Auditing in CIS Environment

CHAPTER I
AUDITING
 It enables the auditor to express an opinion whether the financial statements are prepared,
in all material respects in accordance with an identified financial reporting framework (PFRS)
[defined by Philippine Standards on Auditing (PSA)]
The DEFINITION conveys the ff thoughts:
1) Auditing is a systematic process – it proceeds by means of an ordered and structured series of steps.
 THE AUDIT PROCESS
o E: Engagement – audit engagement
- Engagement Letter > contract between auditor and auditee; terms or condition
> access of auditor to observe or evaluate the financial and accounting control of the entity
o P: Planning – audit planning
- how much evidence & how effective is the auditing
- plan audit effectively & efficiently
o I: Internal Control – considering internal and accounting control
- Function: eliminate error or fraud; gives reasonable assurance (75-90%)
- Four Types of Risk in Auditing:
♦ Control Risk – higher control risk = lower internal control
- lower control risk = there is test of control
♦ Internal Control - lower internal control = no test of control
♦ Detection Risk – error made by the auditor
♦ Inherent Risk – an inevitable risk
o S: Substantive Test – performing substantive test; gathering of evidence
- Two Types of Substantive Test
♦ Test of Transaction – more costly; focuses on transaction
(purchases and other effects in inventory)
♦ Test of Balances – look for beginning and ending balance
o C: Completing the Audit – PAJE (propose adjusting journal entries)
- uses materiality and give an actual evaluation or opinion report
- Opinion can be: unqualified, qualified, adverse, disclaimer
o R: Report – issuing a report (misstatements/error/unrecognized transactions & etc.)
2) An audit involves obtaining and evaluating evidence about assertions regarding economic
actions and events
 ASSERTIONS – are representation made by an auditee about economic actions and events.
- declaration or representation of financial statements, supporting docx & records
- the auditor’s objective is to determine whether these assertions are valid.
- to satisfy this objective, the auditor performs audit procedures and
gathers evidence that corroborates or refutes the assertions.
 Evidence - support the auditor’s opinion (can be positive/negative)
3) An audit is conducted objectively – the auditor should conduct the audit w/o bias.
- Impartial/Independent Attitude must maintained by the auditor
when evaluating evidence & formulating his conclusion.
4) Auditors ascertain the degree of correspondence between assertions and established criteria
- established criteria are needed to judge the validity of assertions.
- These criteria are important because they establish and inform the users of the basis
against which the assertions have been evaluated or measured.
- In an audit, the auditor determines the degree to which the assertions conform to
the established criteria.
- e.g., is FS presented according to PFRS? (Degree of correspondence)
5) Auditors communicate the audit results to various interested users
– the communication of audit findings is the ultimate objective of any audit.
- for the audit to be useful, the results must be communicated to interested users on a timely basis
- The main function of an auditor is to enhance the credibility of the FS to a reasonable assurance.

TYPES OF AUDIT:
1) Financial Statement Audit
♦ This is conducted to determine whether the FS are fairly presented in accordance w/ PFRS.
♦ Used by private entity; FS must be audited by external/internal auditor before accepted by
SEC
2) Compliance Audit
♦ It involves a review of an organization’s procedures to determine whether the organization
has adhered to specific procedures, rules or regulations.
♦ The performance of this audit is dependent upon the existence of verifiable data
and recognized criteria established by an authoritative body.
♦ Done by government agencies by giving Letter of Authority (LOA) to conduct audit to private
entities.
 3) Operational Audit (aka Performance Audit/ Management Audit)
♦ A study of specific units of an organization for the purpose of measuring its performance.
♦ Its main objective is to assess entity’s performance, identify areas for improvements and
make recommendations to improve performance.
TYPES OF AUDITOR:
1) External Auditor – these are independent CPAs who offer their professional services to different
clients on a contractual basis.
- the ones who generally perform financial statement audits
2) Internal Auditor – are the entity’s own employee who investigates and appraises the
effectiveness and efficiency of operations and internal controls.
- their main function is to assist the members of the organization in the effective
discharge of their responsibilities.
3) Government Auditor – government employees whose main concern is to determine whether
persons or entities comply w/ government laws & regulations.
- They usually conduct compliance audit (compliance w/ PFRS).

THE INDEPENDENT FINANCIAL STATEMENTS AUDIT

Responsibility for the Financial Statements
- The management is responsible for preparing and presenting the FS in accordance w/ PFRS
Assurance provided by the auditor
- The opinion of the auditor on the FS doesn’t guarantee that it is dependable.
- An audit conducted in accordance w/ Philippine Standards on Auditing (PSAs) is designed only
reasonable assurance (not absolute) that the FS taken are free from material misstatements.

INHERENT LIMITATION OF AUDIT

o S: Sampling Risk
 For practical reasons, auditors do not examine all evidence available. Many audit
conclusions are made by examining only samples of evidence.
 Whether a sample is taken, there is always a possibility that the auditor’s conclusion,
based on the sample, maybe different from the conclusion that would’ve been reached
if the auditor examines the entire population.
 Also because of this process, there is so what called inherent and audit risks.
o N: Non-Sampling Risk/ Error on Application of Judgment
 The work undertaken by the auditor to form an opinion is permeated by judgment.
 Human weaknesses can cause auditors to commit mistakes in the application of
audit procedures and evaluation of evidence.
o R: Reliance on Management Representation
  Some evidence supporting FS must be obtained by obtaining oral or written
representation from management.
 If the management lack of integrity, management may provide the auditor w/
false representations causing the auditor to rely on unreliable evidence.
o I: Internal Control (inherent limitation of the client’s accounting & internal control systems)
 Internal Control: the process designed and effected by those charged w/ governance,
management, and other personnel to provide reasonable assurance, about
achievement of the entity’s objectives w/ regard to reliability of financial reporting,
effectiveness & efficiency of operations & compliance w/ applicable law & regulations.
(e.g., segregation of duties)
 Note: Auditor cannot detect material misstatements when there is a collusion among
employees or management’s circumvention of internal control.
o E: Evidence (Nature of Evidence)
 Evidence obtained by the auditor does not consist of “hard facts” w/c prove or
disprove the accuracy of the FS.
 Instead, it comprises pieces of information and impressions w/c are gradually
accumulated during an audit w/c persuade the auditor about the fairness of the
FS.
 Audit evidence is generally persuasive (glimpse of doubt) rather than
conclusive (beyond reasonable doubt)

GENERAL PRINCIPLES GOVERNING THE AUDIT OF FS

PSA provides the following guidelines when auditing FS:
o C: Code of Professional Ethics
 The auditor should comply with the “Code of Professional Ethics for CPA” promulgated
by Board of Accountancy (BOA).
 In order to retain public confidence in the credibility of the auditor’s work
 They must adhere to standards of ethical conduct that embody & demonstrate
integrity, objectivity & concern for the public rather than self-interest.
o P: Philippine Standards on Auditing
 The auditor should conduct an audit in accordance w/ PSA.
 These standards contain the basic principles & essential procedures w/c the auditor
should follow.
 The standards also include explanatory and other materials w/c, rather than being
mandatory, is designed to assist auditors in implementing & applying auditing standard
o P: Professional Skepticism
 It is an attitude w/c means the auditor makes a critical assessment, w/ a questioning
mind, of the validity of audit evidence obtained & is alert to audit evidence, that
contradicts the reliability of documents/management representations.

NEED FOR INDEPENDENT FS AUDIT (EXTERNAL AUDITOR)

o C: Conflict (conflict of interest between management & users of FS)
 Managers are frequently placed in positions where they can benefit by
providing outside parties w/ overly optimistic, even false financial information.
  Outside parties (external auditor) want unbiased, realistic fs. They are also necessary to
convince investors and lessen conflict of interest.
 Recognizing the inherent of interest, users of FS have become skeptical of unaudited FS.

o E: Expertise
 The complexity of accounting & auditing requires expertise in verifying the quality of
the financial information
 Since most of the users of financial information are not equipped w/ the necessary skills
& competence to determine whether the FS are reliable, a qualified person is hired by
users to verify the reliability of the FS in behalf.
o R: Remoteness:
 Most of the users do not have access to the entity’s records. For this reason, they
cannot personally verify the reliability & quality of the financial information.
 Consequently, an independent auditor is needed to assist them with these actions.
o F: Financial Consequences
 Misleading financial information could have substantial economic consequences for a
decision maker
 It is therefore important that FS be audited first before they are used for making
important decisions.
 Addition to this, risks or financial consequences will also be prevented.

Theoretical Framework of Auditing (Concepts & Standards)

1. V - Verifiable
 Audit function operates on the assumption that all financial data are
verifiable.
 All balances reported in the financial statements must have
supporting documents or evidence to prove their validity.
 If no evidence exists in relation to the financial statements on which an auditor is to
express an opinion, then there can be no audit to perform.

2. I - Independence
 The auditor should always maintains independence with respect to financial statement
under audit.
 Independence is essential for ensuring credibility of the auditor’s report.
 The report of the auditor will be of little or no value to the readers of financial statements if
the readers are aware that the auditor is not independent with respect to client.

3. C- Conflicts
 There should be no long-term conflicts between the auditor and client
management.
 Short term conflicts may exist regarding the application of auditing procedures and
accounting principles, but in the end, both the auditor and the management must be
interested in the fair presentation of the financial statements.

4. I - Internal Control
 Effective internal control system reduce the possibility of errors and fraud
affecting the financial statements.
 The stronger the internal control, is the more assurance it provides about
the reliability of the accounting data and financial statements.
 5. P - PFRS (Philippine Financial Reporting Standards)
 Consistent application of generally accepted accounting principles (GAAP) or Philippine
Financial Reporting Standards (PFRS) results in fair presentation of financial statements.
 We often use different criteria to verify the validity of assertion. In the case of an
independent audit of financial statements, the criteria are usually the PFRS.

6. P - Past
 What was held true in the past will continue to hold true in the future in the absence of
known conditions to the contrary.
 Experience and knowledge accumulated from auditing a client in prior years can be used
to determine the appropriate audit procedures that need to be performed.

7. P - Public
 An audit benefit the public. Financial statements are ordinary prepared and
presented in order to meet the common information needs of a wide range of users.
 These users who rely on financial statements as their major source of information are the
primary beneficiary of the financial statement audit.

Financial Statement Assertions

Assertion
 An assertion in auditing is a claim business owners and managers make that states all information
they share during an audit is accurate.
 This information may include things like income statements, balance sheets, and cash flow
statements

THREE TYPES OF ASSERTION:

1) Test of Details - test of transactions in the presented financial statements
2) Test of Control - test of beginning & ending balances
3) Test of Analytical Procedures - initial summary of account; scanning of financial statements

These assertion may fall into the following categories

ASSERTIONS ABOUT:

1) T - Classes of Transactions and events for the period under audit:

a) O - Occurrence: transactions and events that have been recorded have occurred and
pertain to the entity.
b) C - Completeness: all transactions and events that should have been recorded have been
recorded.
c) A - Accuracy: amounts and other data relating to recorded transactions and events have
been recorded appropriately.
d) C - Cutoff: transactions and events have been recorded in the correct accounting period.
e) C - Classification: transactions and events have been recorded in the proper accounts.

2) A - Account Balances at the Period End:

a) C - Completeness: all assets, liabilities and equity interests that should have been recorded
have been recorded.
b) E - Existence: assets, liabilities, and equity interests exist.
c) R - Rights and obligations: the entity holds or controls the rights to assets, and liabilities
are the obligations of the entity.
 d) V - Valuation and allocation: assets, liabilities, and equity interests are included in the
financial statements at appropriate amounts and any resulting valuation or
allocation adjustments are appropriately recorded

3) P - Presentation & Disclosure:

a) O - Occurrence and rights and obligations: disclosed events, transactions, and other
matters have occurred and pertain to the entity.
b) C - Completeness: all disclosures that should have been included in the financial statements
have been included.
c) A - Accuracy and valuation: financial and other information are disclosed fairly and at
appropriate amounts.
d) C - Classification and understandability - financial information is appropriately presented
and described, and disclosures are clearly. expressed.

AUDIT PROCEDURES

Audit Procedures - The procedures selected should enable the auditor to gather sufficient appropriate
evidence about a particular assertion.

Audit Planning
 involves developing a general audit strategy and a detailed approach for the expected conduct of
the audit.
 The auditor's main objective in planning the audit is to determine the scope of the audit
procedures to be performed.
 The auditor should plan the audit work so that audit will be performed in an effective and
efficient manner.
 The extent of planning will vary according to the size of the entity, the complexity of the audit and
the auditor's experience with the entity, and knowledge of the business.

Adequate planning of the audit work, is, important because:

 A: Planning helps ensure that appropriate attention is devoted to important areas of the audit.
 P - It helps identify potential problems.
 E - It allows the work to be completed expeditiously.
 P - It assists in the proper assignment and coordination of work.
 E - It helps ensure that the audit is conducted effectively and efficiently.

PSA 315 requires the auditor to obtain sufficient understanding of the entity and its environment
including its internal control. Such understanding involves obtaining knowledge about the entity's:

 I - Industry, regulatory, and other external factors, including financial reporting framework;
 N - Nature of the entity, including entity's selection and application of accounting policies;
 O - Objectives and strategies and the related business· risks that may result in a material
misstatement of the financial statements;
 M - Measurement and review of the entity's performance; and
 I - Internal Control
Understanding the Entity & its Environment

 Knowledge of the client's business and industry- how and why a client does what it does- is
essential if the audit is to be carried out effectively and efficiently.
 The auditor should obtain a sufficient level of knowledge of the entity's business to identify and
understand the events, transactions and practices that may have a significant effect on the financial
statements.
 The better the auditor understands the client's operations, the more efficient the examination
is likely to be, and the greater the value to the client of the auditor's services.
 If the auditor understands the operations of the client, the auditor is often able to evaluate
the reasonableness of the client's estimates. In addition, procedures can be selected with
more assurance, or perhaps uniquely applicable procedures can be designed.
 Knowledge of the entity would also include understanding the entity's objectives and strategies,
and the related business risks.
 An auditor's understanding of business risks encountered by the entity increases the likelihood of
identifying risks of material misstatement and helps 'the auditor design appropriate audit procedures.
 Furthermore, the auditor should obtain understanding of entity's measurement of performance as
this may create pressures on the entity that may either motivate management to take action to improve
the business performance or to manipulate the financial statements.

Sources of Information

The auditor can obtain knowledge of the industry and the entity from a number of sources. These
may include:

 T - Tour of client's facilities

 D - Discussion with people within and outside the entity
 R - Review of prior years' working papers
 R - Reading books, periodicals, and other publications related to the client's industry
 R - Reading corporate documents and financial reports

The auditor should also ensure that assistants assigned to an audit engagement obtain
sufficient knowledge of the client's business and industry to enable them to carry out
the work delegated to them.

Uses of information obtained

Knowledge of the client's business is a frame of reference within which the auditor
exercises professional judgment. Understanding the business and using' this information
appropriately assists the auditor in:
 A - Assessing risks and identifying potential problems.
 P - Planning and performing the audit effectively and efficiently
 E - Evaluating audit evidence as well as the reasonableness of client's representations and estimates
 P - Providing better service to the client

To make effective use of knowledge about the client's business and industry, the auditor
should consider how it affects the financial statements and whether the assertions in
the financial statements are consistent with the auditor's knowledge of business.
Obtaining understanding of the client's business is a continuous and cumulative process.
For continuing engagements, the auditor should update and re-evaluate information gathered
previously, including information in the prior year's working papers.
Additional Consideration on New Engagements

A first-time audit requires more work than a repeat engagement because of the problem
associated with the verification of the opening balances of the balance sheet accounts.

In this regard, PSA 510 requires the auditor. obtain sufficient appropriate audit evidence that:

 M - the opening balances do not contain misstatements that materially affect the current
year's financial statements;
 A - appropriate accounting policies are consistently applied or changes in accounting
policies have been properly accounted for and adequately disclosed
 C - the prior period's closing balances have been correctly brought forward to the
current period or, when appropriate, have been restated.

The auditor may be able to obtain sufficient appropriate evidence regarding opening
balances by reviewing the predecessor auditor's working papers. In these circumstances,
the auditor would also consider the independence and professional reputation
of the predecessor auditor.

Understanding the Internal Control

Another very important step in planning an audit is to obtain an understanding

of the entity's accounting and internal control systems.
The auditor should obtain an understanding of the accounting and internal control systems
sufficient to plan the audit and develop an effective audit approach.

Developing an Overall Audit Strategy

Once the auditor has gained a sufficient understanding about the entity
and its environment including its internal control, the auditor should
formulate an overall audit strategy for the upcoming engagement.
The best audit strategy is the approach that results in the most efficient
audit- that is, an effective audit performed at the least possible cost.

An audit plan should be made regarding:

 how much evidence to accumulate;
 how and when this should be done.

When developing an audit strategy, the auditor must consider carefully the appropriate levels of
materiality and audit risk.

Materiality
 is defined in the Financial Reporting Standard Council's “Framework for the Preparation and
Presentation of Financial Statements,” in the following terms: “Information is. material, if its
omission or misstatement could influence the economic decision of users taken on the basis of the
financial statements.”
 In designing an audit plan, the auditor should make a preliminary estimate of materiality for use
during the examination.
 The concept of materiality recognizes that some matters are important
for fair presentation of financial statements while other matters are not important.
 may be viewed as: the largest amount of misstatement that the auditor could tolerate
in the financial statements, or the smallest aggregate amount that could misstate the financial statements
 is a matter of professional judgment and necessarily involves quantitative factors (amount of the
item in relation to the financial statements) and qualitative factors (the nature of misstatement)

Importance of materiality in planning an audit

 The auditor should make a preliminary estimate of materiality to determine

the amount of evidence to accumulate.
 There is an inverse relationship between materiality and evidence.
 This means, more evidence will be required for a low peso amount of materiality than for a high
peso amount.

Uses of materiality

According to PSA 320,materiality should be considered by the auditor:

1) In the planning stage, to determine the scope of audit procedures; and
2) In the completion phase of the audit, to evaluate the effect of misstatements on the financial
statements.

Using Materiality Levels

The following steps may be used as a guide when using materiality levels.
Steps 1 and 2 are performed in the planning phase while step 3 is performed in the completion phase of
the audit.

Step 1 Determine the Overall Materially-Financial Statement Level

The auditor should determine the amount of misstatement that could be material
to the financial statements taken as a whole.
If the materiality level is set too low, auditor will be wasting his time auditing accounts that are not
important.
However, if materiality level is set too high, auditor may not detect misstatements that could be
material to the readers of the financial statements.
When establishing materiality levels on a financial statement level, the auditor should
consider that the financial statements are interrelated- that is, a misstatement on one financial
statement usually affects the other statement.
For this reason, the auditor should consider materiality in terms of the smallest aggregate level of
misstatement that could distort any one of the financial statements.

For example, assume that the auditor believes that misstatements aggregating P40,000 would have a
material effect on the client's income statement and that these misstatements would have to aggregate
P60,000 to materially affect the balance sheet. When designing audit procedures, it is wiser for the auditor
to design audit procedures that will be expected to detect misstatements aggregating P40,000. By using
P40,000 as the materiality level, the auditor will have a reasonable assurance that both financial
statements are not materially misstated.

A common method of estimating materiality at the financial statement level is to multiply

a statement base (total assets, sales, or net income) by a certain percentage.
Step 2 Determine the tolerable misstatement- Account Balance Level
Once the overall materiality is established, the auditor determines materiality
at the account balance level.
This is done by allocating the overall materiality to the financial statement account balances. This
allows the auditor to determine the audit procedures that will be applied to specific accounts.
The allocated materiality to an account is called the tolerable misstatement for that account. This is
also known as the performance materiality.
The professional standards do not provide specific guidelines as to how the allocation should be
done.
This process is highly subjective and requires the exercise of great deal of judgment by the auditor.

Step 3 Compare the aggregate amount of uncorrected misstatements with the overall materiality.
After performing audit procedures, the auditor will have to compare the aggregate uncorrected
misstatements with the overall materiality (preliminary estimate of materiality or revised materiality level)
to determine whether or not the financial statements are materially misstated.

Bases that can be used to determine the materiality level

Since audit planning is often performed before year-end, annual financial statements are usually not
available.
As a result, the auditor uses alternative bases 'to compute for the materiality levels, such as:
 Annualized interim financial statements
 Prior years' financial statements
 Budgeted financial statements of the current year

AUDIT RISK

After determining the materiality levels, the auditor should design

the audit to provide reasonable assurance that the financial statements taken
as a whole are free from material misstatements.
Reasonable assurance means that the auditor can not possibly expect to detect all material
misstatements; instead, the auditor should perform audit procedures to increase the likelihood
of detecting these misstatements.
The auditor should use professional judgment to assess audit risk and to design audit
procedures to ensure it is reduced to an acceptably low level.

When designing substantive audit procedures, the auditor should consider three main issues:

1. What level of assurance does the auditor wish to attain that the financial statements
do' not contain material misstatements?
As this level of assurance increases, the scope of the auditor's substantive tests increases.
2. How susceptible is the account to material misstatement?
As the susceptibility of the account to material misstatement increases, the scope of the auditor's
substantive tests also increases.
3. How effective is the client's internal control in preventing or detecting misstatements?
As the effectiveness of the client's internal control increases, the scope of auditor's substantive tests
decreases.
Audit Risk Model

These three issues are the preliminary basis for the development of the audit risk model:Audit Risk =
Inherent Risk * Control Risk * Detection Risk
Audit risk refers to the risk that the auditor gives an inappropriate audit opinion on the FS.
This occurs because the auditor believes that the financial statements are, fairly stated when in fact
the financial statements are materially misstated.

Audit risk is the complement of audit assurance.

If the auditor is willing to accept a 5% audit risk, he must design the audit to have a 95% assurance or
confidence level that his opinion is correct.
Because of the, inherent limitations of the audit, the auditor can not totally eliminate the audit risk.
auditor should, therefore, perform audit procedures in order to limit his or her exposure to this risk to low
level.
Thus, as the desired level of audit risk decreases, the auditor should design more effective substantive
procedures.
Inherent risk is the susceptibility of an account balance or class of transactions to a material
misstatement assuming that there were no related internal controls.
This concept recognizes that some account balances, by nature, are more susceptible
to misstatement than others.
For example, those accounts that are subject to complex calculations such as pensions are more likely
to be misstated compared to other accounts.

PSA 315 requires the auditor to assess inherent risk at the financial statement and account balance or
transaction class levels.

Factors that affect the risk of misstatement at the financial statement level include:
1. The management integrity
2. Management Characteristics (e.g. aggressive attitude toward financial reporting)
3. Operating Characteristics (e.g. profitability of the
entity relative to its industry is inadequate)
4.Industry Characteristics (e.g. the industry is experiencing a
large number of business failures)

Factors affecting inherent risk at the account balance level include:

1.Susceptibility of the account to theft.
2. Complexity of calculations related to account.
3. The complexity underlying transactions and other events.
4. The degree of judgment involved in determining account balances

As the assessed level of inherent risk increases, the auditor should design more effective substantive
procedures.

Control risk is the risk that a material misstatement that could occur in an account balance or class of
transactions will not be prevented or detected and corrected on a timely basis by accounting and internal
control systems.
is related to the effectiveness of the client's internal control.
Like inherent risk, control risk exists independently of the audit of financial statements and is
assessed using the auditor's judgment. If the entity's internal control is effective, the assessed level of
control risk decreases (and vice versa). Holding other planning considerations equal, as the assessed level
of control risk increases, the auditor should design more effective substantive procedures.
Detection risk is the risk that an auditor's substantive procedure will not detect a material misstatement.
is a function of the effectiveness of the auditor's substantive procedure's.
As the acceptable level of detection risk decreases, the assurance directly provided
from substantive tests increases.
Hence, the auditor should design more effective audit procedures in order to achieve the
desired level of assurance.
Unlike inherent and control risks, the auditor can control the level of detection risks by
performing more effective substantive procedures.
The acceptable level of detection risk is inversely related to the assessed level of both
inherent and control risks.

Steps in using the audit risk model

Step 1 Set the desired level of Audit Risk

There are no specific guidelines for setting individual audit risk. The auditor uses his judgment in
determining the risk that he is willing to take of accepting an assertion as fairly stated when in fact it is
materially misstated.
The auditor should plan the audit in such a way that, after performing audit procedures, an opinion
can be issued on the financial statements at a low level of audit risk.

Step:2 Assess the Level of Inherent Risk

Every account or assertion has a built-in risk of being misstated. However, there are some accounts
that, by nature, are more likely to be misstated compared to other accounts.
These are the accounts that have high inherent risks.
When assessing inherent risks for each account, the auditor must consider specific factors related to
the client that may affect the risk of a material misstatement for a particular account. In making this
assessment, the auditor will rely primarily on his. knowledge of the client's business and industry, and the
results of his preliminary analytical procedures.

Step 3 Asses the Level of Control Risk

As stated earlier, control risk is the risk that the client's internal control may not detect or prevent a
material misstatement.
Assessment of control risk would involve studying and evaluating the effectiveness of the client's
accounting and internal control systems.
When assessing the level of control risk, the auditor should recognize that some control risk will
always be present because of the inherent limitations of the internal control.
However, if a client maintains effective internal control systems, the risk of material misstatements in
the financial statements can be minimized.

Step 4 Determine the Acceptable Level of Detection Risk

Based on the desired audit risk level (Step 1) and the auditor's assessment of inherent and control
risks (Steps 2 and 3), the auditor determines the acceptable level of detection risk. By rearranging the
audit risk model.
Step 5 Design Substantive Tests.
Unlike inherent risk and control risk, detection risk can be increased or decreased by the auditor by
performing substantive tests.
Detection risk can be looked at as the complement of the assurance provided by substantive tests.

A 10% acceptable level of detection risk means that substantive tests must be designed to provide a
90% assurance of detecting material misstatements.
Thus, a lower acceptable level of detection risk increases the assurance to be provided by substantive
tests.

To obtain greater assurance, the auditor will have to modify the scope of his substantive tests such as:
 performing more effective substantive procedures (nature)
 performing year-end procedures (timing)
 using larger sample size (extent)

On the other hand, if the acceptable level of detection risk is high, the assurance provided by
substantive tests will decrease.

As a result, the auditor could reduce the scope of his substantive procedures like:
 performing less effective substantive procedures (nature)
 performing the tests at interim(timing)
 using smaller sample size (extent)

Relating inherent, control, and detection risk to the overall audit risk
The inherent, control, and detection risks are components of the overall audit risk. Therefore, an
increase or decrease in any of these components would cause a corresponding increase or decrease in the
overall audit risk.

Of the three components, only the detection risk can be controlled by the auditor.
Inherent and control risks are functions of management and its environment, and as such, the
auditor can not change the levels of inherent and control risks. The auditor can only assess their levels.
On the other hand, detection risk is a function of the auditor. Accordingly, the level of detection risk
can be controlled by the auditor by performing substantive procedures.

During an audit, the auditor performs procedures to assess the levels of inherent and control risks.
Based on the results of such assessment, the auditor determines the acceptable level of detection risk and
modifies the scope of his substantive tests.

For example, if the assessed level of inherent and control risk is high, the auditor should minimize the level
of detection risk to be able to maintain the planned overall audit, risk level.
Conversely, if the assessed level of inherent and control risk is low, the auditor could accept a high
level of detection risk and still maintain the desired audit risk level.

Relationship between materiality and risk

When planning the audit, the auditor considers what would make the financial statements materially
misstated. The auditor's assessment of materiality related to specific account helps the auditor select audit
procedures that can be expected to reduce audit risk to an acceptable level.
There is an inverse relationship between materiality and the level of audit risk, that is, the higher the
materiality level, the lower the audit risk and vice versa.
The auditor takes the inverse relationship between materiality and audit risk into account when
determining the nature, timing and extent of audit procedures.

For example, if, after planning for specific audit procedure, the auditor determines that the
acceptable materiality level is lower, audit risk is increased.
The auditor would compensate for this by either:
 reducing the assessed level of control risk, where this is possible, and
 supporting the reduced level by carrying out extended or additional tests of control; Or
 reducing detection risk by modifying the nature, timing and extent of planned substantive
procedures.

Risk Assessment Procedures

The procedures performed by auditors to obtain an understanding of the entity and its environment
including its internal control and to assess the risks of material misstatements in the financial statements
are called “risk assessment procedures”.

These include
a. Inquiries of management and others within the entity
b. Analytical procedures; and
c. Observation and inspection

Information obtained in performing these risk assessment procedures may be used

by the auditor as evidence to support assessment of risk of material misstatement.
In addition, in performing risk assessment procedures, the auditor may obtain audit
evidence about the fair presentation of financial statements or about the operating effectiveness of
internal control even though such procedures were not specifically planned as substantive tests or tests of
control.

ANALYTICAL PROCEDURES
 involve analysis of significant ratios and trends, including the resulting investigation of fluctuations
and relationships that are inconsistent with other relevant information or deviate from predicted
amounts.
 A basic premise underlying the use of analytical procedures is that plausible relationships among data
may reasonably be expected to exist and continue in the absence of known conditions to the
contrary.
 PSA 520 requires the auditor to use analytical procedures in the planning and
overall review stages of the audit. In the planning stage of the audit,the application of 'analytical
procedures helps the auditor assess the risk of
material misstatements in the