Professional Documents
Culture Documents
Benefits/Importance of adequate audit planning: Planning stage of audit – the time before fieldwork starts, when the auditor is
Appropriate attention is devoted to important areas of the audit gathering information about the client and its environment and designing overall
Potential problems are identified and resolved on a timely basis audit strategy and audit plan
The audit is performed in an effective and efficient manner
The audit engagement is properly organized, staffed and managed Effect of timing of appointment of auditor on audit planning:
The audit is completed expeditiously The earlier the auditor is appointed, the more efficient the audit plan and
Assists in the selection of engagement team members with appropriate performance can be. Thus, early appointment of the auditor allows the
levels of capabilities and competence to respond to anticipated risks auditor to plan a more efficient audit.
Assists in the proper assignment of work or proper utilization of assistants It is acceptable for an auditor to accept an audit engagement near or after
Facilitates the direction and supervision and the review of work year-end. However, the auditor should consider whether late appointment
Assists in coordination of work done by auditors of components and experts will pose limitations on the audit that may lead to a qualified opinion or a
Proper utilization of experience gained from previous years’ engagements disclaimer of opinion, and should discuss such concerns with the client.
and other assignments
Generalizations in assessing the predictability of the accounts: Note 3 – Reducing audit risk to an acceptably low level
Income statements accounts are more predictable To reduce audit risk to acceptably low level the auditor shall:
than balance sheet accounts. a. Assess the risks of material misstatement (inherent and control risk);
Accounts that are not subject to management and
discretion are generally predictable.
b. Limit detection risk. This may be achieved by performing procedures substantive tests (for example, a 10% detection risk means a
that respond to the assessed risks of material misstatement at the financial 90% assurance of detecting material misstatement)
statements, class of transactions, account balance and assertion levels. Detection risk can be increased or decreased by the auditor by
performing substantive tests but can never be reduced to zero
Steps in assessing Audit Risk: because of the inherent limitations in the procedures carried out,
1. Set the desired level of Audit Risk the human judgments required, and the nature of the evidence
Audit risk – the risk that the auditor gives an inappropriate audit examined.
opinion when the financial statements are materially misstated; it is the risk The auditor uses the Audit Risk Model:
that the auditor may unknowingly fail to modify appropriately the opinion on Audit Risk = Inherent risk x Control risk x Detection risk
financial statements that are materially misstated
Acceptable level of Audit risk
2. Assess the level of Inherent Risk (such as low, medium, or high) – Detection risk = Inherent risk x
for example, low level if likelihood of misstatement is low Control risk
Inherent risk – the susceptibility of an assertion to a misstatement 5. Design audit substantive tests
that could be material, either individually or when aggregated with Auditor’s reaction to level of detection risk:
other misstatements, assuming there are no related controls to a. Lower acceptable level of detection risk – higher assurance
mitigate such risks are to be provided by substantive tests by changing any or
Sources of assessment include knowledge of entity and its combination of the following:
environment and preliminary analytical procedures. Nature – performing more effective substantive
procedures
3. Assess the level of Control Risk (such as low, medium, or high) – Timing – performing substantive procedures at year-end
for example, low control risk if internal control is effective, or high rather than at interim dates (decreases detection risk by
control risk if internal control is not effective reducing the risk for the period subsequent to the
Control risk – the risk that a material misstatement, either performance of those tests)
individually or when aggregated with other misstatements, that could Extent – increasing the extent of substantive tests by
occur will not be prevented or detected and corrected on a timely using larger sample size
basis by the entity’s internal control b. Higher acceptable level of detection risk – low assurance
Sources of assessment include knowledge of internal control and are to be provided by substantive tests by changing any or
observation and inspection combination of the following:
Nature – performing less effective substantive
Combined assessment: procedures
The auditor usually makes combined assessment of inherent and control Timing – performing substantive procedures at
risks. If the combined assessment of inherent risk and control risk is interim dates
high, the auditor should: Extent – decreasing the extent of substantive tests
Place more emphasis on obtaining external evidence using smaller sample size
Reduce reliance on internal evidence
Design more effective substantive procedures In summary, the auditor performs audit procedures to assess the risks
of material misstatement and seeks to limit detection risk by performing
4. Determine the acceptable level of detection risk: The acceptable further audit procedures based on that assessment.
level of detection risk depends on the assessed level of inherent and
control risk (inverse relationship)
Detection risk – the risk that the auditor will not detect such a Summary of relationships among audit risk components:
material misstatement that exists/occurs in an assertion The acceptable level of detection risk for a given level of audit risk
bears an inverse relationship to the risks of material misstatement
Detection risk is a function of the effectiveness of an auditing at the assertion level. Therefore:
procedure and its application by the auditor ↑ Risk of material misstatement (inherent risk and control risk),
Detection risk is significantly affected by the nature, timing, and ↓ detection risk that can be accepted, and vice versa.
extent of the auditor’s substantive procedures Audit risk and detection risk move in the same direction: ↑ Audit
Detection risk is a complement of assurance provided by risk, ↑ detection risk, and vice versa
The relationship between the risks can also be expressed
mathematically in the following formula:
Audit Risk = RMM (Inherent Risk x Control Risk) x Detection Risk
Inherent risk and control risk are independent variables while
detection risk is a dependent variable.
All the components of audit risk cannot be eliminated by the
auditor due to the following reasons:
a. Inherent risk – some accounts are susceptible to a material
misstatement or the risk of such misstatement is greater for
some accounts than for others
b. Control risk – due to inherent limitations of internal control
system
c. Detection risk –
Use of testing/sampling
Use of auditor’s judgment
Even when the auditor conducts 100% examination
because audit evidence is persuasive rather than
conclusive in nature
The components of audit risk that can or cannot be controlled by
the auditor:
a. Inherent risk and control risk – cannot be controlled
because these are entity’s risk and exist independently of
the audit
b. Detection risk – can be directly controlled (increased or
decreased) by the auditor because detection risk relates to
the auditor’s procedures and can be altered by adjusting the
nature, timing, and extent of substantive procedures