Professional Documents
Culture Documents
responsibility
Risk – is a concept used to express an uncertainty Integration of Concepts of Materiality & Risk in
or what can go wrong about events and/or their a Risk-Based Audit
outcomes that could have a material effect on the
entity. 1. Risky areas of a business must be identified
2. Testing/sampling does not provide 100%
The possibility of an event occurring that will have assurance that F/S is free of material
an impact on the achievement of the entity’s misstatements
objectives. It is measured in terms of: impact and 3. Competition for clients among audit firms is
likelihood (IIA) high
4. Develop approaches & methodologies to
allocate overall assessment of materiality to
Risk Appetite- the level of risk that an entity is individual accounts
willing to accept. 5. Not all clients are worth accepting
6. Understand society’s expectations of
financial reporting to reduce audit risk to an
FACTORS AFFECTING IMPACT OF RISK acceptably low level and minimize lawsuits.
1. Materiality (amount of loss)
2. Potential reputation or brand damage
3. Importance of the related objective to
entity’s mission
4. Duration and/or pervasiveness of the event
5. Recovery Cost
FACTORS AFFECTING LIKELIHOOD OF
RISK
1. Probability estimates based on history or
cycles
2. Complexity of activities
3. Change or stability (employee turnover or
Risk management is a process to identify, assess,
new laws)
manage & control potential events or situations to
4. Control environment (integrity and ethics)
provide reasonable assurance regarding the
5. Control processes effectiveness
achievement of the entity’s objectives.
• Is it an ongoing process that helps an entity
to anticipate negative events, develop a
framework for effective decision-making &
profitably deploy the entity’s resources.
HAZARD vs RISK
• Hazard is something that has the potential
to harm you
• Risk is the likelihood of a hazard causing
harm
RISK-BASED APPROACH AUDIT
It begins with an assessment of the types &
likelihood of misstatements in account balance &
then adjusts the amount and type of audit work, to
the likelihood of material misstatements occurring
in account balance.
Under this approach, the auditor performs the
following:
1. Identification of the client’s strategy & the
processes for developing that strategy.
2. Examination of the core business process &
resource management
3. Identification for each of the key processes
(as well as subprocesses the objectives,
inputs, activities, outputs, systems &
transactions)
4. Assessment of the risks that the processes
will not meet the goals & controls related to Phase 1: RISK ASSESSMENT
those risks
• Assess precondition for an audit
FACTORS TO CONSIDER IN • Develop common understanding of the audit
IMPLEMENTING THE AUDIT RISK MODEL engagement with the client
1. High-risk activities • Identify and assess risks of material
2. Existence of large non-routine transactions misstatement
3. Matters requiring judgment or management • Respond to identify risks of material
intervention misstatement
4. Potential for fraud • Should occur at the business process level as
well as the entity level.
- Four Primary Factors
✓ Materiality of the amounts
▪ Large dollars/transaction
▪ High volume of
transactions
▪ Significant impact on key
ratio or disclosueres
✓ Complexity of the Process
Phase 2: RISK RESPONSE
▪ Limited internal skills
▪ Multiple data handoffs • Select controls to test, if applicable
▪ Highly technical in nature • Perform tests of controls, if applicable
✓ History of accounting • Consider the results of tests of controls, if
adjustments applicable
▪ Accounting errors o Contains substantive evidence about
▪ Valuation adjustments, accounts, disclosures, & assertions
etc. • perform substantive tests
✓ Propensity for change in
▪ Business processes or
controls
▪ Related accounting
BENEFITS OF THE RISK-BASED AUDIT much less work being required than
performing extensive tests of details.
1. Time Flexibility When Audit Work Needs
5. Timely Communication of Matters of
to be Performed
Interest to Management
- because risk assessment procedures do
- the improved understanding of internal
not involve the detailed testing of
control may enable the auditor to
transactions and balances, they can be
identify weaknesses in internal control
performed well before the period end,
(such as in the control environment and
assuming no major operational changes
general IT controls) that were not
are anticipated. This can help in
previously recognized. Communicating
balancing the workload of audit staff
these weaknesses to management on a
more evenly throughout the period. It
timely basis will enable them to take
may provide the client with time to
appropriate action, which is to their
respond to identified (and
benefit. This may also save time in
communicated) weaknesses in internal
performing the audit.
control and other requests for assistance
before the commencement of period-end LIMITATION OF THE AUDIT RISK-BASED
audit fieldwork. However, where interim PROCESS
financial information is not readily
1. Inherent Risk – is difficult to formally
available, the analytical risk assessment
assess
procedures may have to be performed at
2. Model risk are not independent – the
a later date
model treats each risk component as
2. Audit Team’s Effort Focused on Key
separate & independent when in fact the
Areas
components are not independent
- By understanding where the risk of
3. Audit Risk – audit risk is judgmentally
material misstatement can occur in
determined
financial statements, the auditor can
4. Audit Technology – audit technology is not
direct the audit team's effort toward
fully developed that each component of the
high-risk areas and perhaps reduce work
model can be accurately assessed.
in lower-risk areas. This will also help to
ensure that audit staff resources are used
effectively.
3. Audit Procedures Focused on Specific
Risks
- Further audit procedures are designed to
respond to assessed risks. consequently,
tests of details that only address risk in
general terms may be significantly
reduced or even eliminated.
4. Understanding of Internal Control
- The required understanding of internal
control enables the auditor to make
informed decisions and whether to test
the operating effectiveness of internal
control. Tests of controls (for which
some controls may only require testing
every three years) will often result in
LS 1.40 PSA 120 auditor is required to use the objectives stated in the
relevant PSAs in planning and performing the audit,
Framework of the Philippine Standards of
keeping in mind the interrelationships among the
Auditing
PSAs. PSA 200. 21 requires the auditor to:
A. Determine whether any audit procedures in
The ISAs on which the PSAs are based are addition to those required by the PSA's are
generally applicable to the public sector, including necessary in pursuance of the objectives
government business enterprises. However, the stated in the PSA's; and
applicability of the equivalent PSAs on Philippine B. Evaluate whether sufficient appropriate audit
public sector entities has not been addressed by the evidence has been obtained.
Council. It is the understanding of the Council that
Definitions
this matter will be addressed by the Commission on
Audit itself in due course. Accordingly, the Public A description of the meanings attributed to certain
Sector Perspective set out at the end of an ISA has terms for purposes of the PSA's. these are provided
not bee adopted into the PSAs. to assist in the consistent application and
interpretation of the PSAs. they are not intended to
override the definitions that may be established for
International Harmonization of Audit Standards other purposes, such as those contained in laws and
regulations. Unless otherwise indicated, these terms
International Auditing and Assurance Standards carry the same meanings throughout the PSA's.
Board (IAASB)
Requirements
- Develops International Standards on
Auditing (ISAs) and International This outline specific requirements, using the word
Standards Review Engagements (ISREs) “SHALL”.
- Develops International Standards on
Example in PSA 200.14
Assurance Engagements (ISAEs)
- Develops related practice statements The auditor shall comply with the relevant ethical
(IAASB Handbook, 2020 vol 1&2) requirements, including those pertaining to
independence, relating to the financial statement
audit.
Basic Parts of the Philippine Standards on
The Auditing & Assurance Standards Council
Auditing (PSAs)
(AASC) replaced the Auditing Standards and
Practices Council (ASPC). It shall have 18
regular members with a term of 3 years, renewal
Introduction for another term.
An explanation of the purpose & scope of the PSA, No. of
including how the PSA relates to other PSAs, the members
subject matter of the PSA, specific expectations on Chairman 1
the auditor & others, & the context in which the Board of Accountancy 1
Securities and Exchange Commission 1
PSA is set. Bangko Sentral ng Pilipinas 1
Commission on Audit 1
Association of CPAs in Public Practice 1
Philippine Institute of CPAs:
Objectives
Public Practice 9
The objective to be achieved by the auditor as a Commerce and Industry 1
Academe/Education 1
result of complying with the requirements of PSA. Government 1
to achieve the overall objectives of the auditor, the
Generally Accepted Auditing Standards (GAAS) Standards of Reporting (G-I-D-O)
Sets the minimum standards of auditor’s 1. The report shall state whether the financial
performance statements are presented in accordance with
generally accepted accounting principles.
• General Standards (T-I-P) 2. The report shall identify those circumstances
o Technical in which principles have not been
o Training & Proficiency consistently observed in the current period
o Independence in relation to the preceding period.
• Standards of Fieldwork (P-I-E) 3. Informative disclosures are to be regarded
o Planning as reasonably adequate unless otherwise
o Internal Control and Consideration stated in the report.
o Evidential 4. the report shall either contain an expression
• Standards of Reporting (G-I-D-O) of opinion regarding the financial
o GAAP/PFRS statements, taken as a whole, or an assertion
o Inconsistency to the effect that an opinion cannot be
o Disclosure expressed, the reasons therefore should be
o Opinion stated. In all cases, when an auditor’s name
is associated with the financial statements,
General Standards (T-I-P) the report should contain a clear-cut
indication of the character of the auditor’s
1. The examination is to be performed by examination if any in the degree of
person or persons having adequate technical responsibility he is taking.
training and proficiency as an auditor.
2. In all matters relating to an engagement, an
independence in mental attitude is to be
maintained by the auditor.
3. Due professional care is to be exercised in
the performance of the audit and in the
preparation of the report.
Introduction
1. The Auditing Standards & Practices Council
has been authorized to issue PSAs. The
purpose of this document is to describe the
framework within which PSAs are issued in
relation to the services which may be
performed by auditors.
2. For ease of reference, except where
indicated the term ‘auditor’ is used
throughout the PSAs when describing both
auditing & related services which may be
performed. Such reference is not intended to
imply that a person performing related
services need be the auditor of the entity’s
financial statements.
Purpose of an Audit
- To enhance the degree of confidence of
intended users in the financial
statements.
- Audit of F/S PSA 200.3
✓ achieved by the expression of an
opinion by the auditor on
whether the financial statements
are prepared, in all material
respects, in accordance with the
applicable financial reporting
✓ An audit is conducted in
accordance with PSAs and
relevant ethical requirements
enable the auditor to form an
opinion.
✓ In the case of most general
purpose frameworks, the opinion
is on whether the F/Ss are
presented fairly, in all material
respects in accordance with the
framework.