SCHOOL OF ACCOUNTANCY, BUSINESS and HOSPITALITY

Accountancy Department

ACCT 1093 – Auditing and Assurance: Concepts and Applications, Part 1

Lesson 1: Overview of the Risk-Based Audit Process

Learning Outcomes: At the end of this module, you are expected to:
1. Describe the nature of auditing.
2. Describe the objectives of the Independent Auditor and conduct of an audit in
accordance with Philippine Standards on Auditing.
3. Distinguish between the risk-based audit process and the accounts-based
audit process.
4. Describe the activities in the risk-based audit process.
5. Explain the factors to consider in implementing the Audit Risk Model.
6. Explain the limitations of the Audit Risk Model.

LEARNING CONTENT

Introduction:
After learning the accounting issues (i.e., recognition, measurement, presentation and disclosures) on
accountable events and transactions affecting the elements of financial statements, namely assets, liabilities,
equity, income and expenses, we will now explore the road towards evaluation of whether the financial
statements of the entity are prepared in accordance with the generally accepted accounting standards. In other
words, a financial statement audit. We will be dealing various procedures in planning, executing and completing
the audit. But before we go into details, let’s have first an overview of the risk-based audit process.

Lesson Proper

First and foremost, let’s define AUDITING!

Auditing is a systematic process by which a competent, independent person objectively obtains and
evaluates evidence regarding assertions about economic actions and events to ascertain the degree
of correspondence between those assertions and established criteria and communicating the results
to interested users.

Hence, what are the overall objectives of the auditor in a risk-based audit?

1. To obtain reasonable assurance about whether the financial statements as a whole are free from
material misstatement, whether due to fraud or error, thereby enabling the auditor to express an
opinion on whether the financial statements are prepared, in all material respects, in accordance
with an applicable financial reporting framework; and

2. To report on the financial statements, and communicate as required by the ISAs, in accordance
with the auditor’s findings.

ACCT 1093 - Auditing and Assurance: Concepts and Applications 1| 1

In the conduct of financial statement audit, certain Ethical Requirements are considered by the auditor.
These requirements will be discussed separately in your Auditing Theory course. The following are the
relevant sources of these requirements:

The auditor should comply with relevant ethical requirements relating to audit engagements.
As discussed in PSA 220, "Quality Control for an Audits of Financial Statements," ethical requirements relating to audits of
financial statements ordinarily comprise Parts A and B of the Code of Ethics for Professional Accountants in the Philippines
issued by the Philippine Institute of Certified Public Accountants and adopted and promulgated by the Board of Accountancy.
PSA 220 (Clarified) identifies the fundamental principles of professional ethics established by Parts A and B of the Code of
Ethics and sets out the engagement partner's responsibilities with respect to ethical requirements. PSA 220 recognizes that
the engagement team is entitled to rely on a firm's systems in meeting its responsibilities with respect to quality control
procedures applicable to the individual audit engagement (for example, in relation to capabilities and competence of
personnel through their recruitment and formal training; independence through the accumulation and communication of
relevant independence information; maintenance of client relationships through acceptance and continuance systems; and
adherence to regulatory and legal requirements through the monitoring process), unless information provided by the firm or
other parties suggests otherwise. Accordingly, Philippine Standard on Quality Control (PSQC) 1, "Quality Control for Firms
that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements," requires
the firm to establish policies and procedures designed to provide it with reasonable assurance that the firm and its personnel
comply with relevant ethical requirements.

A term highlighted in the auditor’s overall objectives is “REASONABLE ASSURANCE”. How do we

characterize this important term in Auditing?
Philippine Standard on Auditing (PSAs) require the auditor to obtain reasonable assurance about whether the
financial statements as a whole are free from material misstatement, whether due to fraud or error.

Reasonable assurance is a high but not absolute level of assurance. It is obtained when the auditor has
obtained sufficient appropriate audit evidence to reduce audit risk (that is, the risk that the auditor
expresses
an inappropriate opinion when the financial statements are materially misstated) to an acceptably low
level.

The auditor cannot provide absolute assurance due to the inherent limitations in the work carried out.
This
results from the majority of audit evidence (on which the auditor draws conclusions and bases the
auditor’s
opinion) being persuasive rather than conclusive.

So, what could be the limiting factors why an auditor cannot provide an ABSOLUTE ASSURANCE, but only
REASONABLE ASSURANCE. The following table summarizes the inherent limitations of an audit:

Limitations Reasons
The Nature The preparation of financial statements involves:
of Financial • Judgment by management in applying the applicable financial reporting
Reporting framework; and
• Subjective decisions or assessments (such as estimates) by management
involving a range of acceptable interpretations or judgments.

Nature of Most of the auditor’s work in forming the auditor’s opinion consists of obtaining and
Audit evaluating audit evidence. This evidence tends to be persuasive in character rather
Evidence than conclusive.
Available
Audit evidence is primarily obtained from audit procedures performed during the
course of the audit. It may also include information obtained from other sources such
as:
• Previous audits;
• A firm’s quality control procedures for client acceptance and continuance;
• The entity’s accounting records; and
ACCT 1093 - Auditing and Assurance: Concepts and Applications 1| 2
 • Audit evidence prepared by an expert employed or engaged by the entity.

The Nature Audit procedures, however well designed, will not detect every misstatement.
of
Audit Consider the following:
Procedures • Any sample of less than 100% of a population introduces some risk that a
misstatement will not be detected;
• Management or others may not provide, intentionally or unintentionally, the
complete information required. Fraud may involve sophisticated and carefully
organized schemes designed to conceal it; and
• Audit procedures used to gather audit evidence may not detect that some
information is missing.

Timeliness The relevance/value of financial information tends to diminish over time, so a balance
of Financial needs to be struck between the reliability of information and its cost.
Reporting
Users of financial statements expect that the auditor will form his or her opinion within
a reasonable period of time and at a reasonable cost. Consequently, it is impracticable
to address all information that may exist, or to pursue every matter exhaustively on
the assumption that information is in error or fraudulent until proved otherwise.

As an auditor, what is the scope of your FINANCIAL STATEMENT AUDIT?

The scope of the auditor’s work and the opinion provided are usually confined to whether the financial
statements are prepared, in all material respects, in accordance with the applicable financial reporting
framework.

As a result, an unmodified auditor’s report* does not provide any assurance about the future viability
of the entity, nor the efficiency or effectiveness with which management has conducted the affairs of
the entity.

Any extension of this basic audit responsibility, such as that required by local laws or securities
regulations, would require the auditor to undertake further work and to modify or expand the auditor’s
report
accordingly.
* Kapag sinabing auditor’s report, ito ‘yung iniissue ng auditor na opinion tungkol sa fairness ng financial
statements na in-audit niya. Actually, ito yung pinaka-goal mo kung bakit ka nag-o-audit – para maibigay mo yung
opinion tungkol sa FS nila. May iba’t ibang klase ng auditor’s report. Isa dito yung UNMODIFIED or UNQUALIFIED.

Mayroon kasi tayung tinatawag na STANDARD AUDIT REPORT. Itong Standard Audit Report na ito ay nagsasaad
ng opinyon na ang FS ng entity ay fairly presented. Bale ito yung TEMPLATE ng mga auditor’s report. Kapag itong
Standard Audit Report na ito ay HINDI MINODIFY o HINDI KWINALIFY ng auditor, ibig sabihin nun sinasabi ng
auditor na ang FS ng entity ay fairly presented in all material respects.

Pero ‘pag minodify ito ng auditor, may problema sa FS ng entity. Ang tawag sa ibang types ng auditors report
maliban sa UNMODIFIED/UNQUALIFIED ay:
1. Modified/Qualified (may portion sa FS na hindi sumasang-ayon and auditor, pero hiindi sa kabuuan ng FS.
Portion lang talaga kaya kwinaqualify niya ang opinion niya);

2. Adverse (Totally hindi sumasang-ayon sa presentation ng FS and auditor. Therefore, affected ang buong FS.);
and

3. Disclaimers of Opinion (Ito naman yung iniissue na report ng auditor kung hindi niya na-audit yung FS dahil sa
maraming dahilan. Isang dahilan ay ang hindi pakikiisa ng auditee sa mga audit procedures na ginagawa ng
auditor. Ibig sabihin, hindi talaga nakapagimplement ng audit procedure si auditor kaya wala siyang maibigay na
opinion tungkol sa fairness ng FS presentation).

ACCT 1093 - Auditing and Assurance: Concepts and Applications 1| 3

The following concepts are relevant in the course of audit. You will regularly encounter these terms:

Material Misstatements
A material misstatement (the aggregate of all uncorrected misstatements and missing/misleading
disclosures
in the financial statements, including omissions) has occurred when they could reasonably be expected
to
influence the economic decisions of users made on the basis of the financial statements.

Assertions
Assertions are representations by management, explicit or otherwise, that are embodied in the financial
statements. They relate to the recognition, measurement, presentation, and disclosure of the various
elements (amounts and disclosures) in the financial statements.

For example, the completeness assertion relates to all transactions and events that should have been
recorded having been recorded. They are used by the auditor to consider the different types of potential
misstatements that may occur.
Ito yung pinaninindigan ng management o ng audit client mo na nasasaad sa ini-audit mong FS nila. Bilang auditor,
ito yung gusto mong I-VALIDATE kung totoo nga ang sinasabi nila. Halimbawa sa COMPLETENESS, pinaninindigan
ng management na LAHAT ng LIABILITIES nila ay NA-RECOGNIZE sa FS nila. Kung ikaw si auditor, ang gagawin mo,
mag-iimplement ka ng audit procedure para i-validate kung totoo ngang COMPLETELY RECOGNIZED lahat ng mga
liabilities nila. Aside from COMPLETENESS, merun pang ibang ASSERTIONS tulad ng EXISTENCE (e.g.,
pinaninindigan ng management na lahat ng CASH na nilagay nila sa FS nila ay totoong nag-eexist), RIGHTS (e.g.,
pinaninindigan ng management na yung LAND na nirecognize nila sa FS ay may titulo at karapatan sila dito),
VALUATION (e.g., pinaninindigan ng management na ang VALUE ng INVENTORIES na nilagay nila sa FS ay in
conformity sa requirement ng IAS 2-Inventories na LOWER OF COST AND NET REALIZABLE VALUE, and lastly
PRESENTATION & DISCLOSURE (e.g., pinaninindigan ng management na PROPERLY PRESENTED ang PROVISIONS
for WARRANTIES AND LAWSUITS at lahat ng underlying circumstances sa mga provisions na ito ay SUFFICIENTLY
DISCLOSED sa Notes to the financial statements.)

Professional Skepticism
The auditor should plan and perform an audit with an attitude of professional skepticism recognizing
that circumstances may exist that cause the financial statements to be materially misstated.

It is a means of enhancing the auditor’s ability to identify risks of material misstatement and to respond
to the risks identified.

Professional skepticism is also linked to the application of professional judgment by the auditor. An audit
performed without an attitude of professional skepticism is not likely to be a high quality audit. At its
core the application of professional skepticism should help to ensure that the auditor does not neglect
unusual circumstances, oversimplify the results from audit procedures or adopt inappropriate
assumptions when determining the audit response required to address identified risks, all of which
should improve audit quality.

An attitude of professional skepticism means the auditor makes a critical assessment, with a questioning
mind, of the validity of audit evidence obtained and is alert to audit evidence that contradicts or brings
into question the reliability of documents and responses to inquiries and other information obtained
from management and those charged with governance.

ACCT 1093 - Auditing and Assurance: Concepts and Applications 1| 4

The concept of AUDIT RISK

Audit risk is the risk of expressing an inappropriate audit opinion on financial statements that are
materially
misstated. The objective of the audit is to reduce this audit risk to an acceptably low level.

In other words, audit risk is the risk that the auditor may give an unqualified opinion on materially
misstated financial statements.

This definition of audit risk does not include the risk that the auditor might erroneously express an
opinion that the financial statements are materially misstated.

But, who actually has the responsibility for the Financial Statements?

✓ While the auditor is responsible for forming and expressing an opinion on the financial
statements, the responsibility for the preparation and presentation of, the financial statements
in accordance with the applicable financial reporting framework is that of the management of
the entity, with oversight from those charged with governance (normally, the Board of
Directors).
✓ The audit of the financial statements does not relieve management or those charged with
governance of their responsibilities.
✓ The term “management” has been used in the PSA 200 to describe those responsible for the
preparation and presentation of the financial statements.

Ok, guys, let’s try now to have a glimpse on the overview of the AUDIT PROCESS. It might be overwhelming
to you, but having now that picture in mind of what are to be expected to be learned in this course would
greatly help you later refocus your perspective as you walk through the rigors of the audit process.

Emphasis on “RISK-BASED” over “ACCOUNTS-BASED” is made to direct you to the approach that we will
use in the audit process.

So, what is a “Risk-Based Audit”

✓ Risk-based audit model is an audit approach that begins with an assessment of the types and
likelihood of misstatement in account balances and then adjusts the amount and type of audit
work to the likelihood of material misstatement occurring in account balances.
✓ In risk-based audit, the audit team views all activities in the organization first in terms of risks to
strategies and objectives, and then in terms of management’s plans and processes to mitigate (or
prevent) the risk. The auditors obtain an understanding of the client's objectives. The risks are
identified, and the auditors determine how management plans to mitigate the risk and whether
those plans are in place and operating effectively.
✓ Account-based audit is an approach wherein the auditor obtains an understanding of control and
assesses control risk for particular types of errors and frauds in specific accounts and cycle. We will
elaborate later the concept of control and control risk.

ACCT 1093 - Auditing and Assurance: Concepts and Applications 1| 5

Below is a diagram of the audit process. It is divided into three phases—risk assessment, risk response,
and reporting. It illustrates the nature of each phase and the interrelationships between the activities and
phases.

Adapted from Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities
Volume 1—Core Concepts by the International Federation of Accountants (IFAC).

ACCT 1093 - Auditing and Assurance: Concepts and Applications 1| 6

An online video discussion of the diagram is being reserved for you.

As early as now, your good grasp of the concept “AUDIT RISK MODEL” is a pre-requisite for further
appreciation of the next topics for this course. Elaboration of this concept is also made available via our online
video discussion.

For advanced reading of the relevant concepts under AUDIT RISK MODEL, you may refer to the following
outline:

1. The concept of Audit Risk, Engagement Risk, Business Risk and Financial Reporting Risk.
2. The concept of Inherent Risk (IR), Control Risk (CR), and Detection Risk (DR).
3. Factors to Consider in Implementing the Audit Risk Model.
4. Limitations of the Audit Risk Model.

REFERENCES

Textbooks
Cabrera, M.E. (2017) Applied Auditing. Manila: GIC Enterprises & Company, Incorporated

Online Reference
https://www.ifac.org/

ACCT 1093 - Auditing and Assurance: Concepts and Applications 1| 7