inadequate or improper description of an accounting policy
*The assessment of what is material is a matter of professional judgement
*In planning the audit, materiality should be considered by the auditor when:
a.
b.
c.
Determining the nature, timing and extent of audit procedures
Identifying and assessing the risks of material misstatement
Determining the nature, timing and extent of further audit
 Levels of Materiality
1.
2.
Overall Materiality - materiality level for the F.S as a whole
Specific Materiality - materiality level for particular classes of transactions, account
balances, or disclosures
 Perfomance Materiality
- used by the auditor to reduce the risk to an appropriate low level that the accumulation of
uncorrected and unidentified misstatements exceeds materiality for the F.S as a whole or specific
materiality.
- is set at a lower amount than overall specific materiality
*The objective is to perform more audit work than would be required by the overall or specific
materiality to:
 Ensure that misstatements less than overall or specific materiality are detected
 Provide a margin or buffer for possible undetected misstatements
 How to Determine Materiality
*auditors make a preliminary assessment of materiality of the F.S as a whole by determining the
amount by which they believe the F.S could be misstated without affecting user’s decisions -“preliminary judgement about materiality” / “planning materiality”
*the reason for determing “planning materiality” is to help the auditor plan the appropriate
evidence to accumulate.
 Rules of Thumb (For Use as a Starting Point)
Overall
- materiality is a matte of professional judgement rather than a mechanical existence
Revenues or expenditures - 1% to 3%
Assets - 1% to 3%
Equity - 3% to 5%
Specific
- establish a lower, specific materiality amount for the audit of specific or sensitive financial
statement areas
Performance
- no specific guidance is provided in the PSAs; Percentages range from 60% (of overall or
specific materiality), where there is a higher risk of material misstatement, up to 85% where the
assessed risk of material misstatement is less.
 Relationship Between Materiality and Audit Risk
- inverse relationship
- higher materiality level = lower the audit risk
*The auditor would compensate for this by either:
a. Reducing the assessed level of control risk, where this is possible, and supporting the
reduced level by carrying out extended or additional tests of control
b. Reducing detection risk by modifying the nature, timing and extent of planned substantive
procedures
B. Audit Plan
- more detailed than the audit strategy
1.
2.
3.
The nature, timing and extent of planned risk assessment procedures, as determined under
PSA 315, “Identifying and Assessing the Risks of Material Mistatement Through
Understanding the Entity and its Environement”
The nature, timing and extent of planned further audit procedures at the assertion level, as
determined under PSA 330, “The Auditor’s Responses to Assessed Risks”
Other planned audit procedures that are required to be carried out so that the engagement
complies with PSAs.
*The auditor shall document :
a. Overall audit strategy
b. Audit plan
c. Any significant changes made during the audit engagement to the overall audit strategy or
the audit plan, and the reasons for such changes.
 Direction, Supervision and Review
*The timing, nature and extent of the direction and supervision of engagement team members
and review of their work vary depending on may factors, including:
1. Size and complexity of the entity
2. Area of the audit
3. Assessed risks of material misstatement
4. Capabilities and competence of the individual team members performing the audit work.
-PSA 220- contains further guidance on the direction, supervision and review of audit work
 Changes to Planning Decisions During the Course of the Audit
*The overall audit strategy and audit plan should be updated and changed as necessary during
the course of the audit.
 Documentation
*The auditor should document the overall audit strategy and the audit plan, including any
significant changes made during the audit engagement.
*The auditor may summazrize the overall audit strategy in the form of a memorandum that
contains key decisions ragarding the overall scope, timing and conduct of the audit.
 Additional Considerations in Initial Audit Engagements
*The auditor should perform the ff. activities prior to starting an initial audit:
a. Perform procedures regarding the acceptance of the client relationhsip and the specific audit
engagement for additional guidance.
b. Communicate with the previous auditor, where tere has been a change of auditors, in
compliance with relevant ethical requirements.
*For an initial audit, the auditor may need to expand the planning activities because the auditor
does not ordinarily have the previous experience with the entity that is considered when
planning recurring engagements.
 Discussions of Other Critical Matters in Engagement Planning
1. Application of Analytical Procedures in Planning the Audit
- to assist the business and in identifying areas of potential risk
2. Establishment of an Engagement or Audit Team
-audit team - consists of people w/ diff. levels of expertise and experience;
*a team composed of: engagement partner, a manager, atleast 1 senior, and 1 or more staff
auditors
*considerations:
 Audit’s size and complexity
 Availability and experience of personnel
 Necessity for special expertise
 Opportunity to train personnel
 Continuity and rotation of personnel
3.



Consideration of Work Performed by Other Auditors/Parties
Involvement of other auditors in the audit of components
Involvement of experts
Number of locations
a.
b.
Predecessor Auditor
Other CPA
-Principal auditor - means the auditor w/ responsibility for reporting on the F.S of an entity
when those F.S include financial info. of one or more components audited by another auditor.
-Other auditor - means an auditor, other than the principal auditor, w/ responsibility for
reporting on the financial info. of a component w/c is included in the F.S audited by the principal
auditor.
-Component - a division, branch, subsidiary, joint venture, associated company, or other entity
whose financial info. Is included in F.S audited by principal auditor
-PSA 600 - “ Using the Work of Another Auditor” , establishes standards and provides guidance
when an auditor uses the work of another auditor on the financial info. of one or more
components included in the F.S of the entity.
*In deciding to become the principal auditor, the auditor must consider among other things , the
ff:
1.
2.
3.
4.
Materiality of the portion of the F.S w/c the principal auditor audits
Principal auditor’s degree of knowledge regarding the business of the components
Risk of material misstatement in the F.S of the component audited by the other auditor
Performance of additional procedures regarding the components audited by the other auditor
resulting in the principal auditor having significant participation in such audit.
c. Specialists
- bring unique knowledge and judgement in a field other than accounting and auditing
d. Use of Client’s Staff
- client’s staffs working papers should bear the label Prepared by Client or PBC, and also the
initials of the auditor who verifies the work performed by the client’s staff; never be accepted at
face value; such papers must be reviewed and tested by the auditors
e. Internal Auditors
- can affect the audit in 2 ways:
1. Can enhance internal control
*In deciding whether to reduce the amount of testing for specific assertions bec. of work
performed by internal auditors, the independent auditor should consider : materiality of the
amount, risk of misstatement and degree of subjectivity involved in evaluating the accumulated
audit evidence
2. By assisting independent auditors in performing specific audit procedures
4. Assessment of Going Concern Assumption
-PSA 570 - requires auditors to evaluate whether substantial doubt exists about an entity’s ability
to continue as a going concern
*An auditor is not required to design specific procedures to evaluate whether an entity is a
going concern.
5. Identification of Related Parties
-related party -defined as an affiliated company, a principal owner of the client company, or
any other party with which the client deals where one of the parties can influence the
management or operating policies of the other.
-related party transaction - is any transaction between the client and a between a parent
company and its subsidiary, exchanges of equipment between 2 companies owned by the same
person and loans to officers.
6. Client’s Legal Obligations
*Pertinent current-year info. that auditors should review includes : minutes of directors’ and
stockholders’ meetings, changes to articles of incorporation or by-laws and any significant
contracts executed during the year.
7. Completion of the Initial Audit Program
-audit program - a set of audit procedures specifically designed for each audit; the program
which includes both substantive tests and tests of controls will enable the auditor to express an
opinion on the F.S taken as a whole
- serves a set of instructions to assistants involved in the audit and as a means to control and
record the proper execution of the work
*On initial engagements, the audit program typically will develop in 3 stages:
a. Broad phases of the program can be outlined at the time of engagement
b. Other details of the program can be identified after the review of internal control structure
and accounting procedures has begun
c. Procedures on specific phases of the audit can be further challenged and revised as the work
progresses
8. Preparation of a Time Budget
-time budget - an estimate of the total hours an audit is expected to take; basis for estimating
fees; also an important tool to communicare to the audit staff those areas the manager or partner
believes are critical and require more time; used to measure the efficiency of the staff and to
determine at each stage of the engagement whether the work is progressing at a satisfactory rate
*considerations:
a. Client’s size as indicated by its gross assets, sales, number of employees
b. Location of client facilities
c. Anticipated accounting and auditing problems
d. Competence and experience of staff available
-auditor’s time- most costly element of an engagement
-underreporting of time - in which a staff member reports only a fraction of the actual time
spent performing a particular audit procedure; creates unrealistic basis for following year’s
budget
9. Assignment of Personnel to the Engagement
-PSA 220 - “Quality Control for an Audit of Financial Statements” - the auditor, and assistants
with supervisory responsibilities, will consider the professional competence of assistants
performing work delegated to them when deciding the extent of direction, supervision and
review appropriate for each assistant.
10. Scheduling of Work
*considerations:
a. Deadline for submitting final audit report and filing of income tax returns
b. Ability of the client’s staff to submit required schedules
c. Other audit clients
 Documentation of Audit Plan/Audit Program
-audit program- serves as a set of instructions to assistants involved in the audit plan and as a
means to control and record the proper execution of the work; also contains the objectives for
each area and a time budget
*working papers:
1. Audit plans
2. Audit programs
3. Time budget
-audit plan- contains the overview of the engagement , outlining the nature and characteristics
of the client’s business operations and the overall audit strategy
*the ff. info are included in a typical audit plan:
1. Description of the client company
2. Audit objectives
3. Description of the nature and extent of other services such as tax returns preparation, etc
4. Timetable of the audit work
5. Work to be done by the client’s employer
6.
7.
8.
9.
Assignment of audit staff
Target completion dates of the major segments of the engagement
Preliminary evaluation and judgement about materiality level for the engagement
Any special problems to be resolved during the engagement particularly those revealed by
analytical procedures
10. Conditions that may require changes in audit test
 Planning a Repeat Engagement
*it is far easier to plan for a repeat engagement than planning for a first audit of a new client