RISK ASSESSMENT IN

AUDIT
Presented by:
Amna Ejaz
Ashha Mirza
Faraz Ayub
Maria Zakir
Mohsin Riaz
Zahra Javaid Mirza
Zara Iftikhar

Contents
2

Audit risk

Identifying the risks of material

misstatement (ISA 315)

Auditors response to assessed risks (ISA

330)

Audit risk

Definition of Audit risk

4

Audit risk is the risk that an auditor

expresses an inappropriate opinion on
the financial statements.

Model
5

Audit Risk = Inherent Risk x Control Risk x

Detection Risk

Inherent risk
6

Error or omission as a result of factors

other than the failure of controls .

High degree of judgment and estimation

High risk
Highly complex transactions High risk

Example: Newly formed financial

institution Vs well established
manufacturing company.

Control risk
7

Absence or failure in the operation of

relevant controls of the entity.

Adequate internal controls needed.

Internal control not sufficient High risk

Example: Small sized entity

Detection risk
8

Auditors fail to detect a material

misstatement in the financial statements.

Audit procedures needed.

Misapplication or omission procedures

Undetected material misstatement.

Increase number of sampled transactions for

detailed testing Detection risk reduced.

Application of model
9

To manage the overall risk of an audit

engagement.

Detection risk forms the residual risk.

Inherent and control risk (high) low

detection risk set.

Inherent and control risk (low) relatively

high detection risk set.

Example
10

ABC is an audit and assurance firm which has recently accepted

the audit of XYZ. During the planning of the audit, engagement
manager has noted the following information regarding XYZ for
consideration in the risk assessment of the assignment:
XYZ is a listed company operating in the financial services sector
XYZ has a large network of subsidiaries, associates and foreign
branches
The company does not have an internal audit department and its
audit committee does not include any members with a background
in finance as suggested in the corporate governance guidelines
It is the firm's policy to keep the overall audit risk below 10%
Audit Risk = Inherent Risk x Control Risk x Detection Risk
0.10 = 0.60 x 0.60 x Detection Risk
0.10 = Detection Risk = 0.278 = 27.8%
0.36

11

Identifying the risks of material

misstatement (ISA 315)

Audit
12

Following are the steps involved in

performing an audit:

Obtaining an understanding of the audit client

Identifying and assessing the risks of material
misstatement (RoMM) in the financial
statements based on our understanding
Designing and performing audit procedures in
response to the identified RoMM
Forming an opinion on the financial statements
based on the result of the procedures
performed

13

International Standards (ISA

315)

It deals with the auditors responsibility to:

Understand the entity and its environment

including its internal controls; and
Identify and assess the risk of material
misstatements in the financial statements
based on the understanding

The guidance provided in this ISA serves

to provide a bases for designing and
implementing responses to the assessed
risks RoMM

14

Obtaining understanding of
the entity and its environment

The auditor has to obtain understanding of

the following:
a)
b)
c)
d)
e)

Relevant industry regulatory and other

external factors
The nature of the entity(its operations,
ownership and governance structure etc.)
Entity selection and application of accounting
policies
The entitys objective and strategies and the
related business risks that may result in RoMM
The measurement and review of the entitys
financial performance

15

Identifying and Assessing

the RoMM

The auditor shall identify and assess the RoMM at:

The financial statement level; and

The assertion level for classes of transactions, account
balances and disclosure

This procedure involves

Identifying risks throughout the process of obtaining an

understanding of the entity and its environment
Assessing the identified risks, and evaluating whether
they relate more pervasively to the financial statements
as a whole
Relating the identified risks to what can go wrong at the
assertion level
Considering the likelihood and magnitude of
misstatement

16

Risk Assessment procedure

and related activities
1.

2.
3.
4.

5.

Inquiries of management and other

appropriate individuals within the entity
Analytical procedures
Observations and inspection
Evaluation of information obtained
through auditors client
Evaluation of information obtained from
auditors previous experience

17

Internal Control and

components

Understanding of Internal control assists

the auditor in identifying the likely
occurrence of potential misstatements and
factors that affect the RoMM
The components of internal controls
include:

Control environment
Entitys risk assessment process
Control activities
Monitoring of controls

Significant Risks
18

There are certain risks that, in the auditors

judgment, require special audit consideration,
these risks are referred to as significant risks
In exercising judgment as to which risks are
significant risks, the auditor shall consider the
following:

Fraud risk
Economic, accounting and other development risk
Complexity of transactions
Transaction with related parties
Measurement uncertainty

19

Auditors response to assessed

risks (ISA 330)

ISA 330
20

Objective of ISA 330:

Obtain sufficient appropriate audit evidence

regarding the assessed RoMM
Designing and implementing appropriate
responses to those risks

21

Types of response to
assessed risks

The responses to assessed risks of RoMM

comprise of the following 2 categories:

Test of controls (procedures designed to

evaluate the operating effectiveness of
controls)
Substantive procedure (audit procedure
designed to detect material misstatements)
Substantive

procedures comprise:
Test of details
Standard Analytical procedures

22

Audit Procedures Responsive to

the Assessed Risks of Material
Misstatement

The auditor must design and perform

further audit procedures whose nature,
timing and extent are based on, and are
responsive to, the assessed risks
The nature of an audit procedure
Timing of an audit procedure
Extent of an audit procedure

23

Responses to Assessed Risks

at Overall Financial Statement
Level
Emphasizing to the engagement team the

need to maintain professional skepticism.

Assigning more experienced staff or those
with special skills or using experts.
Providing more supervision.
Incorporating additional elements of
unpredictability in audit procedures.
Making general changes to the nature,
timing or extent of audit procedures.

Test of Controls
24

Designed to evaluate the operating effectiveness of

controls in preventing, or detecting and correcting,
material misstatements at the assertion level
The greater the reliance -> the more persuasive the
audit evidence the auditor must obtain.
The auditor must design and perform tests of
controls to obtain sufficient appropriate audit
evidence as to the operating effectiveness of
relevant controls if:

The auditors assessment of risks of material

misstatement at the assertion level includes an
expectation that the controls are operating effectively
Substantive procedures alone cannot provide sufficient
appropriate audit evidence at the assertion level.

Substantive procedures
25

A Substantive procedure is an audit

procedure designed to detect material
misstatements at the assertion level.
Substantive procedures are of two types:

Tests of details of classes of transactions,

account balances, and disclosures; and

Substantive analytical procedures

26

Nature of Substantive
procedures

Tests of details of transactions are audit

procedures related to detailed
examination of the processing of particular
classes of transactions and account
balances through the accounting systems.
Analytical procedures consist of
evaluations of financial information
through analysis of credible relationships
among both financial and non-financial
data.

Other Considerations
27

Interim Testing using substantive

procedures
Impact of ineffective internal controls on
the auditors procedures
Documentation requirements

28

Interim Testing using

substantive procedures

In some instances, substantive procedures

may be performed at an interim date.
Only using interim testing procedures will
increase the risk that misstatements
existing at the period end will not be
detected
Performing audit procedures at an interim
date may assist the auditor in identifying
and resolving issues at an early stage of
the audit.

29

Impact of ineffective internal

controls on the auditors

procedures
Respond to an ineffective internal control
environment by:

Conducting more audit procedures as of the

period end rather than at an interim date
Obtaining more extensive audit evidence
from substantive procedures.
Increasing the scope of testing

30

Documentation
requirements

The overall responses to address the

assessed risks of material misstatement
The nature, timing and extent of the
further audit procedures performed.
The linkage of the procedures performed
with the assessed risks at the assertion
level;
The results of the audit procedures,
including the conclusions reached.

31

Assertions in the Audit of

Financial Statements
claims by the management regarding
the appropriateness of financial
statements
Purpose & Importance
assist auditors in considering issues that
are relevant to the authenticity
reduce theaudit risk

32

Assertions for classes of

transactions

33

Assertions for account

balances

Existence
Rights and obligations (entity holds or
controls the rights to assets and liabilities
are the obligations of the entity)
Completeness
Valuation and Allocation (any resulting
valuation adjustments are appropriately
recorded)

Final Assessment
34

Based on the substantive procedures,

the auditor considers the assessment of
control risk
Inherent and control risk are interrelated
Make a combined assessment
Reevaluation

35

Thank you!