Revision slides

• Chapter 8 – Audit risk assessment

• Chapter 9 – Materiality and audit evidence
• Chapter 10 – Test of controls
• Chapter 11 – Designing Substantive procedures
• Chapter 12 – Managing auditing data
• Chapter 13 – Completing the Audit
Learning objectives

After studying this presentation, you should be able to:

8.1understand the importance of audit risk assessment
and why it is linked to financial statement assertions
8.2explain the importance of business risks in audit
planning
8.3describe the procedures performed by an auditor to
assess risk
8.4understand the importance of internal control to an
entity and to its independent auditors
Learning objectives

8.5indicate the procedures for obtaining and

documenting an understanding of the entity’s internal
control
8.6explain why and how a preliminary assessment of
control risk is made
8.7explain the importance of the concept of audit risk
and its three components.
Chapter overview
• This chapter looks at the auditor’s obligations with regard to
assessing the risks that the company is exposed to, with particular
reference to those risks that will affect the financial statement
assertions.
• The auditor’s responsibility is to obtain an understanding of the entity
for the purposes of planning the audit, and we now consider how this
understanding influences the auditor’s risk assessment.
• First, we consider the nature of business risk, followed by a discussion
of the nature of internal control and risks related to internal control,
and concluding with a discussion on the nature of audit risk.
Learning Objective 1
• Understand the importance of audit risk assessment and
why it is linked to financial statement assertions.
• The overall objective of a financial statement audit, is to enable
‘the auditor to express an opinion on whether the financial
report is prepared, in all material respects, in accordance with an
applicable financial reporting framework’.
• The auditor must obtain an understanding of the entity and its
environment, including internal controls, in order to assess the
risk that the financial statements contain material misstatements.
• The information obtained is not only evidence to support the
auditor’s risk assessment but also is used to determine if further
audit procedures are required.
Learning Objective # 2

• Explain the importance of business risks in audit

planning.
• Business risk means a risk resulting from significant conditions,
events, circumstances, actions or inactions that could
adversely affect an entity’s ability to achieve its objectives and
execute its strategies, or from the setting of inappropriate
objectives and strategies.
Business risk assessment
• A business risk approach allows the auditor to:
• Identify threats faced by the organisation
• Recognises that most business risks will eventually have an
effect on the financial statement
• Increase the chances of identifying risks of material
misstatements in the financial reports.
• Categories of business risk:
– Financial risk
– Operational risk
– Compliance risk.
Learning Objective # 3

• Describe the procedures performed by an auditor to

assess risk.
• The work the auditor does in obtaining an understanding of the
entity includes understanding business risks and the
company’s own risk assessment procedures.
• These procedures include discussions with management as
well as performing analytical procedures, making
observations of processes in action and inspecting relevant
documents.
Learning Objective # 4
• Understand the importance of internal control to an
entity and to its independent auditors.
• As companies grow in size and complexity, the importance of
internal control within those companies has also grown.
• Why ? This is because size and complexity have made it difficult
for managers and those charged with governance to manage
the company’s risks without appropriate control systems in
place.
• Similarly, the growth in size and complexity of companies has
meant that, for auditors to provide assurance, some reliance on
these controls is usually needed.
Fundamental concepts of IC
• Internal control is a process. It is a means to an end, not an end in itself. It
consists of a series of actions that are pervasive and integrated with, not added
onto, an entity’s infrastructure.
• Internal control is effected by people. It is not achieved merely by having policy
manuals and forms, but by the actions and attitudes of people at every level of
an organisation, including the board of directors and management.
• Internal control can be expected to provide only reasonable assurance, not
absolute assurance, for an entity’s management and board. This is because
limitations are inherent in all internal control systems and because the entity
must consider the relative costs and benefits of establishing controls.
• Internal control is geared to the achievement of objectives in the categories of
operations, reporting and compliance.
Learning Objective # 5

• Indicate the procedures for obtaining and documenting

an understanding of the entity’s internal control.
• The procedures necessary to obtain an understanding consist
of:
• reviewing previous experience with the entity
• enquiring of appropriate management, supervisory and staff
personnel
• inspecting documents and records
• observing entity activities and operations.
Learning Objective # 6
• Explain why and how a preliminary assessment of control
risk is made.
• The auditor uses preliminary assessment to assess the strengths
and weaknesses of those internal controls and the level of
control risk.
• Control risk is the risk that a material misstatement could occur in
an assertion, either individually or when aggregated with other
misstatements, and not be prevented, detected, or corrected on a
timely basis by the entity’s internal control structure.
• The preliminary assessment of control risk is designed to obtain a
reasonable expectation of controls so as to decide on an
appropriate audit strategy to then be able to design a detailed
audit program.
Learning Objective # 7
• Explain the importance of the concept of audit risk and its
three components.
• Audit risk is the risk that the auditor gives an inappropriate audit
opinion when the financial statements are materially misstated
(ASA 200.13(c);
• The more certain auditors want to be of expressing the correct
opinion, the lower the audit risk that they are willing to accept.
• In setting the desired audit risk, auditors seek an appropriate
balance between the costs of an incorrect audit opinion and the
costs of performing the additional audit procedures necessary to
reduce audit risk.
Audit risk components
• Audit risk is commonly assessed within three components:
• inherent risk - is the possibility that a material misstatement
could occur in an assertion, either individually or when
aggregated with other misstatements, assuming there are no
related controls
• control risk - is the risk that a material misstatement could occur
in an assertion, either individually or when aggregated with other
misstatements, and not be prevented, detected, or corrected on a
timely basis by the entity’s internal control structure
• detection risk - is the risk that an auditor’s substantive
procedures will not detect any material misstatements that exist
in an assertion, either individually or when aggregated with other
misstatements
Summary
• An auditor must reduce the risk of giving an incorrect opinion in the audit report. In
order for this risk to be managed, the auditor must understand the risks that the
organisation is exposed to as well as the controls that are in place to mitigate those
risks.
• In assessing risk, the auditor can take a top down approach to identifying risks by
looking first at high-level issues and then moving to the specific problems that
these risks may create. The auditor then establishes which of the risks are
considered significant risks to the financial statements, and these are then tackled
in the audit plan.
• Where there are controls to mitigate the identified risks, the auditor may obtain
details of these controls in order to place some reliance on them for the purposes
of assessing the risk of material misstatements in the financial statements. Having
evaluated the risks and the controls that exist, the auditor determines the level of
detailed audit work that will be required to reduce overall audit risk.
Revision question
• Your client is Gateshead Pty Ltd, a large family-owned company which imports and sells computer
hardware products. You are planning the 30 June 2015 audit and, from your enquiries of management,
have obtained the information below.
In January 2015, Gateshead applied for and was granted a new loan. The submission made to the bank
stated:
• the current ratio was 0.90
• gross profit was up by 25% compared with that at the same time last year
• the debt-to-equity ratio was 0.40.
• The bank agreed to the new loan but did enter into a loan covenant with Gateshead. The covenant
required that the company should not breach certain ratios, and placed certain restrictions on dividends.
• From audits you have conducted in previous years, you are suspicious about the validity of the ratios
discussed in the submission. You hear from one of Gateshead’s accounting staff that the figures had been
‘gently massaged’ to obtain the required ratios.
• Required
• Discuss (referring to specific areas of the audit) the implications of this information on your planning of
the audit.
Attempting the question
• Review the case, knowing this is a planning question.
• The case information reveal that it will: (what does the case infor say? And what are their implications)
• affect the planning of the audit for the year quite significantly as a result of the analytical procedures
carried out (ASA 520).
• Indications are that there is a high risk of balances within the financial statements being manipulated to
ensure that the company achieves the requirements of the bank covenant with regard to financial
ratios.
• the comment that figures have been ‘gently massaged’ should be a cause for concern.
• Particular risks:
• Industry - Computer hardware
• Risk - Potential risk of obsolescence in the inventory held because it is a product that becomes obsolete
very quickly.
• Loan - Current ratio requirements
• Risk - The company may attempt to overstate current assets and understate current liabilities to comply
with the loan agreement. They may do this by not providing for doubtful debts or overvaluing inventory.
Accruals may not be completely recorded.

• 
Attempting the question cont..
• Loan – Company has stated that the gross profit was increased by
25%. (Possible causes and implications??)
• Risk - There is a risk that the cut off for sales has not been
properly effected. This should be carefully reviewed in the audit
at the year-end.
• Loan – Debt to equity ratio (before you read into the result check
the basis such as classifications)
• Risk – This is more difficult to manipulate, however the auditor
should look for potential misclassification.
• It is important for auditors to evaluate the compliance of companies with
financial ratios. The implications of a lack of compliance may be quite severe for
the company, including potential going concern problems.