AT-001 (Risk Assessment)

ISA (PSA) 315: Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment

 To provide a basis for identification and assessment of risks of material misstatement at the financial statement and assertion levels, the auditor shall
perform risk assessment procedures. Thus procedures shall include: Inquiries with management; Analytical Procedures; Observation and Inspection

 Where Auditor has performed other engagements with the entity, auditor shall consider whether information obtained is relevant for identifying the risk of
material misstatement. If Auditor intends to use his/her previous experiences with the entity, he shall determine whether changes have occurred since
previous audit that may affect its relevance on current audit

 To obtain an understanding of the following: Industry, regulatory and other external factors; Nature of entity; Selection and application of accounting
policies; Objectives and strategies and related business risks; Measurement and review of entity’s financial performance; Internal control

 ISA 315 sets out five components of Internal control: Control environment; Entity’s risk assessment process; the information system, including related
business processes, relevant to financial reporting and communication; Control activities relevant to audit; Monitoring of controls

 Usually, those controls which pertain to entity’s objective of preparing financial statements are subject to risk assessment procedures

 Obtaining an understanding of entity and its environment including entity’s internal control is a continuous, dynamic process of gathering, updating and
analyzing information throughout the audit

 To identify and assess risks of material misstatement at financial statement level, and at assertion level for classes of transactions, account balances and
disclosures

 Auditors are required to: Relate identified risks to what can go wrong at assertion level; Consider potential magnitude of risks in the context of financial
statements; Consider the likelihood that risks could result in a material misstatement of financial statements

 Documentation should cover: Discussion among engagement team; Key elements of understanding obtained; Sources of information; Risk assessment
process; the identified and assessed risks; Significant risks evaluated; Risks evaluated for which substantive procedures done

 Auditor uses professional judgment to determine the extent of understanding required. Auditors primary consideration is whether the understanding that
has been obtained is sufficient to meet the objective stated in the ISA

ISA (PSA) 320: Materiality in Planning and Performing an Audit

  ISA 320 deals with the auditor’s responsibility to apply the concept of materiality in planning and performing an audit of financial statements

 In planning the audit, the auditor makes judgments about the size of misstatements that will be considered material

 These judgments provide a basis for:

• Determining the nature, timing and extent of risk assessment procedures;

• Identifying and assessing the risks of material misstatement; and

• Determining the nature, timing and extent of further audit procedures

 For purposes of the ISAs, performance materiality means the amount or amounts set by the auditor at less than materiality for the financial statements as a
whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the
financial statements as a whole. If applicable, performance materiality also refers to the amount or amounts set by the auditor at less than the materiality
level or levels for particular classes of transactions, account balances or disclosures

 The auditor shall revise materiality for the financial statements as a whole (and, if applicable, the materiality level or levels for particular classes of
transactions, account balances or disclosures) in the event of becoming aware of information during the audit that would have caused the auditor to have
determined a different amount (or amounts) initially

 The audit documentation shall include the following amounts and the factors considered in their determination:

• Materiality for the financial statements as a whole

• If applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures

• Performance materiality and

• Any revision of above as the audit progressed

ISA (PSA) 330: The Auditor’s Responses to Assessed Risks

 The objective is to obtain sufficient appropriate audit evidence about assessed risks of material misstatement, through designing and implementing
appropriate responses to those risks

 Auditor shall design and implement overall responses to address assessed risks of material misstatement at financial statement level. To design and
perform further audit procedures whose nature, timing and extent are based on and are responsive to assessed risks of material misstatement at assertion
level
  In designing further audit procedures to be performed, the auditor shall:

a) Consider reasons for the assessment given to risk of material misstatement at the assertion level for each class of transactions, account balance, and disclosure

b) Obtain more persuasive audit evidence – the higher the auditor’s assessment of risk

 When the auditor obtains audit evidence about operating effectiveness of controls during an interim period, the auditor shall:

a) Obtain audit evidence about significant changes to those controls subsequent to the interim period; and

b) Determine additional audit evidence to be obtained for the remaining period

 Based on the audit procedures performed and audit evidence obtained, auditor shall evaluate before conclusion of audit whether assessments of risks of
material misstatement at assertion level remain appropriate

 Auditor shall conclude whether sufficient appropriate audit evidence has been obtained. In forming an opinion, auditor shall consider all relevant audit
evidence, regardless of whether it appears to corroborate or contradict assertions in financial statements

 If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement assertion, the auditor shall attempt to obtain further
audit evidence. If the auditor is unable to obtain sufficient appropriate audit evidence, auditor shall express a qualified opinion or a disclaimer of opinion

 If Auditor plans to use audit evidence about operating effectiveness of controls obtained in previous audits, auditor shall document conclusion reached
about relying on such controls that were tested in a previous audit

Multiple Choice Questions

1. Inherent risk and control risk differ from detection risk in that they
a. Arise from the misapplication of auditing procedures
b. May be assessed in either quantitative or nonquantitative term
c. Exist independently of the financial statement audit
d. Can be changed at the auditor’s discretion
2. Inherent risk and control risk differ from detection risk in that inherent risk and control risk are
a. Elements of audit risk while detection risk is not
b. Changed at the auditor’s discretion while detection risk is not
c. Considered at the individual account-balance level while detection risk is not
d. Functions of the client and its environment while detection risk is not
3. Which of the following is an incorrect statement?
a. Detection risk is a function of the effectiveness of an auditing procedure and its application
b. Detection risk arises partly from uncertainties that exist when the auditor does not examine 100 percent of the population
c. Detection risk arises partly because of other uncertainties that exist even if the auditor were to examine 100 percent of the population
d. Detection risk exists independently of the audit of the financial statements
4. Why would the auditor assess control risk?
 a. Because it indicates where inherent risk may be the greatest
b. Because it determines whether sampling risk is sufficiently low
c. Because it affects the level of detection risk the auditor may accept
d. Because it includes the aspects of non-sampling risk that are controllable
5. An auditor decides to increase the assessed level of control risk from that originally planned on the basis of audit evidence gathered and evaluated. To achieve
an overall audit risk level that is substantially the same as the planned audit risk level, the auditor would
a. Decrease substantive testing c. Increase inherent risk
b. Increase materiality levels d. Decrease detection risk
6. As the acceptable level of detection risk decreases, the assurance directly provided from
a. Substantive tests should increase c. Substantive tests should decrease
b. Tests of controls should increase d. Tests of controls should decrease
7. Which of the following statements is true?
a. If control risk is assessed at maximum, the nature of related substantive tests should be changed from more to less effective
b. If control risk is assessed at maximum, the nature of related substantive tests should be changed from less to more effective
c. If control risk is assessed at maximum, the timing of related substantive tests should be changed from year-end to an interim date
d. If control risk is assessed at maximum, the extent of related substantive tests should be changed from a larger to a smaller sample
8. Which of the following is not a distinguishing feature of risk-based auditing?
a. Identifying areas posing the highest risk of financial statement errors
b. Analysis of internal control
c. Obtaining and evaluating evidence
d. Concentrating audit resources in those areas presenting the highest risk of financial statement errors
9. ISA 315 requires
a. The auditor to obtain an understanding of the entity and its environment, including its internal control
b. Discussion among the engagement team about the susceptibility of the entity’s financial statements to material misstatement
c. The auditor to identify and assess the risks of material misstatement at the financial statement and assertion levels
d. All of the above
10. Which of the following is incorrect regarding ISA 315?
a. The purpose of this ISA is to establish standards and to provide guidance on obtaining an understanding of the entity and its environment, including its
internal control, and on assessing the risks of material misstatement in a financial statement audit
b. This ISA requires the auditor to make risk assessments at the financial statement and assertion levels based on an appropriate understanding of the entity
and its environment, including its internal control
c. The requirements and guidance of this ISA are to be applied in conjunction with the requirements and guidance provided in other ISAs
d. This ISA discusses the auditor’s responsibility to determine overall responses and to design and perform further audit procedures whose nature, timing,
and extent are responsive to the risk assessments
11. Which statement is incorrect regarding obtaining an understanding of the entity and its environment?
a. Obtaining an understanding of the entity and its environment is an essential aspect of performing an audit in accordance with ISAs
b. That understanding establishes a frame of reference within which the auditor plans the audit and exercises professional judgment about assessing risks of
material misstatement of the financial statements and responding to those risks throughout the audit
c. The auditor’s primary consideration is whether the understanding that has been obtained is sufficient to assess the risks of material misstatement of the
financial statements and to design and perform further audit procedures
 d. The depth of the overall understanding that is required by the auditor in performing the audit is equal to that possessed by management in managing the
entity
12. The main purpose of risk assessment procedures is to
a. Obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial
statement and assertion levels
b. Test the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level
c. Detect material misstatements at the assertion level
d. All of the above
13. The auditor should perform the following risk assessment procedures to obtain an understanding of the entity and its environment, including its internal
control, except:
a. Inquiries of management and others within the entity
b. Inquiries of the entity’s external legal counsel or of valuation experts that the entity has used.
c. Analytical procedures
d. Observation and inspection
14. Inquiries directed towards those charged with governance may most likely
a. Relate to their activities concerning the design and effectiveness of the entity’s internal control and whether management has satisfactorily responded to
any findings from these activities
b. Help the auditor understand the environment in which the financial statements are prepared
c. Relate to changes in the entity’s marketing strategies, sales trends, or contractual arrangements with its customers
d. Help the auditor in evaluating the appropriateness of the selection and application of certain accounting policies
15. The following are examples of conditions and events that may indicate the existence of risks of material misstatement, except
a. Operations in regions that is economically stabl.
b. Pending litigation and contingent liabilities
c. Application of new accounting pronouncements
d. Entities or business segments likely to be sold
16. Which of the following conditions and events may most likely indicate the existence of risks of material misstatement?
a. Having personnel with appropriate accounting and financial reporting skills
b. Accounting measurements that involve simple processes
c. Significant amount of routine or systematic transactions
d. Constraints on the availability of capital and credit
17. Which statement is incorrect regarding significant risks that require special audit consideration?
a. The auditor should determine which of the risks identified risks that require special audit consideration are, in the auditor’s judgment
b. The auditor excludes the effect of identified controls related to the risk to determine whether the nature of the risk, the likely magnitude of the potential
misstatement including the possibility that the risk may give rise to multiple misstatements, and the likelihood of the risk occurring are such that they
require special audit consideration
c. Routine, non-complex transactions that are subject to systematic processing are more likely to give rise to significant risks because they have higher
inherent risks
d. Significant risks are often derived from business risks that may result in a material misstatement
18. The auditor should design and perform further audit procedures whose nature, timing, and extent are responsive to the assessed risks of material misstatement
at the assertion level. Which of the following is the most important consideration in responding to the assessed risks?
a. The nature of the audit procedures c. The timing of the audit procedures
b. The extent of the audit procedures d. All of these are equally important
 19. Which statement is incorrect regarding the nature of further audit procedures?
a. The nature of further audit procedures refers to their purpose and their type
b. Certain audit procedures may be more appropriate for some assertions than others
c. The higher the auditor’s assessment of risk, the less reliable and relevant is the audit evidence sought by the auditor from substantive procedures
d. The auditor is required to obtain audit evidence about the accuracy and completeness of information produced by the entity’s information system when
that information is used in performing audit procedures
20. Which statement is incorrect regarding the timing of further audit procedures?
a. Timing refers to when audit procedures are performed or the period or date to which the audit evidence applies
b. The auditor may perform tests of controls or substantive procedures at an interim date or at period end
c. If the auditor performs tests of controls or substantive procedures prior to period end, the auditor considers the additional evidence required for the
remaining period
d. All audit procedures can be performed prior to period end

PSA 315: Identifying and Assessing Risk of Material Misstatement Through PSA 320: Materiality in PSA 330: The
Understanding of the Entity’s Environment Planning and Performing Auditor's
an Audit Responses to
Assessed Risks
Responsibility of 1)OBTAINING 2)RISK INHERENT RISK
Management and ASSESSMENT WHY? HOW? >Tolerable misstatement that [w/o considering
PURPOSE OF DOCUMENTING [Risk Assessment an Auditor is willing to accept
CONTROLS? WHAT? 1.To determine Procedure] without modifying the assessed entity’s controls]
Understanding of Potential the level of level of control risk.
>prevent and the entity’s misstatement of detection risk. 1.Inquiry of
>detect risk controls the financial 2.To determine management >It is a matter for the Auditor CONTROL RISK
ENTITY’S >preventive statements the planned 2. Analytical to exercise his professional [not detected by
WHAT IF?
CONTROLS >detective procedure to be procedure to judgement
entity’s controls]
>corrective performed. identify plausible
NOT (unusual)
DETECTED by 1.1) Elements of 3. Primarily to relationship through
the ENTITY’S controls determine the (N- examination of DETECTION RISK
CONTROLS…. E-T) of trends and ratios. [not detected by the
substantive testing 3.Inspection and
…..Be procedures. observation AUDITOR]
DETECTED by
the AUDITOR
AUDITOR

Inversely related
AR = IR @ CR @ DR
function of auditor Level of
OCEDURES
RELIANCE CONTROLS Levelofofmanagement
>function DETECTION
Level on the >existCONTROL
independently RISK
F.S. RISK
SUBSTANTIVE TESTING >BE
MORE
>LOW >HIGH
>WEAKPROCEDURE REDUCED
 N E T
Focus on More Year-end
external
forces

A) ADJUSTED Per BOOK Per BANK B) BOOK TO BANK c) BANK TO BOOK

BALANCE METHOD METHOD METHOD
Classification UNADJUSTED Mad Suppose Balanc Balanc Mad Supposed UNADJ. B BANK UNADJ. BAN B
BALANCES e d e e e Balance/ O Balance/BANK K O
Add (Deduct): BOOK O O
K K
Receipt 1.Deposit in transit, 100T 100T
P100,000
Disbursement 2. Outstanding check, (50T (50T)
P50,000 )
3. Credit Memo (note ø 75T
Receipt collected by bank), P75,000

Disbursement 4. Bank Service Charge, (Ø) (25T)

P25,000

Receipt/ 5.DAIF/DAUD (NSF) Dec.

Disbursement
ø
& redeposited Dec.
amounting to P40,000
6.December DAIF/DAUD (Ø) (60T)
Disbursement of P60,000, not redeposited
on Dec.
Receipt 7.Dec. Erroneous Bank CM, ø ø
P200,000
Disbursement 8.Dec. Erroneous Bank ø ø
Charge, P75,000
9.Check for payment of A/P
Disbursement amounting to P5,100 (1.5T (5,100)
recorded as P1,500 )
UNADJ. UNADJ.
ADJUSTED Balance/ Balance/
BALANCES BANK BOOK