CHAPTER 1 CORE CONCEPTS OF A RISK-BASED APPROACY TO CONDUCTING A QUALITY AUDIT NATURE OF INDEPENDENT FINANCIAL STATEMENTS AUDIT fuditing is a systematic process by which a competent, independent Person objectively obtains and evaluates evidence regarding assertions about €conomig actions and events to ascertain the degree of correspondence between thas assertions and established criteria and communicating the results to interesteq users. OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH PHILIPPINE STANDARDS ON AUDITING (PSR200) The Philippine Standard on Auditing (PSA) establishes the independent auditors overall responsibilities when conducting an audit of financial statements Specifically, it sets out the overall objectives of the independent auditor, ang explains the nature and scope of an audit designed to enable the independent auditor to meet those objectives. It also explains the scope, authority and structure of the PSAs, and includes requirements establishing the general responsibilities of the independent auditor applicable in all audits, including the obligation to comply with the PSAs, OBJECTIVES OF AN AUDIT In conducting an audit of financial statements, the overall objectives of the auditor are: (a) To obtain reasonable assurance about whether the financial statements as a whole are free from material Misstatement, whether due to fraud.or error, them by enabling the auditor to express an opinion on whether the financial statements are Prepared, in all material respects, in accordance With an applicable financial reporting framewor nd (b) To report on the financial statements, and communicate as required by the PSAs. in accordance with the auditor's findings.3 A Risk-Based Approach to Conducting, a Quali The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. This is achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material Fespects, in accordance with an applicable financial reporting framework. In the case of most general-purpose frameworks, that opinion is on whether the financial ements are presented fairly, in all material respects, in accordance with the framework. An audit conducted in accordance with PSAs and relevant ethical requirements enables the auditor to form that opinion. An audit of financial statements is an assurance engagement, as defined in the Philippine Framework for Assurance Engagements. ‘The Framework defines and describes the elements and objectives of an assurance engagement. The PSAs apply the Framework in the context of an audit of financial statements and contain the basic principles and essential procedures, together with related guidance, to be applied in such an audit. ETHICAL REQUIREMENTS RELATING TO AN AUDIT OF FINANCIAL STATEM| The auditor should comply with relevant ethical requirements relating to audit engagements. As discussed in PSA 220, "Quality Control for an Audits of Financial Statements," ethical requirements relating to audits of financial statements ordinarily comprise Parts A and B of the Code of Ethics for Professional Accountants in the Philippines (Ethics Code)! effective April 6, 2018 adopted and promulgated by the Board of Accountancy. PSA 220 (Revised) identifies the fundamental principles of professional ethics established by Parts A and B of the Ethics Code and sets out the engagement partner's responsibilities with respect to ethical requirements. PSA 220 recognizes that the engagement team is entitled to rely on a firm's systems in meeting its responsibilities with respect to quality control procedures applicable to the individual audit engagement (for example, in relation to capabilities and competence of personnel through their recruitment and formal training; independence through the accumulation and communication of relevant independence information; maintenance of client relationships through acceptance and’ continuance systems, and adherence to regulatory and legal requirements through the monitoring process), unless information provided by the firm or other parties suggests otherwise. Accordingly, Philippine Standard on Quality Control (PSQC) 1, "Quality Control for Firms that Perform Audits and T Adapted 10 the Code of Ethics for Professional Accountants issued by the International Federation of Accountants4 Chapter 1 Reviews of Finan Statements, and Other Assurance and Related Services Engagements," requires the firm to establish policies and procedures designed to provide it with reasonable assurance that the firm and its personnel comply with relevant ethical requirements. CONDUCT OF AN AUDIT OF FINANCIAL STATEMENTS, The auditor should conduct an audit in accordance with Phil Auditing. pine Standards on PSAs contain basic principles and essential procedures together with related guidance in the form of explanatory and other material, including appendices, The basic principles and essential procedures are to be understood and applied in the context of explanatory and other materials that provide guidance for their application. The text of a whole Standard is considered in order to understand and apply the basic principles and essential procedures. In conducting an audit in accordance with PSAs, the auditor is also aware of and considers Philippine Auditing Practice Statements (PAPSs) applicable to the audit engagement. PAPSs provide interpretative guidance and practical assistance to auditors in implementing PSAs. An auditor who does not apply the guidance included in a relevant PAPS needs to be prepared to explain how the basic principles and essential procedures in the Standard addressed by the PAPS have been complied with. The auditor may also conduct the audit in accordance with both ISAs and PSAs. However, there are currently no fundamental differences between the IAASB pronouncements and corresponding requirements issued by the AASC and no such differences are expected in the future.” SCOPE OF AN AUDIT OF FINANCIAL STATEMENTS The term "scope of an audit" refers to the audit procedures deemed necessary in the circumstances to achieve the objective of the audit. In determining the audit procedures to be performed in conducting an audit in accordance with Philippine Standards on Auditing, the auditor should comply with each of the Philippine Standards on Auditing relevant to the audit. id “A val in the Preface to the Philippine Standards on Qualuy Contrut, Auditing, Review, and Other Aston ot STeE M ithe wel e tmer ards and Practice Statements issued } cee eet puaof te 4S tn maketh Iterannal Sidr re rE nc atementc the Pipi. To mpeton ach ps the AAS makes PE, one ih wwe parugraphs or sections in International ‘Siandards and Practice Stutements that are addressed in am io umomaats hole to make them elvarly applicable the Philippine, or pro des additional int TS ae ey sects, whe facilitate and clearly establish theer application im the iippines Certam paragraphs an sections, whenever necessary 0 |A Risk-Based Appr wa Quality Audit S$ The auditor should not represent compliance with Philippine Standands on Auditing unless the auditor has complied fully with all of the Philippine Standards on Auditing relevant to the audit, The auditor may, in exceptional circumstances, judge it necessary to depart from a basic principle or an essential procedure that is relevant in the circumstances of the audit, in order to achieve the objective of the audit. In such a case, the auditor is not precluded from representing compliance with PSAs, provided the departure is appropriately documented as required by PSA 230 (Clarified), "Audit Documentation." PROFESSIONAL SKEPTICISM The auditor should plan and perform an audit with an attitude of professional skepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated. An attitude of professional skepticism means the auditor makes a critical assessment, with a questioning mind, of the validity of audit evidence obtained and is alert to audit evidence that contradicts or brings into question the reliability of documents and responses to inquiries and other information obtained from management and those charged with governance. For example, an attitude of professional skepticism is necessary throughout the audit process for the auditor to reduce the risk of overlooking unusual circumstances, of over generalizing when drawing conclusions from audit observations, and of using faulty assumptions in determining the nature, timing and extent of the audit procedures and evaluating the results thereof. When making inquiries and performing other audit procedures, the auditor is not satisfied with less-than- persuasive audit evidence based on a belief that management and those charged with governance are honest and have integrity. Accordingly, representations from management are not a substitute for obtaining sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor's opinion. REASONABLE ASSURANCE ‘An auditor conducting an audit in accordance with PSAs obtains reasonable urance that the financial statements taken as a whole are free from material whether due to fraud or error. Reasonable assurance is a concept audit evidence necessary for the auditor to | misstatements in the financial statements es to the whole audit process. as misstatement, relating to the accumulation of the conclude that there are no material taken as a whole. Reasonable assurance relat6 Chapter 1 An auditor cannot obtain absolute assurance because there are inherent limitations in an audit that affect the auditor's ability to detect materia) misstatements, These limitations result from factors such as the following: * The use of testing, ° The inherent limitations of internal control (for example, the Possibility of management override or collusion). The fact that most audit evidence is persuasive rather than conclusive, Also, the work undertaken by the auditor to form an opinion is permeated by judgment, in particular regarding: (@) The gathering of audit evidence, for example, in deciding the nature, timing and extent of audit procedure; and (b) The drawing of conclusions based on the audit evidence gathered, for example, assessing the reasonableness of the estimates made by management in preparing the financial statements. Further, other limitations may affect the persuasiveness of evidence available to draw conclusions on particular assertions (for example, transactions between related parties). In these cases, certain PSAs identify specified audit procedures which will; because of the nature of the particular assertions, provide sufficient appropriate audit evidence in the absence of: (a) Unusual circumstances which increase the risk of material misstatement beyond that which would ordinarily be expected; or (b) Any indication that a material misstatement has occurred. Accordingly, because of the factors described above, an audit is not a guarantee that the financial statements are free from material misstatement, because absolute assurance is not attainable. Further, an audit opinion does not assure = future viability of the entity nor the efficiency or effectiveness with which management as conducted the affairs of the entity. {A Risk-Based Approach to Conducting a Quallty Audit 7 AUDIT RISK AND MATERIALITY The auditor obtains and evaluates audit evidence to obtain reasonable assurance about whether the financial Statements give.a true and fair view or are presented fairly, in all material Tespects, in accordance with the applicable financial reporting framework, The Concept of reasonable assurance acknowledges that there is a tisk the audit opinion is inappropriate. The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated is known as “audit risk”, The auditor should plan and perform the audit to reduce audit risk to an acceptably low level that is consistent with the objective of an audit. The auditor reduces audit risk by designing and performing audit procedures to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base an audit opinion. Reasonable assurance is obtained when the auditor has reduced audit risk to an acceptably low level. RESPONSIBILITY FOR THE FINANCIAL STATEMENTS While the auditor is responsible for forming and expressing an opinion on the financial statements, the responsibility for the preparation and Presentation of the financial statements in accordance with the applicable financial reporting framework is that of the management” of the entity, with oversight from those charged with governance. The audit of the financial ‘Statements does not relieve management or those charged with governance of their responsibilities.8 Chapter | THE RISK-BASED AUDIT PROCESS Introduction Risk-based audit approach is an audit approach that begins with an assessment of the types and likelihood of misstatements in account balance and then adjusts the amount and type of audit work, to the likelihood of material misstatements occurring in account balances, In risk-based audit, the audit team views all activities in the organization first in terms of risks to strategies and objectives, and then in terms of management's the client’s objectives. The risks are identified and the auditors determine how management plans to mitigate the risk and whether those. plans are in place and operating effectively. Account-based audit is an approach wherein the auditor obtains an understanding of control and assesses control risk for particular types of eran and frauds in specific accounts and cycle. STAGES OF THE RISK-BASED AUDIT PROCESS Under the PSAs which are risksbased, specific audit procedures vary from one engagement to the next. The following stages are, however, involved in every engagement. Phase I. Risk Assessment This phase involves the following activities: a. Performance of preliminary engagement activities to decide whether to accept / continue an audit engagement. , b. Planning the audit to develop an overall audit strategy and audit plan. c. Performance of risk assessment procedures to identify / assess risk of material misstatement through understanding the entity,1 Risk-Based Approach to Conducting a Quali Phase II. I Risk Respons This phase covers the following activities: a, Designing overall responses and further audit procedures to develop appropriate responses to the assessed risk of material misstatement. b. Implementing responses to assessed risk of material misstatement to reduce audit risk to an acceptably low level Phase IT. Reporting This phase involves the following activities: a. Evaluating the audit evidence obtained to determine what additional audit work (if any) is required. b. Forming an opinion based on audit findings and preparing the auditor's report. A simpler way of describing the three elements is illustrated below. Figure 1-1: Describing the Three Elements RISK ASSESSMENT RISK RESPONSE REPORTING What events" could occur Did the events* identified What audit opinion, based that would cause a material occur and result in a on the evidence obtained, is misstatement in the material misstatement in | appropriate on the financial financial statements? the financial statements? statements? * An “event” is simply a business or fraud risk factor that, if it actually occurred, would adversely affect the entity’s ability to achieve its objective of preparing financial statements that do not contain material misstatements resulting from error and fraud, This would also include risks resulting from the absence of internal control to mitigate the potential for material misstatements in the financial statements. Figure 1-2 shows the schematic risk-based audit process in accordance with the guidelines provided by the International Federation of Accountants.10 @hapted't Figure 1-2: Risk-Based Audit Procesy! Qo derwiry | purrose DOCUMENTATION Perks prominay | Pvc alg wae a Cig oo ony eogaement oe) + indepen aw _ Ldecunt ona Engagement tote 7] a, Malenaliy ~~ Plan the audit | —} Develop an overall aud ad at a ccasshn e strategy and audit play?” sa sag a Perform nsk 3 — of Binsiness and rand ioe < assessment — | —] RMM* through undor: | Including slgniticant sks z procedures, standing tho enti . ——___—— i of Merl Mase) Dasign 7Tmplementaion of telovant intemal : Assessed RMM at : + FIS Level ; y Ls Assertion vel — _ : Update of overall strategy 1 | Design overall Develop appropriate + Overall responses _ {| responses and =} —| responses to the >| © Audit plan that inks = YE] tuther auct assessed RMM assessed RMM to wu |! | procedures further audit procedures a fi eal: ; implement =z |i + a || responses to Feceau enue! + Work performed: | |__ assessed RM | Audit findings i += New revised risk Tacos : and audit procedures : : Determine what * Changes in materially : ae Lickel |} additonal aut work © Communications on = : (if any) is required audit findings 7 * Conclusions on aud u procedures permed < = 7 a Prepare the Audilors Form an opinion base, Significant decisions report on audit findings Signed audit opinion = from Sined *-Adopied from “Guile 10 Using International Standards of Auditing in the Audits of Small and Medtum ’ Enives Volumes land Core Concepts! Prosieal Application - Fourth Eduion” Copyright © November 2018 by IFAC, All rightyreserved. Used with permission of IFAC.each to Conducting a Quality Audit WW Figure 1-3 presents the Relevant Philippine Standards On Auditing (PSAS) To Be Used In The Risk-Based Audit Process Figure 1-3: Relevant Philippine Standards On Auditing (PSAS) To Be Used In The Risk-Based Audit Process TOPIC Applicable PSAs) General Principles PSA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing Quality Control PSA 200, Quality Control for an audit Management Assertions PSA 315, Identifying and Assessing the Risks ol | Misstatement through Understanding the Entity and its Environment (Newly Revised Standard effective for audits of financial statements for periods ending on or after Decembor 15, 2013) _ Audit Evidence PSA 500, Audit Evidence ‘Audit Documentation PSA 230, Audit Documentation PHASE I - RISK ASSESSMENT INCLUDING MAKING CLIENT ACCEPTANCE AND CONTINUANCE DECISIONS Client Acceptance and PSA 210, Agreeing the Terms of Audil Engagements Continuance Considering Fraud PSA 240, The Audifor's Responsibiliies Relating (o Fraud in an Audit of Financial Statements Consideration of Laws and | PSA 250, Consideration of Laws and Regulations in an Audit of Regulations in Planning Financial Statements the Audit Planning an Audit PSA 300, Planning an Audit of Financial Statements ‘Assessing Risk of Material PSA 315, Identifying and Assessing the Risks of Material Misstatements Misstatement through Understanding the Entity and its Environment (Newly Revised Standard effective for audits of financial statements for periods ending on or after December 15, 2013) PSA 320, Materiality in Planning and Performing an Audit Planning Audit Procedures _| PSA ‘330, The Auditor's Responses to Assessed Risks Understanding Related PSA 550, Related Parties Partiesn Chapter | Communicating with those Charged with Governance about the Audit Plan PSA 260, Communication with Those Charged with Govemange PHASE Il ~ RISK RESPONSE — Testing Controls for the Financial Statement Audit PSA 330, The Auditor's Responses fo Assessed Risks ea Audit Sampling for Tests of Controls PSA 530, Audit Sampling Testing Controls in an Integrated Audit Obtaining Evidence about Compliances with Laws and Regulations PSA 250, Consideration of Laws and Regulations in an Audit of Financial Statements investments in securities and derivative instruments; Existence and condition of inventory; Completeness of litigation, claims, and assessments involving the entity; and Presentation and disclosure of segment information, in accordance with the applicable financial feporting framework Substantive Audit PSA 330, The Auditor's Responses fo Assessed Risks Procedures PSA 500, Audit Evidence Audit Evidence regarding the | PSA 501, Audit Evidence Specific Considerations for Selected a. Valuation of Items L External Confirmations PSA 505, External Confirmations Audit Sampling for Substantive Tests 4 PSA 530, Audit Sampling Obtaining Evidence about Related Parties — PSA 550, Related Parties Auditing Accounting Estimates PSA 540, Audiling Accounting Estimates, Including Accounting Estimates, and relate Disclosures Fair rae | i| _ Substantive Test Using an Auditor's Specialis’ Expert _ [ Analytical Procedures asa | Quality Audit 13 PSA 520, Analytical Procedures “PSA 620, Using the Work of an Auditor's Expert PHASE Ill = REPORTING Evaluating the Implications ‘of Noncompliance with Laws and Regulations PSA 250, Consideration of Laws and Regulation in an Audit of Financial Statements Evaluating Financial PSA 450, Evaluation of Misstatements Identified during the Audit Statement Misstatements Subsequent Events PSA 560, Subsequent Events Disclosures about Related PSA 550, Related Parties Parties Going Concern PSA 570, Going Concern Management PSA 580, Written Representations Representations Omitted Procedures Communicating with those PSA 260, Communication with Those Charged with Governance Charged with Governance ‘Supervision Engagement Quality Review Audit Opinions PSA 700, Forming an Opinion and Reporting on Financial Statements ‘Audit Opinion Modifications | PSA 705, ‘Modifications to the Opinion in the Independent Auditor's Report Matter Paragraphs in the Audit Report PSA 706, Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor's Report Special Considerations PSA 800, Special Considerations - Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks PSA 805, Special Considerations - Audits of Single Financial Statements and Specific Elements, Accounts or Items ofa Financial Statement— _ —_.——S$SJ——_ UNDERSTANDING THE AUDIT RISK MODEL. Nature of Rivk Risk is 4 concept used to express uncertainty about events and/or their outcomes that coult have a material effect on the organization. ‘he four critical components of risk that are relevant to conducting the audit ae: iv Risk, The risk that an auditor may give an unqualified opi Nuvancial statements that are materially misstated. eagement RK because it is a inability manage is co Loa ion on The economic risk that a CPA Firm is exposed to simply ‘ociated with a particular client including loss of reputation, of the client to pay the auditor, or financial loss because ‘ment is not honest and inhibits the audit process. Engagement risk trolled by carefull selection and retention of client. F 2! Reporting Risk. Those risks that relate directly to the recording of transactions and the presentation of financial data in an organization's financial statements. X. Those risks that affect the operations and potential outcomes of organizational activities, The following considerations are important in integrating the concepts of materiality and risk in the conduct of a risk-based audit: 1, Risky areas of a business must be identified by the auditors to determine which account balances are more Prone to material misstatements, how the misstatements might occur and how a client might be able to cover them up. Auditors need to develop approaches and methodologies to allocate overall assessments of materiality to individual account balances because some account balances may be more important to users. Audits involve testing or sampling and thus cannot provide absolute (100%) assurance that the financial statements are free of material misstatements without inordinately driving up the cost of audits. 4. Notall clients are worth accepting. Since audits rely on testing and to some extent on the integrity of management, there are some clients that an audit firm should not accept because the engagement risk is too high Competition for clients among audit firms is high. Clients choose auditors based on a number of factors including fees, service, industry knowledé Personal rapport and ability to assist the client.4 Risk-Based Approach to Conducting a Quatity Audit 6. Auditors should understand society's expectations of financial reporting to. reduce audit risk to an acceptably low level and therefore minimize Javsuits that the users may possibly bring forth, Although audit risk is a concept, it is often illustrated using quantitative examples. For instance, the relationship between engagement risk and audit risk may be presented as follows: LC — High] Moderate _ w | Audi Risk | Dornot accept cient | Set very low (186) | Set within professional standards | but can be higher than companies it __[_with higher engagement risk (5%) © Setting audit risk at 1% is equivalent to performing a statistical test using, 99% confidence level. Audit risk set at 1% implies that the auditor is willing to take a 1% chance of issuing an unqualified opinion on materially misstated financial statements. * Audit risk set at 5%, implies that the auditor is willing to take a 5% chance of issuing an unqualified opinion on materially misstated financial statements. © High levels of audit risk are engagement risk propriate for client with lower levels of Based on the assessment of engagement risk, the auditor sets the desired audit risk. Audit risk oftentimes illustrated using numeric or quantitative examples, In fact many audit firms use the measures associated with statistical sampling to set audit risk, e.g., setting audit risk at a 1% level for high-risk clients and 5% for lower-risk clients. Other auditing firms use a broader description of audit risk as high, moderate or low and adjust the nature of their audit procedures accordingly. The following general observations are considered to have influenced the implementation of the audit risk model: « The better the company's internal controls, the lower the likelihood of material misstatement. © Unusual or complex transactions are more likely to be erroneously recorded than am recurring or routine transactions. ° © The amount and persuasiveness of audit evidence gathered should vary inversely with audit risk; ie., lower audit risk requires gathering more persuasive evidence.to COMPONENTS OF AUDIT-RISK MODEL These general premises have been incorporated into an audit risk (AR) ™ | + Model With three components: inherent r k (IR), control, (CR) and etection sig (DR) as follows: AR = IR CRX DR where Inherent risk (IR) adjustment to be the al the initial susceptibility of a transaction oF account recorded in error, or for the transaction not to be Fecorded jn nee of internal controls, Control risk (CR) is the risk that the clients internal control system wil Prevent or detect a misstatement, Detection risk (DR) is the material misstatement, 1 fail risk that the audit procedures will fail to detect y Stated differently, audit riy opinion on materially mi the risk that the auditor may give an unqualifie tated financial statements, It is influenced by: (IR) the likelihood that a tran lion, estimate, or adjustment might be recorded incorrectly; (CR) the likelihood. that the client's internal control Processes would fail to prevent or detect the misstatement and (DR) the likelihood that, if autement occurred, the auditor's procedures would fail to detect the misstatement. The audit risk model may also be illustrated using a quantitative approach with Probability assessments applied to each of the model's component. IMlustrative Case I: Qua titative Example of Audit Risk: High Risk of Material Misstatement XYZ Mining Corporation, an audit client of Aquino and Marcos CPAs, has many complex transactions and weak internal control. The auditors assess both inherent risk and control risk at their maximum. This implies that the elient des not have effective control (CR) and there is a high risk that the transaction would be recorded incorrectly (IR). a en isk atthe The auditors believe that engagement risk is high and have set audit risk att * thst 0.01 level. This means that the auditors do not want to take much of a risk the misstatement goes undetected in the financial statements.Qu the effect on the extent of audit procedures and thus, detection risk is as follows: AR= Kx CR x DR DR= AR (IR xCRy DR= or or 0.01 or 1% (1.0 x 1.0) In this particular case, detection risk and audit risk are the same because the auditor cannot rely on internal control to prevent or detect misstatements. This illustration therefore yields the instinctive result: “Poor controls and a high likelihood of misstatement would lead to extended audit work to maintain audit risk at an acceptable level.” Iustrative Case Il: Quantitative Example of Audit Risk: Low Risk of Material Misstatement Zoren Trading Corporation is an audit client of Cayetano and Loren CPAs. Zoren has simple transactions, well-trained accounting personnel effective control and no incentive to misstate the financial statements. ‘The auditor's previous audit experience with the client, an understanding of the client's internal controls and the results of preliminary testing this year indicate a low risk of material misstatement existing in the accounting records. The auditor assesses inherent risk as low as 50% and control risk of 20%. Audit risk is consistent with it low engagement risk of 0.05. ‘The detection risk for this engagement is determined as follows: DR= _ AR _ GR x CR) DR= __05__ (50x20) 0 050 or 50%The auditor could therefore design tests of the accounting records with a lower detection risk, in this situation 50%, because only minimal substantive tests gp lances are needed to provide corroborating evidence on thy expectations that the accounts are not materially misstated. The auditor, howeye, would have had to test whether the controls are operating effectively in order 4, Support a control risk assessment below 100%. FACTORS TO CONSIDER IN IMPLEMENTING THE AUDIT Risk MODEL The following general observations on an audit client influence the implementation of the audit risk model: |. High-risk activities * This includes operations or events where a material misstatement could easily occur. For example, an inventory of high-value diamonds or gold bars held by a jeweler, or a new / complex accounting system being introduced. Existence of large non-routine transactions ¢ Identified significant related party transactions outside the entity's normal course of business are to be treated as giving rise to significant risks. This includes infrequent and large transactions, For example: Unusual volume of routine transactions with a related party; A major sales or supply contract; The purchase or sale of major business assets or business segments; and “Sale of the business toa third party. © Routine non-complex transactions that are subject to systematic processing are less likely to give rise to significant risks. 3. Matters requiring judgment or management intervention e Examples would include: * The assumptions and calculations used by management in developing major estimates; “Complex calculations or accounting principles; “+ Revenue recognition (presumed to be a significant. ri subject to differing interpretation; isk) that1 Risk-Based 4 wach to Conducting a Quality Audit 19 + Where management intervention is required to. specify the accounting treatment to be used. 4. Potential for fraud * The risk of not detecting a material misstatement resulting from fraud (which is intentional and deliberately concealed) is higher than the risk of not detecting one resulting from error. * In evaluating whether significant risk could result from the identified fraud risk factors and the possible scenarios and schemes identified in team discussions, consider the following: + Skillfulness of the potential perpetrator, Relative size of individual amount manipulated; Level of authority of management or employee to: = directly or indirectly manipulate accounting records, and = override control procedures; © Significant fraud risks may be identified at any stage in the audit as a result of new information being obtained. LIMITATIONS OF THE AUDIT RISK MODEL Audit risk is a concept that drives the auditor’s thinking about planning the audit and then executing an audit. The illustrations are designed to provide guidance, but should not be applied rotely to any audit client. CPA firms in determining their approach to implementing the audit risk model should consider the following limitations: a) Inherent risk is difficult to formally assess. Some transactions because of their complexity are more susceptible to error but it is quite difficult to assess that level of risk independent of the client’s accounting system. b) The model treats each risk component as separate and independent when in fact the components are not independent. It is also quite difficult to separate a client’s material controls and inherent risk. c) Audit risk is judgmentally determined. 4) Audit technology is not so fully developed that each component of the model can be accurately assessed. Auditing is based on testing and precise estimates of the model’s components are not possible. Auditors can, however, make subjective assessments and use the audit risk model as. guide.