Professional Documents
Culture Documents
“Audit risk refers to the risk that the auditor might give an inappropriate
audit opinion on the financial statements. This occurs when the auditor
concludes that the financial statements are fairly presented when they are,
in fact, materially misstated. Audit risk is the complement of audit
assurance.”
Learning Outcomes
Pretest
Content
That the entity has rights over the reported assets and that it has valid obligation to
settle the reported liabilities. An example of an audit procedure to test this assertion
is to examine ownership documents such as certificate of title tor real property.
That assets and liabilities are properly valued and that revenue and expenses are
properly measured. A typical audit procedure to test this assertion includes
recalculation of financial statement values such as depreciation, accrued interest and
amortized cost of financial assets and liabilities.
That assets and liabilities are properly classified and disclosures in the notes to the
financial statements are adequate. Testing this assertion will require the application
of the relevant accounting standards. In addition, the auditor may review may review
major contracts such as loan agreements to identify important information that needs
to be disclosed in the notes to the financial statements.
Existence or occurrence
That assets and liabilities exist as of the financial statement date and that revenues
and expenses occurred during the reporting period. One of the most effective audit
procedures to test the existence of an asset is the physical examination or ocular
inspection of the asset. In circumstances where physical examination is not feasible,
the auditor may obtain evidence about the existence of asset through external
confirmation.
Completeness
That all items that should be reported in the financial statements are so included. A
typical procedure to satisfy this assertion is to start with a source documents such as
sales invoice and determine if it is recorded m the sales journal.
Completeness All transactions and events that should have been recorded
have been recorded
Occurrence Transactions and events that have been recorded have
occurred and pertain to the entity.
Cutoff Transactions an event have been recorded in the correct
accounting period.
Accuracy Amounts and other data relating to recorded transactions and
events have been recorded appropriately.
Classification Transactions and events have been recorded in the proper
accounts.
Rights and obligations the entity holds or controls the rights to assets, and liabilities
are the obligations of the entity.
Completeness all assets, liabilities and equity interests that should have
been recorded are in fact recorded.
Existence assets, liabilities, and equity interests exist.
Valuation and assets, liabilities, and equity interests are included in the
allocation financial statements at appropriate amounts and any
resulting valuation or allocation adjustments are appropriately
recorded.
The auditor may use the above categories of assertions or may express them differently
so long as all aspects described in the assertions have been covered.
Audit procedures
The objective of the audit is to determine the validity of the financial statement
assertions. To accomplish this, auditors normally develop specific audit objectives for
each of the relevant assertions. These audit objectives serve as a guide to auditors in
assessing the risks of material misstatement and in designing the appropriate audit
procedures to be performed.
The selection of the appropriate procedures, to satisfy a particular objective, is affected
by a number of factors including the auditor’s assessment of materiality and risk.
Regardless of the procedures selected, there is only one basic criterion. The procedures
selected should enable the auditor to gather sufficient appropriate evidence about the
validity of an assertion.
Some of the common audit procedures used by the auditor to gather sufficient
appropriate evidence include:
Inspection- involves examining of records, documents, tangible assets.
The audit process is the sequence of different activities involved in an audit. The
emphasis and order of certain activities may vary depending upon a particular audit, but
this process would basically include the following audit activities
I. Accepting an engagement
Its competence
Its independence,
But before the successor auditor contacts the predecessor auditor, the successor
auditor should obtain the client's permission to communicate with the
predecessor auditor. This is a necessary procedure because the Code of Ethics
for Professional Accountants prevents an auditor from disclosing any information
obtained about the client without the client's explicit permission. Refusal of the
prospective client's management to permit this will raise serious questions as to
whether the engagement will be accepted.
Once permission of the client is obtained, the successor auditor should inquire
into matters that may affect the decision to accept the engagement. This includes
questions regarding:
Any facts that might have a bearing on the integrity of the prospective
client's management.
The predecessor auditor should respond fully to the successor auditor's inquiry
and advise the successor auditor if there are any professional reasons why the
engagement should not be accepted.
Adequacy of the Accounting Records
The audit of the financial statements is performed on the assumption that the
financial statements are verifiable. Therefore, the client's accounting records and
documents supporting the amounts and disclosures in the financial statements
must be adequate enough to permit examination of the accounts. Inadequacy of
the accounting records is sufficient reason for the auditor to decline an audit
engagement.
Retention of Existing Clients
The auditor's evaluation of clients is not a one-time consideration. Clients should be
evaluated at least once a year or upon occurrence of major events, such as changes in
management, directors, ownership nature of client’s business, or other changes that
may affect the scope of the examination. In general, conditions which would have
caused the auditor to reject a prospective client may also result or lead to a decision of
terminating an audit engagement.
Engagement letter
According to PSA 210, the auditor and the client should agree on the terms of the
engagement and the agreed terms will have to be recorded in an engagement letter. The
engagement letter serves as the written contract between the auditor and the client. This
letter sets forth:
o The objective of the audit of financial statements which is to express an opinion
on the financial statements,
o The forms or any reports or other communication that the auditor expects to
issue,
o The fact that because of the limitations of the audit, there is an unavoidable risk
that material misstatements may remain undiscovered, and
o The responsibility of the client to allow the auditor to have unrestricted access to
whatever records, documentation and other information requested in connection
with the audit.
In addition, the auditor may also include the following items in the engagement letter:
o Billing arrangements,
Any indication that the client misunderstands the objective and scope of the
audit;
Legal requirements;
c. Objectives and strategies and the related business risks that may result in a
material misstatement of the financial statements;
e. Internal Control.
Understanding the client
Knowledge of the client's business and industry- how and why a client does what it does-
is essential it the audit is to be carried out effectively and efficiently. The auditor should
obtain a sufficient level of knowledge of the entity's business to identify and understand
the events transactions and practices that may have a significant effect on the financial
statements. The better the auditor understands the client's operations, the more efficient
the examination is likely to be, and the greater the value to the client of the auditor's
services.
If the auditor understands the operations of the client, the auditor is often able to
evaluate the reasonableness of the client's estimates. In addition, procedures can be
selected with more assurance, or perhaps uniquely applicable procedures can be
designed.
Knowledge of the entity would also include understanding the entity's objectives and
strategies, and the related business risks. An auditor's understanding of business risks
encountered by the entity increases the likelihood of identifying risks of material
misstatement and helps the auditor design appropriate audit procedures. Furthermore,
the auditor should obtain understanding of entity's measurement performance as this
may create pressures on the entity that may either motivate management to take action
to improve the business performance or it may lead management to manipulate the
financial statements.
Sources of information
The auditor can obtain knowledge of the business and industry from a number of
sources. These may include:
Review of prior years working papers,
the opening balances do not contain misstatements that materially affect the
current year's financial statements,
the prior period's closing balances have been correctly brought forward to the
current period or, which appropriate, have been restated, and
In designing an audit plan, PSA 320 requires the auditor to make a preliminary estimate
of materiality for use during the examination. The concept of materiality recognizes that
some matters are important for fair presentation of financial statements while other
matters are not. Materiality may be viewed as:
o the largest amount of misstatement that the auditor could tolerate in the
financial statements; or
o the smallest aggregate amount that could misstate any one of the financial
statements.
Note: Materiality is a matter of professional judgment and necessarily involves
quantitative factors (amount of the item in relation to the financial statements) and
qualitative factors (the nature of misstatement)
Importance of materiality in planning an audit
The auditors should make a preliminary estimate of materiality to assist them in
determining the amount of evidence needed to support their opinion. There is an inverse
relationship between materiality and the audit evidence. This means, more evidence is
needed as the level of materiality for the account decreases.
Uses of materiality
According to PSA 320, materiality should be considered by the auditor:
a. In the planning stage, to determine the scope of audit procedures, and
PI00,000 as the overall materiality level, the auditor will be able to design the audit to
provide reasonable assurance that both the income statement and the statement of
financial position are not misstated by more than this amount. A common method of
estimating the overall materiality at the financial statement level is to multiply a financial
statement base (total assets, sales, or net income) by a certain percentage.
Step 2 Determine the tolerable misstatement- Account Balance Level
Once the overall materiality has been established, the auditor determines materiality at
the account balance level. This is done by allocating the overall materiality to the
financial statement account balances. This allows the auditor to design the appropriate
audit procedures that will be applied to specific accounts. The allocated materiality to an
account is called the tolerable misstatement for that account. The professional standards
do not provide specific guidelines as to how the allocation should be done. This process
is highly subjective and requires the exercise of great deal of professional judgment.
Step 3 Compare the aggregate amount of uncorrected misstatements with the overall
materiality
After performing audit procedures, the auditor will have to compare the aggregate
uncorrected misstatements with the overall materiality (preliminary estimate of
materiality or revised materiality level) to determine whether or not the financial
statements are materially misstated. Before an unmodified opinion can be issued, the
auditor must be confident that the combined uncorrected misstatements do not exceed
the overall materiality level.
Performance Materiality
Planning the audit solely based on the materiality guidelines discussed in the preceding
section leaves no margin for possible undetected misstatements. When auditing
financial statements, it is common for auditors to exercise prudence by setting materiality
at an amount lower than the overall materiality. By using a lower level of materiality in
the performance of the audit, the extent of the audit procedures is increased thereby
reducing the risk that the amount of uncorrected and undetected misstatements will
exceed the overall materiality. The reduced level of materiality which the auditors use
both at the financial statement and account balance level is called the "performance
materiality". The determination of performance materiality involves the exercise of
professional judgment. It is affected by the auditor's understanding of the entity, updated
during the performance of the risk assessment procedures, and the nature and extent of
misstatements identified in previous audits and thereby the auditor's expectations in
relation to misstatements in the current period. Also, the level of performance materiality
can be set at different levels for different accounts.
Bases that can be used to determine the materiality level
Since audit planning is often performed before year-end, annual financial statements are
usually not available. As a result, the auditor uses alternative bases to compute tor the
preliminary estimate of materiality, such as
o Annualized interim financial statements;
Audit risk refers to the risk that the auditor might give an inappropriate audit opinion
on the financial statements. This occurs when the auditor concludes that the financial
statements are fairly presented when they are, in fact, materially misstated. Audit risk
is the complement of audit assurance.
For example, a 5% audit risk means that there is 95% assurance or confidence level that
the opinion expressed by the auditor on the financial statements is appropriate in the
circumstances. The auditor's judgment about the acceptable level of audit risk is
influenced by the type of client. For example, auditors will choose a lower level for public
companies over private companies because more users depend on the financial
statements of publicly-held companies.
NOTE: In general, as the acceptable level of audit risk decreases, the amount of audit
evidence needed to support the auditor's opinion increases.
For example, those accounts that are susceptible to misappropriation like cash or
accounts that are subject to complex calculations, such as leases are more likely to be
misstated compared to other accounts. PSA 315 requires the auditor to assess inherent
risk at the financial statement and account balance or transaction class levels. Factors
that may influence the auditor’s assessment of the risk of misstatement at the financial
statement level include:
a. The management integrity
b. Management Characteristics (e.g., aggressive attitude toward financial reporting
c. Operating Characteristics (e.g., profitability of the entity relative to its industry is
inadequate); and
d. Industry Characteristics (e.g., the industry is experiencing large number of
business failures)
Factors affecting inherent risk at the account balance level may include the following:
a. Susceptibility of the account to theft;
b. Complexity of calculations related to account;
c. The complexity underlying transactions and other events and
d. The degree of judgment involved in determining account balances.
NOTE: As the assessed level of inherent risk increases, the auditor should design more
effective substantive procedures.
Control risk is the risk that a material misstatement that could occur in an account
balance or class of transactions will not be prevented or detected, and corrected in a
timely manner by accounting and internal control systems.
Control risk is directly related to the condition of the entity's internal control system. If the
entity's internal control is effective, then the risk that the control will fail to detect or
prevent material misstatement (control risk) decreases. Holding other planning
considerations equal, as the assessed level of control risk increases, the auditor should
design more effective substantive procedures.
Detection risk is the risk that an auditor may not detect material misstatement that
exists in an assertion.
As regard minimizing this risk, the auditor relies primarily on substantive tests. The more
effective the substantive tests are, the lower the detection risk will be. Detection risk is
the complement of the assurance provided by substantive tests.
NOTE: As the acceptable level of detection risk decreases, the assurance provided by
substantive tests should increase with the application of more effective substantive
procedures.
Steps in using the audit risk model
1. Set the Acceptable Level of Audit Risk
There are no specific guidelines for setting individual audit risk. The auditor uses
professional judgment in determining the risk of accepting an assertion as fairly
stated when in fact it is materially misstated. The auditor should plan the audit in
such a way that, after performing audit procedures, an opinion can be issued on
the financial statements at a low level of audit risk. It is to be emphasized that it is
the auditor, not the entity being audited, who determines the acceptable level of
audit risk. The lower the level of acceptable audit risk, the higher the desired
level of assurance/ certainty, and vice versa.
Every account or assertion has a built-in risk of being misstated. However, there
are some accounts that, by nature, are more likely to be misstated compared to
other accounts. These are the accounts that have high inherent risks. When
assessing inherent risks for each account, the auditor must consider specific
factors related to the client that may affect the risk of a material misstatement for
a particular account. In making this assessment, the auditor relies primarily on
the knowledge of the entity, and the results of preliminary analytical procedures.
As stated earlier, control risk is the risk that the client's internal control may not
detect or prevent a material misstatement. Assessment of control risk would
involve studying and evaluating the effectiveness of the client's internal control
systems. An effective internal control reduces the risk of material misstatements
in the financial statements When assessing control risk, the auditor should
recognize that inherent limitations exist. Consequently, some control risk will
always be present no matter how effective the internal control may be.
Based on the acceptable audit risk level (Step 1) and the auditor 's assessment
of inherent and control risks (Steps 2 and 3), the auditor determines the
acceptable level of detection risk. By rearranging the audit risk model,
From this equation, we can conclude that for a given level of Audit Risk, there is an
inverse relationship between the Acceptable level of Detection Risk and the assessed
level of Inherent and Control Risks.
5. Design Substantive Tests
When planning the audit, the auditor considers what would make the financial
statements materially misstated. The auditor's as5essment of materiality, related to
specific account, helps the auditor select audit procedures that can be expected to
reduce audit risk to an acceptable level. There is an inverse relationship between
materiality and the level of audit risk, that is, the higher the materiality level, the lower the
audit risk and vice versa. The auditor takes the inverse relationship between materiality
and audit risk into account when determining the nature, timing and extent of audit
procedures. For example, it, after planning for specific audit procedure, the auditor
determines that the acceptable materiality level is lower, audit risk is increased. The
auditor would compensate for this by either:
a. reducing the assessed level of control risk, where this is possible, and supporting
the reduced level by carrying out extended or additional tests of control; or
b. reducing detection risk by modifying the nature, timing and extent of planned
substantive tests.
Risk Assessment Procedures
The procedures performed by auditors to obtain an understanding of the entity and its
environment including its internal control and to assess the risks of material
misstatements in the financial statements are called "risk assessment procedures".
These include the following
a. Inquiries of management and others within the entity
Analytical procedures help the auditor in identifying unusual transactions and events that
may indicate possible misstatement of the financial statements. Application of analytical
procedures involves the following steps:
Step 1 Develop expectations regarding, financial statements using
Prior years' financial statements
period. If the figures reflected in the financial statements do not conform to the auditor's
expectations, questions can be raised about the reliability of the financial statements or
about the accuracy of information obtained about the entity's business. Thus, analytical
procedures performed in the planning phase of the audit are useful for confirming or
challenging the auditors understanding of the client's business.
Documenting the Audit Plan
The final step in the planning process is the documentation of the audit planning process
by preparing an overall audit plan, audit program, and time budget.
Audit Plan. An audit plan is an overview of the expected scope and conduct of
the audit. The overall audit plan sets out in broad terms the nature, timing, and
extent of the audit procedures to be performed. While the audit plan varies for
each client, it should be sufficiently detailed to guide in the development of an
audit program.
Audit Program. The auditor should develop and document an audit program
setting out the nature, timing and extent of planned audit procedures required to
implement the overall audit plan. In effect, audit program executes the audit
strategy. It sets out in detail the audit procedures to be performed in each
segment of the audit. The audit program serves as a set of instructions to
assistants involved in the audit and as a means to control and record the proper
execution of the work. The form and content of the audit program may vary for
each, particular engagement but it should always include a detailed list of audit
procedures that the auditor believes are necessary to accomplish the audit
objectives.
Time Budget. A time budget is an estimate of the time that will be spent in
executing the audit procedures listed in the audit program. This provides a basis
for estimating audit fees and assists the auditor in assessing the efficiency of the
assistants.