Professional Documents
Culture Documents
AUDIT PROCESS
INTRODUCTION
1. High-risk activities
Audit risk is a concept that drives the auditor's thinking about planning the audit
and then executing an audit. The illustrations are designed to provide guidance,
but should not be applied rotely to any audit client.
CPA firms in determining their approach to implementing the audit risk model
should consider the following limitations:
a) Inherent risk is difficult to formally assess. Some transactions
because Of their complexity are more susceptible to error but it
is quite difficult to assess that level of risk independent of the client's
accounting system.
b) The model treats each risk component as separate and independent when
in fact the components are not independent. It is also quite difficult to
separate a client's material controls and inherent risk.
C) Audit risk is judgmentally determined.
d) Audit technology is not so fully developed that each component of the
model can be accurately assessed. Auditing is based on testing and precise
estimates of the model's components are not possible. Auditors can, however,
make subjective assessments and use the audit risk model as guide.
204 Chapter 8
In risk-based audit, the audit team views all activities in the organization first in
terms of risks to strategies and objectives and then in terms of management's
plans and processes to mitigate the risk. The auditors obtain an understanding of
the client's objectives. Then risks are identified and the auditors determine
how management plans to mitigate the risk and whether those plans are in place
and operating effectively.
Although specific audit procedures vary from one engagement to the next,
the following stages are involved in every engagement:
The audit approach discussed in this book has been divided into three phases. This
is illustrated in Figure 8-2. For each of the Audit phases the diagram outlines the
major activities, their purpose and the resulting documentation.
The auditor's standard report states, "We conducted Our audits in accordance
with Philippine Standards on Auditing. Those standards require that we
comply with the ethical requirements and plan and perform the audit to obtain
reasonable assurance about whether the financial statements are free of
material misstatements."
The phrase reasonable assurance is intended to inform the users that auditors do not
guarantee or insure the fair presentation of the financial statements. This phrase
communicates that there is some risk that the financial statements are not fairly stated
even when the opinion of the auditor is unqualified.
The phrase free of material misstatement is intended to inform the users that
the auditor’s responsibility is limited to material financial information.
206 Chapter 8
Materiality is important because it is impractical for auditors to provide
assurance on immaterial amounts. Thus, materiality and risk are fundamental
concepts that are important to planning the audit and designing the audit
approach.
Perform preliminary
engagement Decide whether to Listing of risk factors
activities accept engagemeny Independence
z Engagement letter
Materiality
Plan the audit Develop an overall audi
strategy and audit pl Audit team discussions
Overall audit strat
Perform risk
Identify / assess Business and fraud risk
assessment RMM" through
including significant risks
rocedures understandin the enti
Risk ofMaterial
Design / Implementation of
relevant internal
Assessed RMM at
• FIS Level
• Assertion le
Implement uceau I ns o
responses to assessed acceptably low level Work performed;
RMM Audit finfigs
Client Acceptance and PSA 210, Agreeing the Terms ofAudit Engagements
Continuance
Considering Fraud PSA 240, The Auditor's Responsibilities Relating to Fraud in
an Audit ofFinancial Statements
208 Chapter 8
Consideration of Laws PSA 250, Consideration ofLaws and Regulations in an Audit
and Regulations in of Financial Statements
Planning the Audit
Plannin an Audit PSA 300;Plannin an Audit ofFinancial Statements
Assessing Risk of Material PSA 315, Identifying and Assessing the Risks of Material
Misstatements Misstatement through Understanding the Entity and its
Environment (Newly Revised Standard effective for audits of
financial statements for periods ending on or after
December 15, 2013)
PSA 320, Materialit inPlanni andPedomi anAudit
Plannin Audit Procedures PSA 330, The Auditor's Res onses to Assessed Risks
Understanding Related Parties PSA 550, Related Parties
with those PSA 260, Communication with Those Charged with Govemance
Charged Govemance about
the Audit Pian
Testing Controls for the PSA 330, The Auditor's Responses to Assessed Risks
Financial Statement Audit
Audit Sampling for Tests of PSA 530, Audit Sampling
Controls
Testing Controls in an
Inte rated Audit
Overview ofRisk-Based Audit Process 209
Obtaining Evidence about PSA 250, Consideration-ofLaws and Regulations in an Audit of
Compliances with Laws Financial Statements
and Re ulations
PHASE Ill -
REPORTING
Omitted Procedures
Communicating with those PSA 260, Communication with Those Charged with
Cha ed with Governance Govemance
Su rvision
En a ement Qualit Review
Nature of Risk
Risk is a concept used to express uncertainty about events and/or their outcomes
that could have a material effect on the organization.
The four critical components of risk that are relevant to conducting the audit are:
2. Set audit risk at a level that the auditor believes will mitigate the likelihood
that the auditor will fail to identify material misstatements.
In controlling audit risk, the auditor must recognize that it is not possible to ever
completely eliminate audit risk, but it can be reduced by doing more work.
However, doing more work raises audit fees, which may create tension with the
client and its management.
Overview ofRisk-Based Audit Process
At the broadest level, business risk and financial reporting risk originate with
the audit client and its environment, and these risks then affect the auditor's
engagement risk and audit risk. The effectiveness of risk management processes
will determine whether a company or audit firm continues to exist.
A number of factors affect a client's business risk. For example, the overall
economic climate - favorable or unfavorable - can have a tremendous effect on
the organization's ability to operate effectively. Economic downturn,
technological change, competitor actions, new product lines also affect business
risk.
Financial reporting risk could arise from issues such as asset impairments, mark-
to-market accounting, warranties, pensions, estimates as well as competence
and integrity of management and its incentives to misstate the financial
statements.
Business risk and financial reporting risk may affect each other. For instance,
management facing strong competition and weak financial results may be
motivated to circumvent a weak internal control system or to take advantage of
complex financial instruments to achieve desired financial reporting results that
do not necessarily portray economic reality. Audit firms have discovered that
being associated with companies with poor integrity creates risk that can destroy
the audit firm or significantly increase the cost of conducting the audit.
21 1
• Audit risk set at 5% implies that the auditor is willing to take a 50/9
chance of issuing an unqualified opinion on materially misstated
financial statements.
• High levels of audit risk are appropriate for client with lower levels of
engagement risk:
Based on the assessment of engagement risk, the auditor sets the desired audit
risk. Audit risk oftentimes illustrated using numeric or quantitative examples. In
fact many audit firms use the measures associated with statistical sampling to set
audit risk, e.g., setting audit risk at a 1% level for high-risk clients and 5% for
lower-risk clients. Other auditing firms use a broader description of audit risk as
high, moderate or low and adjust the nature of their audit procedures accordingly.
REVIEW QUESTIONS
Questions
2. Compare the risk-based audit approach and account. based audit approach.
3. Give and explain four (4) factors to consider in implementing the risk-based
audit model.
d. All of the above are true statements regarding the audit opinion
formulation process.
3. Which of the following activities is not part of the activities within the audit
opinion formulation process?
a. The auditor develops a common understanding of the audit engagement with
the client
b. the auditor determines the appropriate nonaudit consulting services to
provide to the client.
c. The auditor identifies and assess risks of material misstatements and then
responds to those identified risks.
d. The auditor determines the appropriate audit opinion(s) to issue.
10. Which Of the following factors does not create a demand for external audit
services?
a. Potential bias by management in providing information,
b. Requirement of PICPA.•
c. Complexity of the accounting processing systems.
d. Remoteness between a user and the organization.
11. Which of the following expectations can users of the audit report reasonably
expect with regards to the audited financial statements?
a. The financial statements include all financial disclosures desired by users.
12. Which of the following parties are involved in preparing and auditing financial
statements?
a. Management
b. Audit committee
c. Internal audit function
d. External auditor
13. Which of the following are the responsibilities of the external auditor in
auditing financial statements?
a. Maintaining internal controls and preparing financial reports
220
b. Providing internal assurance on internal control and financial reports
c. Providing internal oversight of the reporting process
d. None of the above.
14. In terms of technical knowledge and expertise, which of the following should
external auditors do?
a. Understand accounting and auditing authoritative literature.
b. Develop industry and client-specific knowledge.
c. Develop and apply computer skills.
d. All of the above.