ISO 9001-QMS : Risk
Based Audit
 INTRODUCTION
Audit approach and methodology consists of the following sections :
A. Section one (Audit Approach and Methodology), which consists of:
1. Introduction
2. Manage the Audit Engagement
3. Audit Diagram
2
B. Section two (Policy and Documentation), which consists of:
1. Audit Planning :
2. Perform Audit Plan
3. Conclude and Report
4. Perform Post-Engagement Activities
1. Introduction
 GENERAL
The audit approach is risk based with a focus on understanding each
entity and its environment and identifying risks associated with the entity,
the audit engagement, and the financial statements as a whole. The
audit approach requires the development of an audit plan that responds
to these risks and to the entity’s specific circumstances
 INTERNATIONAL STANDARDS ON AUDITING
3
The policies and guidance policies comply with the International
Standards on Auditing (“ISAs”) issued by the International Federation of
Accountants up to and including November 2011 and in many instances
incorporate the ISA wording. Member Firms following the policies and
guidance in the policies will comply with the ISAs as of that date.
1.
Introduction
 PURPOSE
1. The purpose of this policy is to provide an overview of the audit
approach and methodology as well as provide introductions to
some of the major concepts of the audit approach.
2. The objective of an audit of financial statements is to enable us to
express an opinion as to whether the financial statements are fairly
presented, in all material respects, in accordance with an
applicable financial reporting framework.
4
3. It is firm’s responsibility to design the audit to obtain reasonable
assurance that the financial statements are fairly stated in all
material respects. Reasonable assurance is derived from a
combination of inherent, control, and substantive assurance.
1.
Introduction

AUDIT RISK AND ASSURANCE
1.
The audit assurance risk model sets out how the firm obtain overall assurance for the
potential errors for each significant account balance or disclosure.
a.
The firm obtains inherent assurance by assessing risk at the potential-error level for
account balances or disclosures for the potential errors for which the firm do not
identify specific risks. Ordinarily, these are potential errors relating to transactions,
account balances, or disclosures that are not associated with one of the risk
factors highlighted.
b. The firm obtain control assurance by performing the following procedures:
i.
ii.
5
c.
2.
Identifying the existence of controls, for the relevant control objectives,
evaluating their design, and determining whether they have been
implemented
If appropriate, testing the operating effectiveness of those controls
The firm obtains substantive assurance by performing substantive analytical
procedures, tests of details, or a combination of the two. For each potential error,
substantive assurance should constitute a portion of firm’s overall assurance.
Based on the reasonable conclusions drawn from the audit evidence obtained, the
firm express or decline to express in firm’s audit report an opinion on the fair
presentation of the financial statements.
1.

Introduction
AUDIT PROCEDURES AND RISK ASSESSMENT PROCEDURES
1.
The firm obtain audit evidence to draw reasonable conclusions on which to base firm’s audit opinion
by performing audit procedures to:
a. Obtain an understanding of the entity and its environment, including its internal control, to assess
the risks of material misstatement at the financial statement and account balance levels
b. When necessary or if the firm have planned to do so, test the operating effectiveness of controls in
preventing or detecting and correcting material misstatements at account balance level
c. Detect material misstatements at the account balance error level; audit procedures performed
for this purpose are referred to as “substantive procedures” and include tests of details,
substantive analytical procedures, or a combination of the two.
6
2.
Audit procedures to obtain an understanding of the entity and its environment, including its internal
control, to assess the risks of material misstatement at the financial statement and potential-error
levels are referred to as “risk assessment procedures” because some of the information obtained by
performing such procedures may be used as audit evidence to support assessments of the risks of
material misstatement. Risk assessment procedures are a subset of audit procedures.
3.
In performing risk assessment procedures, the firm may obtain audit evidence about classes of
transactions, the potential errors for account balances or disclosures, and about the operating
effectiveness of controls, even though such audit procedures were not specifically planned as
substantive procedures or as tests of the operating effectiveness of controls. The firm may also
choose to perform substantive procedures or tests of the operating effectiveness of controls
concurrently with risk assessment procedures because it is efficient to do so.
7
1.
Introduction

AUDIT EVIDENCE
1.
The information used in arriving at the conclusions on which the audit opinion is based
is audit evidence. Audit evidence includes the information contained in the
accounting records underlying the financial statements and other information.
2.
The firm should obtain sufficient appropriate audit evidence to be able to draw
reasonable conclusions on which to base the audit opinion.
3.
Other information that the firm may use as audit evidence includes minutes of
meetings; confirmations from third parties; analysts’ reports; comparable data about
competitors (benchmarking); controls manuals; information obtained by us from such
audit procedures as inquiry, observation, and inspection; and other information
developed by or available to us that permits us to reach conclusions through valid
reasoning.
4.
Sufficiency is the measure of the quantity of audit evidence. Appropriateness is the
measure of the quality of audit evidence; that is, its relevance and its reliability in
providing support for the potential errors related to account balances or disclosures or
detecting misstatements in account balances or disclosures.
1.
Introduction
 BENEFITS
1. The audit approach has been developed to enable us to:
a. Plan and perform audit engagements that will provide an appropriate
8
basis for the expression of an opinion on an entity’s financial statements
taken as a whole
b. Identify and appropriately address risks relevant to the audit
engagement that are associated with the entity, the audit engagement,
and the potential errors for the significant account balances or
disclosures
c. Perform an effective and efficient audit
d. Determine the entity’s needs, expectations, concerns, and professional
service requirements and prepare and execute an appropriate audit
plan
e. Provide clients and management with meaningful audit insights
f. Perform multilocation audits in a consistent manner
g. Clearly communicate the manner in which audit engagements are
performed to professional staff, clients, prospective clients, management,
and others
1.
Introduction
 POLICY
1. The firm should comply with the ethical standards applicable to the audit
engagement as required by ISA
2. The firm should plan and perform the audit to reduce audit risk to an
acceptably level using reliance factor.
3. The firm should obtain sufficient appropriate audit evidence to be able to
draw reasonable conclusions on which to base the audit opinion.
9
4. The firm should maintain an attitude of professional skepticism throughout
the audit, recognizing the possibility that a material misstatement due to
fraud could exist, irrespective of firm’s experience with the entity about the
honesty and integrity of management and those charged with
governance.
1.
Introduction
 ACTIVITIES
OVERVIEW OF THE AUDIT APPROACH
1. The core of the audit approach consists of six principal activities:
10
a. Perform Pre-engagement Activities
b. Perform Preliminary Planning
c. Develop the Audit Plan
d. Perform the Audit Plan
e. Conclude and Report
f. Perform Post-engagement Activities.
1.
Introduction
 ACTIVITIES
OVERVIEW OF THE AUDIT APPROACH
2. Risk assessment and management of the audit engagement are pervasive
activities at all stages of the audit engagement. The activities are led by
the engagement management whose key responsibilities include
managing the effectiveness and efficiency of the audit engagement as
well as communicating within the engagement team and to management
and those charged with governance. These activities are a continuous
process and an integral part of the audit approach.
11
3. Planning is a continual and iterative process that often begins shortly after
(or in connection with) the completion of the previous audit and continues
until the completion of the current audit engagement. However, in
planning an audit, The firm consider the timing of certain planning activities
and audit procedures that need to be completed prior to the performance
of further audit procedures.
1.
Introduction
 RISK-BASED APPROACH
1. The firm should plan and perform the audit to reduce audit risk to an
acceptably low level that is consistent with the objective of an audit. The
firm reduce audit risk by designing and performing audit procedures to
obtain sufficient appropriate audit evidence to be able to draw
reasonable conclusions on which to base an audit opinion.
Reasonable assurance is obtained when the firm have reduced audit risk to
an acceptably low level. The audit assurance model sets out how the firm
obtain overall assurance for the potential errors for each significant
account balance or disclosure and assists us in planning and performing
the audit engagement to reduce audit risk to an acceptably low level.
12
2. The audit approach enables us to develop an effective and efficient audit
plan that focuses firm’s audit procedures on high-risk areas.
13
1.
Introduction

RISK-BASED APPROACH
3.
As part of firm’s pre-engagement activities, the firm assesses engagement risk. Firm’s
assessment of engagement risk is based on a combination of firm’s assessment of the
risk resulting from (1) firm’s association with the client or prospective client, (2) the audit
engagement, and (3) the financial statements as a whole.
4.
4Firm’s audit approach involves obtaining a detailed understanding of the nature of
the entity’s business and its environment. Firm’s ability to effectively assess risk is
enhanced by this understanding as well as firm’s (1) understanding of the entity’s
internal control and accounting process and (2) performance of firm’s preliminary
analytical review. The value of this accumulation of understanding increases with
experience and years of service to the entity.
5.
When the firm assesses risk at the potential-error level for an account balance or
disclosure, the firm seek to specifically identify the potential errors for significant
account balances or disclosures that have an increased risk of material misstatement.
For the potential errors for account balances or disclosures for which the firm have
identified a specific risk, the firm assess inherent risk as high and take no inherent
assurance when planning the scope of firm’s work.
1.
Introduction
 RISK-BASED APPROACH
6. The audit plan for a potential error for an account balance or disclosure for
which the firm have identified a specific risk will involve one of the following:
a. Performing a focused level of substantive procedures if the firm obtain
no control assurance
b. Performing a directed level of substantive procedures if the firm obtain a
basic level of control assurance
c. Performing a moderate level of substantive procedures if the firm obtains
a maximum level of control assurance.
14
1.
Introduction
 FOCUS ON QUALITY
1. When performing an audit of financial statements, firm’s professional
responsibilities are established by applicable professional standards and
regulatory and legal requirements.
2. The firm requires an uncompromising commitment to high professional and
technical quality. Applying the audit approach will assist us in achieving
this goal.
15
3. The firm strives to consistently provide quality professional service. This
involves maintaining ongoing contact and effective communication with
the firm clients at all stages of the audit engagement.
1.
Introduction
 MANAGEMENT OF THE AUDIT ENGAGEMENT
i.
16
The audit Engagement Partner is responsible for establishing the overall
scope of the audit and assumes overall responsibility for the audit
engagement. This individual is responsible for ensuring that the audit
complies with firm’s policies, applicable professional standards and
regulatory and legal requirements and responds to client needs,
expectations, and concerns.
ii. In managing risk and developing and executing the audit plan, the audit
Engagement Partner and other engagement management are the key
decision makers and main influences on the firm approach. Timely
involvement of engagement management in the key stages of the audit
engagement is essential to optimizing the effectiveness and efficiency of
planning and performance of the audit engagement.
1.
Introduction
 CONSIDERATION OF FRAUD AND ERROR
1. The firm should maintain an attitude of professional skepticism throughout
the audit, recognizing the possibility that a material misstatement due to
fraud could exist, irrespective of firm’s experience with the entity about the
honesty and integrity of management and those charged with
governance.
17
2. The firm considers the potential for management override of controls and
recognizes the fact that audit procedures that are effective for detecting
error may not be appropriate in the context of an identified risk of material
misstatement due to fraud. The distinguishing factor between fraud and
error is whether the underlying action that results in the misstatement of the
financial statements is intentional or unintentional.
3. The term “fraud” refers to an intentional act by one or more individuals
among management, those charged with governance, employees, or third
parties, involving the use of deception to obtain an unjust or illegal
advantage. Although fraud is a broad legal concept, for the purposes of
firm’s audit, the firm is concerned with fraud that causes a material
misstatement in the financial statements. The firm does not make legal
determinations of whether fraud has actually occurred.
18
1.
Introduction

CONSIDERATION OF FRAUD AND ERROR
4.
Owing to the inherent limitations of an audit and internal control, there is a possibility
that material misstatements resulting from fraud and, to a lesser extent, error may not
be detected. Because fraud usually involves acts designed to conceal it, the risk of
not detecting a material misstatement resulting from fraud is greater than one resulting
from error. Furthermore, the risk of not detecting a material misstatement resulting
from management fraud is greater than for employee fraud, because management is
frequently in a position to directly or indirectly manipulate accounting records and
present fraudulent financial information.
5.
Fraudulent acts include deliberate failure to record transactions, forgery of records
and documents, and intentional misrepresentations to the engagement team. Fraud
may include intentional acts by management or employees acting on behalf of the
entity, as well as employee fraud if management or employees are involved in actions
defrauding the entity.
6.
Two types of intentional misstatements are relevant to us:
a. Misstatements resulting from fraudulent financial reporting
b. Misstatements resulting from misappropriation of assets.
c. Concealing, or not disclosing, facts that could affect the amounts recorded in the
financial statements
d. Engaging in complex transactions that are structured to misrepresent the financial
position or financial performance of the entity
e. Altering records and terms related to significant and unusual transactions.
1.
Introduction

DOCUMENTATION
1.
The audit working papers are the property of the Member Firm performing the audit
and support the firm audit report. They are not part of, nor a substitute for, the entity’s
accounting records. Although the amount of documentation required varies, the
working papers need to provide evidence that the work has been performed in
accordance with firm policies.
2.
The audit documentation should be used in planning and performing audit
engagements performed in accordance this the policies and guidance.
3.
The common audit documentation contains the following:
a. Standard index
b. Forms that support the following:
19
(i) The audit planning process
(ii) The understanding of the entity’s internal control, including evaluation of the
design of controls and determining whether they have been implemented
(iii) Testing of the operating effectiveness of controls
(iv) Performing substantive procedures
c. Audit’s documents and templates format.
2.
Manage the Audit Engagement

PURPOSE
1.
Every audit engagement should be under the control and supervision of an audit
Engagement Partner to whom responsibility for the conduct of the audit
engagement in accordance with the policies in the Manual, the applicable
professional standards and regulatory and legal requirements is assigned.
2.
Allocation of responsibilities is a matter for the audit Engagement Partner to address.
Matters such as maintaining continuity and an appropriate level of experience within
the engagement team significantly affect the effectiveness of the engagement
team.
3.
The effectiveness with which the audit engagement is managed will be improved if
each person involved has a clear understanding of the respective roles and
responsibilities of each member of the engagement team. The division of
responsibilities discussed in this policy needs to be regarded as a guide only. Roles
will vary in practice depending on the nature, size, and complexity of the entity’s
operations.
4.
The engagement management responsible for an audit engagement includes,
depending on the size, nature, and complexity of the entity’s operations, some or all
of the following:
20
a. Audit Engagement Partner
b. Audit Manager
c. The Accountant-in-Charge or Field Senior.
2.

Manage the Audit Engagement
AUDIT ENGAGEMENT PARTNER
1.

21
Achieving quality throughout planning, supervision, and management of an audit
engagement is significantly more effective than efforts to achieve quality during the
review process alone.
TEAMWORK
1.
Teamwork is key to successful management of an audit engagement. The high
quality of firms professional service is maintained by engagement teams that build on
individual strengths, knowledge, and expertise.
2.
On-the-job training, in the form of supervision, accelerates learning and enhances
effectiveness of individuals on the engagement team. Supervision continues until the
conclusion of the audit engagement. Each member of the engagement team has
a responsibility to ensure that there are no unresolved issues.
After the audit engagement is complete, the engagement team meets to review
the performance of the audit engagement and decide what needs to be changed
for the following period’s audit engagement. A debriefing of the engagement team
helps us build on the successes of the current audit engagement and continue to
improve the overall quality of firm’s audit.
3.
4.
The firm also considers which processes need to be established to effectively
manage relationships with the client and among members of the engagement team
in the period between the completion of the current audit engagement and the
beginning of work on the following period’s audit engagement.
2.
Manage the Audit Engagement
 CONSULTATION
1. Consultation RMQC and Quality Control or internal specialists should be
performed in accordance with the firm’s policies of the Professional
Practice Manual.
2. The audit Engagement Partner should consult, as deemed necessary, with
individuals with the appropriate capabilities and competence on (1)
technical accounting and auditing questions regarding the application
and interpretation of applicable standards and reporting issues or (2) any
other matter pertaining to an audit engagement that, under the
circumstances, requires specialized knowledge.
22
3. The audit Engagement Partner should determine that significant matters
subjected to consultation and the conclusions reached are appropriately
a. Documented in the audit working papers
b. Agreed with those consulted
c. Implemented.
2.
Manage the Audit Engagement
 POLICY
1. Every audit engagement should be under the control and supervision of
an audit Engagement Partner to whom responsibility for the conduct of
the audit engagement in accordance with the policies in the Manual, the
applicable professional standards and regulatory and legal requirements
is assigned.
2. The audit Engagement Partner should:
23
a. Determine that conflicts of interest identified are appropriately
addressed.
b. Form a conclusion on compliance with independence requirements
that apply to the audit engagement.
3. The audit Engagement Partner should consider whether members of the
engagement team have complied with applicable ethical requirements,
including independence, before beginning significant portions of
fieldwork and as the audit progresses.
2.
Manage the Audit Engagement
 DOCUMENTATION
i. In managing the audit engagement, the firm would normally document the
following:
a.
24
Sufficient evidence to show that the audit procedures have been
adequately performed
b. Level of participation by entity personnel
c. Detailed budgets of time and cost for each significant account balance,
along with the allocation of the work to the respective members of the
engagement team. Updating of these budgets for actual hours/costs to
date and estimated hours/costs to completion and the review of
appropriate budget/actual comparisons are effective means of
monitoring the progress of the audit engagement.
3.
Audit Diagram
 INTRODUCTION
An explanation of the purpose and scope of the ISA, including how the ISA relates
to other ISAs, the subject matter of the ISA, specific expectations on the auditor
and others, and the context in which the ISA is set.
 OBJECTIVES
25
The objective to be achieved by the auditor as a result of complying with the
requirements of the ISA. To achieve the overall objectives of the auditor, the
auditor is required to use the objectives stated in relevant ISAs in planning and
performing the audit, keeping in mind the interrelationships among the ISAs. ISA
200.21 (a) requires the auditor to:
a.
Determine whether any audit procedures in addition to those required by
the ISAs are necessary in pursuance of the objectives stated in the ISAs; and
b. Evaluate whether sufficient appropriate audit evidence has been
obtained.
3.
Audit Diagram

DEFINITIONS
A description of the meanings attributed to certain terms for purposes of the ISAs. These are provided to assist
in the consistent application and interpretation of the ISAs. They are not intended to override definitions that
may be established for other purposes, such as those contained in laws or regulations. Unless otherwise
indicated, these terms carry the same meanings throughout the ISAs.

REQUIREMENTS
This policy outlines the specific auditor requirements. Each requirement contains the word “shall.”

APPLICATION AND OTHER EXPLANATORY MATERIAL
The application and other explanatory material provides further explanation of the requirements of an ISA,
and guidance for carrying them out. In particular, it may:
26
a.
b.
c.
Explain more precisely what a requirement means or is intended to cover;
Where applicable, include considerations specific; and
Include examples of procedures that may be appropriate in the circumstances. However, the actual
procedures selected by the auditor require the use of professional judgment based on the particular
circumstances of the firm and the assessed risks of material misstatement.
While such guidance does not in itself impose a requirement, it is relevant to the proper application of the
requirements of an ISA. The application and other explanatory material may also provide background
information on matters addressed in an ISA.
3.
Audit Diagram
 ACTIVITIES
The firm should be of the audit approach consists of the following Activities :
1.
2.
3.
4.
27
Audit Planning ( ISA 220,240,250,315,330)
Perform Audit Plan ( ISA 315,330)
Conclude and Report (ISA 260)
Perform Post Engagement Activities (ISQC 1)
3. Audit Diagram

ACTIVITIES
The details such activities are as follows:
28
Chart 1: Audit Cycle
3.
Audit Diagram
 AUDIT PLANNING
Audit planning consists of several activities are as follows :
1.
2.
3.
4.
29
Perform Pre-Engagement Activities
Perform Preliminary Planning
Assess Risk and Establish Materiality
Develop Audit Plan
3.
Audit Diagram
 PERFORM PRE-ENGAGEMENT ACTIVITIES
1. Pre-engagement activities include assessing engagement risk, selecting the
team and establishing the terms of engagement. During the course of preengagement activities specific matters to consider include:
a.
b.
c.
d.
30
Fraud risk factors
Conflicts of interest & background checks
Use of specialists
Independence of engagement team
2. Perform Pre-Engagement consist of the following activities :
a.
b.
c.
Assess and respond to engagement risk
Select the engagement team
Establish terms of engagement and client service requirements
3.
Audit Diagram

PERFORM PRE-ENGAGEMENT ACTIVITIES
3.
The following ISA should be considered in pre-engagement activities:
a.
ISA 220 (Quality Control For An Audit Of Financial Statements)
•
•
ISA 220 runs in collaboration with ISQC 1 'Quality Control for Finns that Perform Audits and
Reviews of Financial Statements, and Other Assurance and Related Services Engagements’.
ISA 220 requires the firm to establish and maintain a system of quality control to provide it
with reasonable assurance that:
(a) the firm and personnel comply with professional standards and applicable legal and
regulatory requirements; and
(b) the reports issued by the firm or engagement partners are appropriate in the
circumstances.
31
•
•
•
The engagement partner takes full responsibility for the audit and overall quality control.
Engagement partners must take appropriate action where there is evidence that members
of the engagement team have not been complying with applicable ethical requirements.
In recurring audits, the engagement partner must consider any information that would have
caused the firm to decline the audit engagement had that information been available at
the time.
3.
Audit Diagram

PERFORM PRE-ENGAGEMENT ACTIVITIES
3.
The following ISA should be considered in pre-engagement activities:
b.
32
ISA 240 (The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial
Statements)
•
International Standard on Auditing 240: The Auditor’s Responsibilities Relating
to Fraud in an Audit of Financial Statements is probably one of those
standards that got highlighted and massively overhauled after the scandals in
business cosmos like Enron. This standard clarifies the responsibilities of
management auditors pertaining to fraud and its effects on financial
statements and due to this fact it considered one of the important guidelines
in auditing profession.
•
ISA 240 clarifies that it is management who is responsible to manage fraud.
Auditor on the other hand is interested in those fraudulent activities that affect
the financial information and ultimately increase audit risk. Auditor is required
to carry out audit engagement with an attitude of professional skepticism. To
make audit engagement effective discussions among team members,
inquiries of personnel involved in the management of the entity and
communicating with those charged with governance is important. If fraud is
suspected or identified, auditor shall determine its effects on audit
engagement. Audit is also required to document fraud suspected or
identified and how it was dealt.
3.
Audit Diagram

PERFORM PRE-ENGAGEMENT ACTIVITIES
4.
33
Diagram of Perform Pre-Engagement Activities
3.
Audit Diagram
 PERFORM PRELIMINARY PLANNING
1. Preliminary planning starts with Engagement Partner to perform strategic
planning meeting with audit team member. To effectively plan the
engagement an understanding is required of the:
a.
Understanding entity and environment, includes :
• External factors (e.g., industry matters, laws)
• Internal factors (e.g., business objectives)
• Accounting policies
34
b.
Assessment of internal control components
Assess the design & implementation of entity level controls supporting:
•
•
•
•
•
Control environment
Risk assessment
Information and communication
Monitoring controls
Control Activities
3.
Audit Diagram

PERFORM PRELIMINARY PLANNING
1.
Preliminary planning starts with Engagement Partner to perform strategic planning meeting with
audit team member. To effectively plan the engagement an understanding is required of the:
c.
Understanding accounting process
The firm understanding of accounting process includes:
•
•
•
•
•
d.
35
Business cycles and significant classes of transactions
Principle business activities
Flow of transactions
Policies and procedures
Disclosures
Other planning considerations:
•
•
•
•
•
•
•
•
•
Fraud risks factors
The entity’s use of computers (e.g., significant or dominant and the impact on firm’s audit)
Assessment of engagement risk
Going concern assumption
Internal audit
Related party transactions
Litigations and claims
Noncompliance with laws and regulation
Specific items (e.g., segment information)
3.
Audit Diagram
 PERFORM PRELIMINARY PLANNING
2. Preliminary Planning consist of the following activities :
a.
b.
c.
d.
e.
f.
36
Understand the client’s business
Understand the control environment
Understand the accounting process
Perform preliminary analytical procedures
Determine planning materiality
Prepare and communicate client service plan
3. The following ISA should be considered in preliminary planning activities:
a. ISA 220 (Quality Control For An Audit Of Financial Statements)
Please refer explain on to page 1 – 12
3.
Audit Diagram

PERFORM PRELIMINARY PLANNING
3.
The following ISA should be considered in preliminary planning activities:
a.
ISA 220 (Quality Control For An Audit Of Financial Statements)
Please refer explain on to page 1 – 12
b.
ISA 250 (Consideration of Laws and Regulations In An Audit of Financial Statements)
•
•
•
•
37
•
•
•
•
Some laws and regulations have a direct effect on the financial statements. Others may
not have a direct effect on the financial statements but may directly affect the conduct of
the entity's business, for example Health and Safety at Work legislation.
Laws and regulations need to be considered because a breach in such could result in fines
or other consequences which may have a material effect on the financial statements.
Responsibility for compliance with laws and regulations rests with management and those
charged with governance.
The auditor shall discuss with management and, where applicable, those charged with
governance any suspected acts of non-compliance with laws and regulations.
Any acts of non-compliance between management and those charged with governance
must be notified to the next higher level of authority. Where no higher level of authority
exists legal advice must be sought.
A qualified or adverse opinion is expressed if the act of non-compliance with laws and
regulations has a material effect on the financial statements which has not been reflected
within those financial statements.
A qualified, or disclaimer of, opinion will be expressed by the auditor if the auditor is unable
to obtain sufficient and appropriate audit evidence to evaluate whether non-compliance
that may be material to the financial statement has occurred.
If the auditor encounters situations giving rise to a limitation on the scope of the audit work,
the auditor shall evaluate the effect of such a scope limitation on the audit opinion
3.
Audit Diagram

PERFORM PRELIMINARY PLANNING
3.
The following ISA should be considered in preliminary planning activities:
c.
ISA 315 (Assessing The Control Environment)
•
•
•
d.
ISA 330 (The Auditor’s Responses to Assessed Risks)
•
•
38
The control environment is just one of five components of internal control
ISA 315 says it must be assessed
That assessment then has an effect on the assessment of the risk of material misstatements
and on audit procedures
•
•
•
•
•
•
Risk features heavily in auditing and one of the primary functions of audit is to reduce risk to
an acceptable level.
Auditors can gather sufficient and appropriate audit evidence through substantive
procedures and control tests.
All audit procedures must be responsive to the assessed levels of risk.
Detailed tests of control in recurring audits should be undertaken at least every third audit,
but auditors shall consider other relevant factors when considering the time period that
should elapse before further detailed testing.
Substantive procedures include analytical procedures and tests of detail.
Audit procedures generate the audit evidence, audit procedures in themselves are not
audit evidence.
The risk assessment must be modified if information comes to the auditor's attention which
the auditor was not previously aware of.
Audit evidence must be evaluated for sufficiency and appropriateness to determine if the
evidence reduces the risk of material misstatement to an acceptably low level.
3.
Audit Diagram

PERFORM PRELIMINARY PLANNING
4.
39
Diagram of Perform Preliminary Planning
3.
Audit Diagram
 ASSESS RISK AND ESTABLISH MATERIALITY
1. The third phase in audit planning activities is related to Assess risk at
account balance in the company’s financial statement. The firm should
assess whether there is a potential error risk at account balance and
decide whether the audit team will rely on control (perform test of control)
or do not rely on control.
a.
Have we identified any specific risks?
Yes: Increase control & substantive testing
No: Normal testing
b.
Are we planning to rely on controls?
Yes: Test operating effectiveness
No: Test fully substantively
40
The purpose of Assess risk and establish materiality are as follow:
a.
b.
c.
Estimate tolerable level of misstatement
Establish scope
Evaluate effect of known and likely misstatements
3. Audit Diagram
 ASSESS RISK AND ESTABLISH MATERIALITY
The auditor’s responsibility is to determine whether financial statements are
materially misstated. If there is a material misstatement, the auditor will bring it
to the client’s attention so that a correction can be made.
The materiality calculation materiality can be divided into some factors
including the following:
41
a. Computation of Planning Materiality
b. Computation of Tolerable Error
3.
Audit Diagram

ASSESS RISK AND ESTABLISH MATERIALITY
Computation of Planning Materiality
The computation of planning materiality consists of:
a.
Identify the Materiality Critical Component
Select the most relevant critical component (check one):
Measurement
Percentage
Income from continuing operations (after tax)
Normalized income from continuing operations (after tax)
Total revenues
Total assets
Net assets or total equity
5.0%
5.0%
2.0%
2.0%
5.0%
Reasons of selected critical component
42
Indicate the critical component amount (monetary value).
b.
Calculate Materiality
Measurement
Percentage
(from Step 1a)
Benchmark Amount
(from Step 1b)
x
Materiality
Amount
=
3.
Audit Diagram

ASSESS RISK AND ESTABLISH MATERIALITY
Computation of Tolerable Error
The computation of tolerable error consists of:
a. Determine the amount of Planning Materiality
b. Determine % to be used in computing for tolerable error
43
Risk Assessment
Percentage
High
Medium
Normal
15%
30%
40%
c. Calculate Tolerable Error
Tolerable Error %
Amount of Materiality
Tolerable Error
Amount
3. Audit Diagram

ASSESS RISK AND ESTABLISH MATERIALITY
2.
The following ISA should be considered in assess risk and establish materiality activities:
a.
ISA 25, “Audit Materiality,” par. 3
•
3.
44
Information is material if its omission or misstatement could influence the economic decisions
of users taken on the basis of the financial statements. Materiality depends on the size of the
item or error judged in the particular circumstances of its omission or misstatement. Thus
materiality provides a threshold or cut-off point rather than being a primary qualitative
characteristic which information must have if it is to be useful
Diagram of Assess risk
3.

Audit Diagram
DEVELOP AUDIT PLAN
1.
In developing audit plan, it is appropriate to consider the following matters:
a.
b.
c.
Assess risk at the account balance level
Design of testing controls
Describe the levels of substantive assurance within the audit assurance model
Assessing Acceptable Audit Risk and Inherent Risk
45
In assessing acceptable audit risk the auditors may accept some level of risk in
performing the audit. An effective auditor recognizes that risks exist, are difficult to
measure, and require careful thought to respond. Consequently, responding to risks
properly is critical to achieving a high-quality audit.
Risk and Evidence
Auditors gain an understanding of the client’s business and industry and assess client
business risk. The auditors use the audit risk model to further identify the potential for
misstatements and where they are most likely to occur. Furthermore, auditor should
decide engagement risk and use that risk to modify acceptable audit risk. The
engagement risk closely relates to client business risk.
3. Audit Diagram

DEVELOP AUDIT PLAN
Factors Affecting Acceptable Audit Risk is:
•
•
•
The degree to which external users rely on the statements
The likelihood that a client will have financial difficulties after the audit report is issued
The auditor’s evaluation of management’s integrity
Methods to Assess Acceptable Audit Risk
The method to assess acceptable audit risk can be describe in the following table :
Factors :
a. External users’ reliance on financial statements
Methods Used :
 Examine financial statements
 Read minutes of the board
 Discuss financing plans with management
b. Likelihood of financial difficulties

46
c. Management integrity

Analyze financial statements for difficulties using
ratios
Examine inflows and outflows of cash flow
statements

Client acceptance and continuance procedures
3. Audit Diagram
 DEVELOP AUDIT PLAN
Factors Affecting Inherent Risk
The following factors will affect inherent risk are:
47
a.Nature of the client’s business
b.Results of previous audits
c.Initial versus repeat engagement
d.Related parties
e.Nonroutine transactions
f. Judgment required to correctly record account
transactions
g.Makeup of the population
h. Factors related to fraudulent financial reporting
i. Factors related to misappropriation of assets
balances
and
3. Audit Diagram
 DEVELOP AUDIT PLAN
The audit responds to risk:
The auditors can change the audit to respond to risks by performing: (a) the
engagement may require more experienced staff, and (b) the
engagement will be reviewed more carefully than usual
Tolerable Misstatement, Risks, and Balance-related Audit Objectives:
48
It is common to assess inherent and control risk for each balance-related
audit objective. However, it is not common to allocate materiality to
objectives. The auditor also should consider Impact of information
technology on Audit Testing, by performing: (a) computer assisted audit
techniques may be used to test automated controls or data, and (b)
reports produced by IT may be used to test the effectiveness of IT general
controls, which consists of
i. Program change controls
ii. Access controls
3. Audit Diagram

DEVELOP AUDIT PLAN
Methodology for Designing Controls and Substantive Tests
The firm methodology for designing control and substantive testing are as follow:
49
3.
Audit Diagram
 DEVELOP AUDIT PLAN
Audit Risk Model
The audit risk model is used to determine plan detection risk (PDR) by using
audit risk model:
AR = DR x IR × CR
50
Where: AR = Audit risk
DR = Detection risk
IR = Inherent risk
CR = Control risk
3.
Audit Diagram

DEVELOP AUDIT PLAN
Reliability Factors
The firm using Reliability Factor (R factor) to Plan Detection Risk (PDR). The tables of risk
factor are as follow:
51
Note:
LOA = Level of Assurance
CF = Confidence Factor
3.
Audit Diagram

DEVELOP AUDIT PLAN
The example to use Reliance Factor is as follow:
Case 1

If the Auditor believe that Inherent Risk (IR) is High and Control Risk (CR) is also High (Control Risk
at the maximum), but the Audit Risk (AR) determined by 5%. How much Reliance Factor should be
applied?
Answer:
Plan Detection Risk (PDR) =
AR
IR x CR
=
0,05
1x 1
= 0, 05 (5%)
R = 3 (see table Risk Factor)
Case 2
52

If the Auditor believe that Inherent Risk (IR) is High but Control Risk (CR) is Low (The Auditor believe
that the Control is effective or Control Risk below maximum), and Audit Risk (AR) determined by 5%.
How much Reliance Factor should be applied?
Answer:
Plan Detection Risk (PDR) =
Factor)
AR
IR x CR
=
0,05
= 0, 11 (11%)
1 x 0,45
R = 2,3 (see table Risk
3.
Audit Diagram
DEVELOP AUDIT PLAN

The example to use Reliance Factor is as follow:
Case 3

If the Auditor believe that Inherent Risk (IR) is Low, but the Control Risk (CR) is High (the Auditor
plan not to rely on control (Control Risk is at the Maximum), and Audit Risk (AR) determined by 5%.
How much Reliance Factor should be applied?
Answer:
Plan Detection Risk (PDR) =
53
AR
IR x CR
=
0,05
0,31 x 1
= 0, 16 (16%)
R= 1,8 (see table Risk Factor)
Case 4

If the Auditor believe that Inherent Risk (IR) and Control Risk (CR) is Low (the Auditor believe that
the control is effective or Control Risk below Maximum), and Audit Risk (AR) determined by 5%. How
much Reliance Factor should be applied?
Answer:
Plan Detection Risk (PDR) =
AR
IR x CR
=
0,05
= 0,5 (50%)
0,31 x 0,31
R = 0,7 (see table Risk Factor)
3.
Audit Diagram

DEVELOP AUDIT PLAN
2.
The following ISA should be considered in develop audit plan activities:
a.
ISA 220 (Quality Control For An Audit Of Financial Statements)
Please refer explain on to page 1 – 12
b.
ISA 250 (Consideration of Laws and Regulations In An Audit of Financial
Statements)
Please refer explain on to page 1 – 14
54
c.
ISA 315 (Assessing The Control Environment)
Please refer explain on to page 1 – 15
d. ISA 330 (The Auditor’s Responses to Assessed Risks)
Please refer explain on to page 1 – 15
3.
Audit Diagram

DEVELOP AUDIT PLAN
3.
55
Diagram
3.
Audit Diagram
 PERFORM AUDIT PLAN
Perform audit plan consists of several activities are as follows:
1. Perform tests of controls and evaluate results
2. Perform substantive tests and evaluate results
3. Perform financial statement review

56
PERFORM TESTS OF CONTROLS AND EVALUATE RESULTS
1. In order to achieve a maximum level of control assurance, the firm should
perform tests of controls to obtain sufficient appropriate audit evidence
that the controls which provide reasonable assurance of achieving all of
the relevant control objectives for a potential error were operating
effectively at relevant times during the period under audit
2. If firms test the operating effectiveness of a control, the firm should obtain
audit evidence about the accuracy and completeness of any information
produced by the entity that we use in performing audit procedures.
3.
Audit Diagram
 PERFORM AUDIT PLAN
Perform audit plan consists of several activities are as follows:
1. Perform tests of controls and evaluate results
2. Perform substantive tests and evaluate results
3. Perform financial statement review

PERFORM SUBSTANTIVE TESTS AND EVALUATE RESULTS
1. Perform tailored substantive procedures based on the assessment of
inherent and control risk by performing : (i) test of details and (ii) analytical
procedures.
57
2. The Analytical Procedures will be performed at an assertion level (includes
the use of ACL / STAR where possible) and Perform profiling where possible.
The Roll-forward interim procedures should be taken for the rest of Audit
procedures.
3. During the course of Audit , the auditor should consider specific fraud
procedures such as : (i) In response to the risk of management override, (ii)
Appropriateness of journals, (iii) Review of estimates for bias, and (iv)
Significant and unusual transactions
3.
Audit Diagram

PERFORM AUDIT PLAN
Perform audit plan consists of several activities are as follows:
1.
2.
3.

Perform tests of controls and evaluate results
Perform substantive tests and evaluate results
Perform financial statement review
PERFORM FINANCIAL STATEMENT REVIEW
1.
In conduct of Audit, the Auditor should Perform Financial Statement Review for
a.
b.
c.
d.
58
2.
Perform Analytical Procedures
Going Concern Consideration
Fair Value Consideration
Other Consideration
The following ISA should be considered in perform audit plan activities :
a.
b.
ISA 315 (Assessing The Control Environment)
Please refer explain on to page 1 – 15
ISA 330 (The Auditor’s Responses to Assessed Risks)
Please refer explain on to page 1 – 15
3.
Audit Diagram

CONCLUDE AND REPORT
Conclude and report consists of several activities are as follows:
1.
2.
3.
4.

Perform subsequent events review
Obtain management representations
Prepare audit summary memorandum
Engagement reporting
PERFORM SUBSEQUENT EVENTS REVIEW
1.
In performing the subsequent events review, we normally document the following:
a.
b.
c.
d.
59
2.
The determination of the period to be covered by the review
The audit procedures performed and the results thereof
Any material subsequent events that we identified
How we satisfied ourselves that the identified subsequent events were properly treated in the
financial statements.
If, after the date of our audit report but before the financial statements are issued, we become
aware of a fact that may materially affect the financial statements, we normally document the
following:
a.
b.
c.
Our consideration of whether the financial statements need to be amended
Our discussions of this matter with management
Our actions taken, including, if appropriate, any modifications of our audit report.
3.
Audit Diagram

CONCLUDE AND REPORT
Conclude and report consists of several activities are as follows:
1.
2.
3.
4.

60
Perform subsequent events review
Obtain management representations
Prepare audit summary memorandum
Engagement reporting
OBTAIN MANAGEMENT REPRESENTATIONS
1.
The firm should obtain audit evidence that management (1) acknowledges its responsibility for the
fair presentation of the financial statements in accordance with the applicable financial reporting
framework and (2) has approved the financial statements. These representations are normally
made and dated on the same date as our audit report on the financial statements.
2.
The firm should obtain a written representation from management regarding the completeness of
information provided regarding the identification of related parties and the adequacy of related
party disclosures in the financial statements.
3.
The firm should review the response of each of the entity’s legal counsel to whom our inquiry letters
were sent to determine if:
a.
b.
c.
4.
The response is restricted in any fashion
A claim or other matter referred to in the inquiry letter has been omitted from the response
The legal counsel disagrees with the entity’s evaluation of a claim.
The firm should attempt to resolve them or, failing to do so, should consider the effect on our audit
report.
3.
Audit Diagram

CONCLUDE AND REPORT
Conclude and report consists of several activities are as follows:
1.
2.
3.
4.

Perform subsequent events review
Obtain management representations
Prepare audit summary memorandum
Engagement reporting
PREPARE AUDIT SUMMARY MEMORANDUM
1.
An audit summary memorandum should be prepared, as part of our concluding audit
procedures, for each audit engagement to document our major findings and
conclusions on important auditing, accounting, and reporting issues, including
significant judgments made by the engagement team. The audit Engagement
Partner should determine the form and content of the audit summary memorandum,
which will vary according to the size and circumstances of the audit engagement. The
audit summary memorandum should be approved by the audit Engagement Partner.
2.
In preparing our audit summary memorandum, the firm normally also document the
following:
61
a.
b.
c.
Important information derived from our financial statement review
Our conclusions on important accounting, auditing, and reporting issues, including
any changes in accounting policies or the adoption of new policies
Our findings about possible improvements of the entity and its environment.
3.

Audit Diagram
CONCLUDE AND REPORT
Conclude and report consists of several activities are as follows:
1.
2.
3.
4.

62
Perform subsequent events review
Obtain management representations
Prepare audit summary memorandum
Engagement reporting
ENGAGEMENT REPORTING
1.
The firm should document communications about fraud made to management, those charged with
governance, regulators, and others.
2.
Our documentation of engagement reporting would normally also include, as relevant:
a.
b.
c.
d.
e.
f.
g.
Audit report on the financial statements
Instances of noncompliance with applicable laws and regulations.
Our audit evidence that the comparative information included in financial statements on which
we are reporting complies in all material respects with the applicable financial reporting
framework.
Report(s) to those charged with governance.
Report(s) to management.
Other reports and written communications to management and, if applicable, those charged
with governance.
Details of the facts supporting the conclusions and recommendations contained in the report to
management and, if applicable, those charged with governance and notes indicating the
person with whom the firm discussed each matter and when it was discussed. The
development of individual points may be summarized on an insight collection sheet, which is
contained in the common documentation.
3.
Audit Diagram

CONCLUDE AND REPORT
Conclude and report consists of several activities are as follows:
1.
2.
3.
4.

63
Perform subsequent events review
Obtain management representations
Prepare audit summary memorandum
Engagement reporting
ENGAGEMENT REPORTING
1.
The firm should document communications about fraud made to management, those
charged with governance, regulators, and others.
2.
Our documentation of engagement reporting would normally also include, as
relevant:
e.
f.
g.
h.
Notes concerning matters communicated orally to management and, if
applicable, those charged with governance, describing our observations and
recommendations and when and to whom they were communicated.
Communications about fraud made to those charged with governance,
management, regulatory and enforcement authorities, and others.
Records controlling the processing and distribution of our reports and the financial
statements.
Evidence of the Engagement Quality Assurance Review.
3.
Audit Diagram

CONCLUDE AND REPORT

ENGAGEMENT REPORTING
The following ISA should be considered in Conclude and Report activities:
a.
ISA 260 (Communication With Those Charged With Governance)
•
•
•
64
•
•
•
The auditor must consider whether the two-way communication process has been adequate to
enable an efficient audit.
Laws and regulations may prevent communication of specific matters by the auditor. In such
cases the auditor may consider legal advice.
The auditor shall communicate their responsibilities in relation to the audit of the financial
statements. The auditor shall communicate the planned scope and timing of the audit.
Significant findings from the audit must be communicated to those charged with governance,
including any significant difficulties or any other significant matters.
Additional matters are required to be communicated to those charged with governance in
respect of listed clients.
Communication can be made orally or in writing, but must be made on a timely basis. The
auditor shall communicate to those charged with governance:
a) Qualitative aspects of the entity's accounting practices and financial reporting.
b) Significant difficulties, if any, encountered during the audit.
c) Significant matters, if any, discussed, or subject to correspondence with management.
d) Written representations the auditor is requesting.
e) Other significant matters
3.
Audit Diagram

CONCLUDE AND REPORT

ENGAGEMENT REPORTING
Diagram of Conclude and Report
65
3.
Audit Diagram
 ASSESS ENGAGEMENT QUALITY
The objective of this policy is to provide guidance on how to:
a.
b.
c.
d.
66
Reassess engagement risk and respond to any changes in engagement risk
Seek and respond to the client’s perceptions of the quality of our service.
Learn from and build upon the successes of the audit engagement
Learn from and build upon the knowledge and experience gained by the
members of the engagement team.
Thank You