OVERVIEW OF RISK-BASED AUDIT PROCESS

Introduction

Audit process – primarily an evidence-gathering process

3 phases:
1. Risk assessment
2. Risk response
3. Reporting *issuing a report - always the final phase

"auditors often finalize the audit program after performing the tests of controls

- reasonable assurance is intended to inform the users that the auditors do not guarantee or insure the fair presentation of
the F.S; it communicates that there is some risk that the FS are not fairly stated even when the opinion of the
auditor is unqualified

- free of material misstatement is intended to inform the users that the auditor's responsibility is limited to material
financial information "materiality and risk fundamental concepts that are important to planning the audit and designing
the audit approach

Risk-Based Audit Approach Defined

- an audit approach that begins with an assessment of the types and likelihood of misstatements in account balance
and then adjusts the amount and type of audit work, to the likelihood of material misstatements occurring in the account
balances under this approach, the auditor performs the following:

1. Identification of the client's strategy and the processes for developing that strategy
2. Examination of the core business process and resource management
3. Identification for each of the key processes (as well as sub processes) the objectives, inputs, activities, outputs, systems
and transactions. 4 Assessment of the risks that the processes will not meet the goals and controls related to those risks.

Risk-Based Audit Vs, Account-Based Audit

- account-based auditing-auditors 1" obtain an understanding of control and assess control risk for particular types of
errors and frauds in specific accounts and cycle -risk-based audit - the audit team views all the activities in the
organization 1" in terms of risks to strategies and objectives and then in terms of management's plans and to mitigate
the risk

Nature of Risk

Risk – concept used to express uncertainty about events and/or their outcomes that could have a material effect on the
organization

1. Audit Risk - risk that an auditor may give an unqualified opinion on FS that are materially misstated
2. Engagement Risk - economic risk that a CPA firm is exposed to simply because it is associated with a particular client
controlled by careful selection and retention of client
(ex: loss of reputation, inability of the client to pay the auditor, or financial loss because management is not honest and
inhibits the audit process)
3. Financial Reporting Risk - risk that relate directly to the recording of transactions and the presentation of financial data
in an organization's ES
4. Business Risk - risk that affect the operations and potential outcomes of organizational activities

Overview of Risk Elements Affecting an Audit

Factors Affecting Business Risk:

 Economic climate
 Technological change
 Competition
 Business Volatility
 Geographic location
Factors affecting Financial Reporting Risk
 Competence and integrity of management
 Incentive to management to misstated FS
 Complexity of transactions
 Internal control

Audit risk

- risk that the auditor fails to find material misstatements in the client's FS and thereby inappropriately issues an
unqualified opinion on the E.S

The auditor can control audit risk in two different ways:

1. Avoid audit risk by not accepting certain companies as client, Le. reduce engagement risk to zero
2. Set audit risk at a level that the auditor believes will mitigate the likelihood that the auditor will fail to identify material
misstatements "business risk and financial reporting risk originate with the audit client and its environment, and these
risks then affect the auditor's engagement risk and audit risk

Financial reporting business risk arise from issues such as asset impairments, market to market accounting warranties, pensions,
estimates as well as competence and integrity of management and its incentives to misstate the FS

The Risk-Based Audit Process

Phase I. Risk Assessment

1. Performance of preliminary engagement activities to decide whether to accept/continue an audit engagement
2. Planning the audit to develop an overall audit strategy and audit plan
3. Performance of risk assessment procedures to identify/assess risk of material misstatement through understanding
the entity

Phase II. Risk Response

1. Designing overall responses and further audit procedures to develop appropriate responses to the assessed risk of
material misstatement
2. Implementing responses to assessed risk of material misstatement to reduce audit risk to an acceptably low level

Phase III. Reporting

1. Evaluating the audit evidence obtained to determine what additional audit work (if any) is required
2. Forming an opinion based on audit findings and preparing the auditor's report

PHASE I – A
Performance of Preliminary Engagement Activities

Introduction

At the beginning of the current audit engagement, the auditor should perform the following activities:
1. Perform procedures required by PSA 220(Clarified), Quality Control of an Audit of Financial Statements regarding the
continuance of the client relationship and specific audit engagement.
2. Evaluate compliance with ethical requirements, including independence as required by PSA 220
3. Establish an understanding of the terms of engagement as required by PSA 210(Clarified).

"Agreeing the Terms of Audit Engagements."

Client Selection and Retention

- the auditor's consideration of client continuance and ethical requirements including independence, occurs throughout
the performance of the audit engagement as conditions and changes in circumstances occur
- the purpose of performing these preliminary engagement activities is to help ensure that the auditor has considered any
events or circumstances that may adversely affect the auditor's ability to plan and perform the audit engagement to
reduce audit risk to an acceptably low level

"Performing these preliminary engagement activities helps to ensure that the auditor plans an audit engagement for which:
1. The auditor maintains the necessary independence and ability to perform the engagement
2. There are no issues with management integrity that may affect the auditor's willingness to continue the engagement
3. There is no misunderstanding with the client as to the terms of the engagement.
Summary

Before accepting an engagement with a new client, the CPA firm shall assess whether it:
a. is competent to perform the engagement and has the capabilities, including time and resources to do so,
b. can comply with the relevant ethical requirements
c. has considered the integrity of the client and does not have information that would lead it to conclude that the client
lacks integrity

As a final step, the CPA firm will confer and agree with management or those charged with governance the appropriate terms of
the audit engagement.

The agreed terms of the audit engagement shall be recorded in an audit engagement letter or other suitable form of written
agreement and shall include:
1. Objective and scope of the audit of the F.S
2. Responsibilities of management Identification of the applicable financial reporting framework for the preparation of the
F.S
3. Reference to the expected form and content of any reports to be issued by the auditor and a statement that there may be
circumstances in which a report may differ from its expected form and content

Recurring Audits
- the auditor shall assess whether circumstances require the terms of the audit engagement to be. revised and whether
there is a need to remind the entity of the existing terms of the audit engagement.

If the auditor is unable to agree to a change in terms of the audit engagement and is not permitted by management to continue the
original A E, the auditor shall;
1. Withdraw from the audit engagement where withdrawal is possible under applicable law or regulation
2. Determine whether there is any obligation, either contractual or otherwise, to report the circumstances to other parties,
such as those charged with governance, owners or b regulators

PHASE I-B
Planning the Audit to Develop an Overall Audit Strategy and Audit Plan Introduction

PSA 300(Clarified)
"Planning on Audit of Financial Statements"
- establishes standards and provides guidance on the considerations and activities applicable to planning an audit of ES
requires that the auditor establishes the overall strategy for the audit -plan of action
- to organize, coordinate, and schedule activities of the audit staff -audit plan- normally drafted prior to starting the work
of the client's offices

Nature and Scope of Audit Planning

Audit planning
- involves the establishment of the overall audit strategy for the engagement and developing an audit plans, in order to
reduce audit risk to an acceptably low level

Planning
- is a continuous and iterative process that often begins shortly after or in connection with the completion of the previous
audit and continues until the completion of the current audit engagement

Benefits of Audit Planning

a. It helps ensure that appropriate attention is devoted to important areas of the audit
b. It aids in identifying potential problems and resolving them on a timely basis
c. It helps ensure that the audit is properly organized, managed and performed in an effective and efficient manner.
d. It assists in the proper assignment and review of the work of the engagement team members. It helps coordinate the
work to be done by auditors of components and other parties involved such as experts, specialists, etc.

The Overall Audit Strategy

- overall audit strategy sets the scope, timing and direction of the audit and guides the development of the more detailed
audit plan.

Process of establishing the audit strategy:

 a. Identifying the characteristics of the engagement that define its scope
b. Ascertaining the reporting objectives of the engagement to plan the timing of the audit and the nature of the
communication required
c. Considering the important factors that will determine the focus and direction of the engagement team’s efforts
d. Considering the results of the preliminary activities and where applicable, whether knowledge gained on other
engagements performed by the engagement partner for the entity is relevant
e. Ascertaining the nature, timing and extent of resources necessary to perform the engagement

Other Benefits of Developing the Audit Strategy

The process of establishing the overall audit strategy assists the auditor to determine, subject to the completion of the auditor’s
risk assessment procedures, such matters as:
 The resources to deploy for specific audit areas
 The amount of resources to allocate to specific audit areas
 When these resources are to be deployed
 How such resources are managed, directed and supervised

A. Materiality

Application of the Concept of Materiality to Audit

PSA 320 (Clarified)

Materiality in Planning and Performing an Audit

- establishes standards and deals with the auditor's responsibility to apply the concept of materiality in planning and
performing an audit of F.S
- The assessment of what is material is a matter of professional judgement

Materiality - involves both quantitative and qualitative considerations

Quantitative - it is necessary to relate the peso amount of the error to the E.S. under examination

Qualitative considerations - relate to the causes of misstatement Ex: inadequate or improper description of an accounting policy

In planning the audit, materiality should be considered by the auditor when:

a. Determining the nature, timing and extent of audit procedures
b. Identifying and assessing the risks of material misstatement
c. Determining the nature, timing and extent of further audit

Levels of Materiality

1. Overall Materiality - materiality level for the FS as a whole

2. Specific Materiality - materiality level for particular classes of transactions, account balances, or disclosures
3. Performance Materiality
- used by the auditor to reduce the risk to an appropriate low level that the accumulation of uncorrected and
unidentified misstatements exceeds materiality for the ES as a whole or specific materiality.
- is set at a lower amount than overall specific materiality
The objective is to perform more audit work than would be required by the overall or specific materiality to:
 Ensure that misstatements less than overall or specific materiality are detected
 Provide a margin or buffer for possible undetected misstatements

How to Determine Materiality

- auditors make a preliminary assessment of materiality of the ES as a whole by determining the amount by which they
believe the FS could be misstated without affecting user's decisions.
- "preliminary judgement about materiality"/"planning materiality"
- the reason for determining "planning materiality" is to help the auditor plan the appropriate evidence to accumulate.

Rules of Thumb (For Use as a Starting Point)

Overall - materiality is a matter of professional judgement rather than a mechanical existence

Revenues or expenditures: 1% to 3%
Assets: 1% to 3%
Equity: 3% to 5%

Specific – establish a lower, specific materiality amount for the audit of specific or sensitive financial statement areas
Performance – no specific guidance is provided in the PSAS, Percentages range from 60% (of overall or specific materiality),
where there is a higher risk of material misstatement, up to 85% where the assessed risk of material misstatement is less

Relationship Between Materiality and Audit Risk

- inverse relationship higher materiality level = lower the audit risk.

The auditor would compensate for this by either:

a. Reducing the assessed level of control risk, where this is possible, and supporting the reduced level by carrying out
extended or additional tests of control
b. Reducing detection risk by modifying the nature, timing and extent of planned substantive procedures

B. Audit Plan – more detailed then the audit strategy

1. The nature, timing and extent of planned risk assessment procedures, as determined under PSA 315, "Identifying and
Assessing the Risks of Material Misstatements Through Understanding the Entity and its Environment"
2. The nature, timing and extent of planned further audit procedures at the assertion level, as determined under PSA 330,
"The Auditor's Responses to Assessed Risks
3. Other planned audit procedures that are required to be carried out so that the engagement complies with PSAs.

The auditor shall document:

a. Overall audit strategy
b. Audit plan
c. Any significant changes made during the audit engagement to the overall audit strategy or the audit plan, and the
reasons for such changes

Direction, Supervision and Review

- the timing, nature and extent of the direction and supervision of engagement team members and review of their work
vary depending on may factors, including:
1. Size and complexity of the entity
2. Area of the audit
3. Assessed risks of material misstatement
4. Capabilities and competence of the individual team members performing the audit work.

- PSA 220 – contains further guidance on the direction, supervision and review of audit work

Changes to Planning Decisions During the Course of the Audit – the overall audit strategy and audit plan should be updated and
changed as necessary during the course of the audit.

Documentation

- The auditor should document the overall audit strategy and the audit plan, including any significant changes made
during the audit engagement.
- The auditor may summarize the overall audit strategy in the form of a memorandum that contains key decisions
regarding the overall scope, timing and conduct of the audit

Additional Considerations in Initial Audit Engagements

The auditor should perform the following activities prior to starting an initial audit:
a. Perform procedures regarding the acceptance of the client relationship and the specific audit engagement for additional
guidance
b. Communicate with the previous auditor, where there has been a change of auditors, in compliance with relevant ethical
requirements.
c. For an initial audit, the auditor may need to expand the planning activities because the auditor does not ordinarily have
the previous experience with the entity that is considered when planning recurring engagements
Discussions of Other Critical Matters in Engagement Planning

1. Application of Analytical Procedures in Planning the Audit

- to assist the business and in identifying areas of potential risk
2. Establishment of an Engagement or Audit Team
- audit team – consists of people with different levels of expertise and experience
- composed of:
1. engagement partner
2. manager
3. at least 1 senior
4. 1 or more staff auditors
- Considerations:
1. Audit's size and complexity
2. Availability and experience of personnel
3. Necessity for special expertise
4. Opportunity to train personnel
5. Continuity and rotation of personnel
3. Consideration of Work Performed by Other Auditors/Parties
- Involvement of other auditors in the audit components
- Involvement of experts
- Number of locations

a. Predecessor Auditor
b. Other CPA

 Principal auditor – means the auditor w/ responsibility for reporting on the ES of an entity when those
F.S include financial info of one or more components audited by another auditor.

In deciding to become the principal auditor, the auditor must consider among other things, the:
 Materiality of the portion of the FS w/c the principal auditor audits
 Principal auditor's degree of knowledge regarding the business of the components
 Risk of material misstatement in the FS of the component audited by the other auditor
 Performance of additional procedures regarding the components audited by the other auditor
resulting in the principal auditor having significant participation in such audit

 Other auditor – means an auditor, other than the principal auditor, w/ responsibility for reporting on the
financial info of a component w/c is included in the ES audited by the principal auditor.
 Component – a division, branch, subsidiary, joint venture, associated company, or other entity whose
financial info. Is included in F.S audited by principal auditor
 PSA 600 – Using the Work of Another Auditor", establishes standards and provides guidance when an
auditor uses the work of another auditor on the financial info of one or more components included in the
FS of the entity.

c. Specialists – bring unique knowledge and judgement in a field other than accounting and auditing
d. Use of Client's Staff – client's staffs working papers should bear the label Prepared by Client or PBC, and
also the initials of the auditor who verifies the work performed by the client's staff; never be accepted at face
value; such papers must be reviewed and tested by the auditors
e. Internal Auditors – can affect the audit in 2 ways:
1. Can enhance internal control – In deciding whether to reduce the amount of testing for specific
assertions because of work performed by internal auditors, the independent auditor should consider
materiality of the amount, risk of misstatement and degree of subjectivity involved in evaluating
the accumulated audit evidence
2. By assisting independent auditors in performing specific audit procedures

4. Assessment of Going Concern Assumption

- PSA 570 – requires auditors to evaluate whether substantial doubt exists about an entity's ability to
continue as a going concern
- An auditor is not required to design specific procedures to evaluate whether an entity is a going concern

5. Identification of Related Parties

 - related party – defined as an affiliated company, a principal owner of the client company, or any other
party with which the client deals where one of the parties can influence the management or operating
policies of the other.
- related party transaction is any transaction between the client and a between a parent company and its
subsidiary, exchanges of equipment between two companies owned by the same person and loans to
officers

6. Client's Legal Obligations

- Pertinent current-year info that auditors should review includes minutes of directors and stockholders'
meetings, changes to articles of incorporation or by-laws and any significant contracts executed during
the year

7. Completion of the Initial Audit Program

- audit program a set of audit procedures specifically designed for each audit, the program which includes
both substantive tests and tests of controls will enable the auditor to express an opinion on the E.S taken
as a whole
- serves a set of instructions to assistants involved in the audit and as a means to control and record the
proper execution of the work
- On initial engagements, the audit program typically will develop in 3 stages:
1. Broad phases of the program can be outlined at the time of engagement
2. Other details of the program can be identified after the review of internal control structure and
accounting procedures has begun
3. Procedures on specific phases of the audit can be further challenged and revised as the work
progresses

8. Preparation of a Time Budget

- time budget – an estimate of the total hours an audit is expected to take; basis for estimating fees; also an
important tool to communicate to the audit staff those areas the manager or partner of believes are
critical and require more time, used to measure the efficiency of the staff and to determine at each stage
of the engagement whether the work is progressing at a satisfactory rate
- considerations:
1. Client's size as indicated by its gross assets, sales, number of employees
2. Location of client facilities
3. Anticipated accounting and auditing problems
4. Competence and experience of staff available

Auditor's time – most costly element of an engagement

Underreporting of time – In which a staff member reports only a fraction of the actual time spent performing
a particular audit procedure; creates unrealistic basis for following year's budget

9. Assignment of Personnel to the Engagement

- PSA 220 "Quality Control for an Audit of Financial Statements" – the auditor, and assistants with
supervisory responsibilities, will consider the professional competence of assistants performing work
delegated to them when deciding the extent of direction, supervision and review appropriate for each
assistant

10. Scheduling of Work

- Considerations:
1. Deadline for submitting final audit report and filing of income tax returns
2. Ability of the client's staff to submit required schedules
3. Other audit clients

Documentation of Audit Plan/Audit Program

Audit program – serves as a set of instructions to assistants involved in the audit plan and as a means to control and record the
proper execution of the work; also contains the objectives for each area and a time budget

Working papers:
1. Audit plans
2. Audit programs
3. Time budget
Audit plan – contains the overview of the engagement, outlining the nature and characteristics of the client's business operations
and the overall audit strategy

The following info are included in a typical audit plan:

1. Description of the client company
2. Audit objectives
3. Description of the nature and extent of other services such as tax returns preparation, etc.
4. Timetable of the audit work
5. Work to be done by the client's employer
6. Assignment of audit staff
7. Target completion dates of the major segments of the engagement
8. Preliminary evaluation and judgement about materiality level for the engagement
9. Any special problems to be resolved during the engagement particularly those revealed by analytical procedures
10. Conditions that may require changes in audit test

Planning a Repeat Engagement – It is far easier to plan for a repeat engagement than planning for a first audit of a new client.