Auditing Theory Risk

Ch 9 – Overview of Risk-Based Auditing - uncertainty about events and their outcomes

Audit
- evidence-gathering process
- divided into stages, but such may not occur in
particular order in actual engagement; auditor
may opt to modify audit program or gather
additional evidence anytime during the
engagement (risk assessment & risk response)
- final stage: reporting
Auditor’s standard report
- in accordance with PSAs that require
compliance with ethical requirements
- plan and perform audit
 reasonable assurance (auditors are
not guarantors of fair presentation)
 free from MATERIAL misstatement
(auditor’s responsibility is limited to
material financial info)
that might have MATERIAL EFFECT
- *risks relating to client and its environment
- Business and financial risk may affect each
other (i.e. current economic climate or
competitive standing may cause management
to circumvent internal controls to produce
better financial reporting results)
(1) Audit Risk
– giving unmodified opinion to materially
misstated FS
– to avoid:
 do not accept client
(engagement risk = 0)
 set audit risk at level that would
mitigate risk of failing to identify
material misstatements
 do more work (raises fees, creates
tension with client)

Risk-based audit approach (2) Engagement Risk

- top-down evaluation of client’s risk that goes – association with client
BEYOND the FS (s.a. business risk)
- assessment of likelihood of misstatements (3) *Financial Reporting Risk
before adjustment of audit procedures based – directly related to recording and
on assessed risk presenting of financial data in FS
- determined areas to focus on – factors:
- Auditor identifies, examines, assesses the ff.: a. Competence and integrity of
 client strategies and processes management
 core business process and resource b. Incentive to management of
management misstated FS
 objectives, inputs, activities, outputs, c. Complexity of transactions
systems, and transactions of key d. Internal control
processes
 risk that processes will not meet goals (4) *Business Risk
and controls – affect operations and potential outcomes
– factors:
Risk-based Account-based a. Geographical location
View all activities in 1. understand b. Economic climate
terms of risk to: control c. Technological change
1. strategies and 2. assess control d. Business volatility
objectives risk for e. Competition
2. management’s particular errors
plans and in specific
procedures to accounts and
mitigate risk cycles
Phases of the Risk-Based Audit Process
I. Risk Assessment
a. Preliminary engagement activities to
decide whether to accept client
b. Planning the audit to develop:
i. Overall audit strategy
ii. Audit plan
c. Risk assessment through understanding
the entity
II. Risk Response
a. Develop response
b. Implement response
III. Reporting
a. Assess sufficiency of evidence
b. Form opinion
PHASE I-A: Preliminary Engagement Activities
- Assists in identifying events that may affect
ability to plan and perform audit where:
 auditor maintains independence
 there are no management integrity
issues
 there is no misunderstanding with
client as to terms
At the BEGINNING of current engagement, auditor
SHOULD perform the ff:
a. PSA 220 1- Acceptance or continuance
procedures
b. PSA 220 – ethical reqs. & indepndence
compliance evaluation
c. PSA 210 2– establish understanding of terms
 Consideration of client continuance and ethical
requirements occurs throughout the audit.
 Initial procedures on continuance and ethical
requirements are completed prior to other
significant activities
 Initial procedures for continuing engagements
occur shortly after or in connection with the
completion of the previous audit
How are clients obtained?
1. Business transactions (e.g. acquisition of
existing client of a new company)
2. Social contracts (CPA firm submits proposal to
perform client’s annual audit)
1
PSA 220 - “Quality Control for an Audit of Financial
Statements”
2 4
PSA 210 – “Agreeing the Terms of Audit Engagements”
Prior to engagement acceptance, CPA should obtain
management’s permission to investigate client’s
history, identities and reputations of directors,
officers, major shareholders.
Public Accounting firms are NOT obligated to accept
or continue undesirable clients
Prior to engagement, CPA firm must assess:
 Competence to perform (capabilities, time,
resources)
 Ability to be comply with ethical requirements
 Client integrity
Preconditions of an audit
 Acceptability of applied FR framework
 Management’s acknowledgement of its
responsibilities:
1. Prepare and fairly present FS
2. Necessary internal controls (M)3
3. Provide auditor with:
 Access to all relevant (M) info
 Additional info requested (A)4
 Unrestricted access to
persons within the entity (A)
Engagement Letter
- Final step of preliminary engagement
activities
- Where terms are recorded
- Includes:
a. Objective and scope of audit
b. Auditors’ responsibilities
c. Management’s responsibilities
d. Applicable FR framework
e. Reference to expected form and
content + disclosure that there may
be circumstance in which report may
differ
f. Fees
- Recurring audits:
 Assess if there is a need to revise or
remind the entity of terms
 Audit shall NOT agree to change in
terms without reasonable justification
 If auditor cannot agree to change:
– Withdraw if legally possible
– Report to other parties, if
obligated
3
M – management’s discretion
A – auditors’ discretion
PHASE I-B: Planning the Audit
PSA 300 “Planning an Audit of Financial Statements”
- Audit must be planned for it to be performed
effectively
- Audit plan: normally drafted prior to working
at client’s offices
Audit Planning
- Establishment of overall strategy and audit
plan to reduce audit risk to acceptably low
level
- Main objective: determining scope of audit to
be performed
- Involves engagement partner and key
members of engagement team (client not
included); auditor may discuss some elements
with management, but such discussion must
not compromise audit’s effectiveness
- Not discrete; continuous and iterative
- Begins shortly after or in connection with
completion of previous audit and continues
until completion of current audit
- Nature and extent of planning depends on:
 Size/complexity of entity
 Previous experience w/ entity
 Circumstantial changes during audit
- Certain activities must be timed and
completed before further audit procedures
such as planning of:
 Analytical procedures to be employed
 Obtaining understanding applicable
framework
 Determination of materiality
 Involvement of experts
 Other risk assessment procedures
Benefits of Audit Planning
– Appropriate attention to important areas
– Potential problem detection
– Organization, management, performance of
audit effectively and efficiently
– Assignment and Review of work
– Coordination of work to be done by auditors and
other parties (experts, specialists, etc.)
Overall Audit Strategy
- Sets scope, timing, direction of audit
- Guides the development of a more detailed
audit plan
- Considers results of preliminary activities
Determines:
- Scope
 FR framework
 Industry-specific reporting
requirements.
 Locations of entity components
- Timing
 Deadlines of reporting
 Key dates and meetings with
management
 Expected communication of audit
status
- Direction
 Materiality levels
 Areas of higher risk
 Material components and account
balances
 Internal control evaluation
 Recent significant developments
- Relevance of knowledge gained in
preliminary activities (may be compared with
other clients in the same industry)
- Nature, timing, extent of necessary resources
Benefits of Developing Audit Strategy
Audit strategy assists the auditor to determine,
subject to completion of risk assessment, matters
such as:
 Resources to deploy to specific areas
 Amount of resources to allocate
 Timing of resource deployment (interim or
cut-off dates)
 How resources are managed, directed,
supervised
Once overall strategy has been established, audit plan
may be developed (not necessarily discrete/
sequential processes, but closely inter-related)
For small entities, entire audit may be conducted by a
small audit team; easier coordination; no need for
complex audit strategy (e.g. brief memorandum of
previous audit that is updated currently may serve as
audit strategy)
Materiality (as per FRSC) Planning materiality/ Preliminary judgement about
materiality
- Information is material if its
omission/misstatement influences economic - Amount by which it is believed that FS could
decision taken on the basis of the FS be misstated without affecting users’
- Depends on size or error judged in particular decisions based on preliminary assessment
circumstances - Need NOT be quantified, but OFTEN is
- A threshold or cut-off point rather than a - Helps auditor PLAN appropriate evidence to
primary qualitative characteristic accumulate
- Quantitative considerations: peso amount of - Auditor must consider any potential effect a
errors misstatement might have which may be
- Qualitative considerations: causes of the greater than the peso amount involved (e.g.
misstatement immaterial misstatement does not allow
- E.g. materiality level of 1M  auditor only client to meet a contractual obligation may be
checks accounts with balances of more than considered material)
1M because <1M is immaterial
Rules of Thumb for Planning Materiality only
A matter of professional judgment. (Starting point)
(requires relevant skills, knowledge in decision- Overall Specific Performance
making) (3-7%) Lower, No specific
Auditor’s assumptions re: users Profit from SPECIFIC guidance in
continuing amount for PSAs
 Knowledgeable of business and accounting operations specific/
and willing to study FS with reasonable sensitive areas Ranges from
diligence If non-profit: 60-85% of
 Understand that FS are prepared, presented, (1-3%) overall
audited to levels of materiality Revenues/ materiality,
 Recognize uncertainties in measurement of Expenditures where assess
risk is higher or
amounts
(1-3%) lesser,
 Make reasonable economic decisions
Assets respectively

(3-5%)
Levels of Materiality Equity
Overall Specific
FS as a whole; highest Particular classes only;
amount of misstatement; sensitive areas
Other Considerations
based on common
 Overall materiality used by PREVIOUS
information needs of
AUDITOR
various users
 Ensure that EXPERTS are instructed to use
appropriate materiality levels
Performance Materiality
aka TOLERABLE MISTATEMENT
- Used by auditor to reduce risk that the
ACCUMULATION OF UNCORRECTED Materiality and Risk
MISSTATEMENTS exceeds overall materiality - INVERSELY related
and specific materiality - Auditor compensates for higher risk by
- LOWER than overall and specific materiality EITHER:
- Objectives:  Reducing control risk by extending
 Ensures that misstatements less than additional tests of control
overall/specific are detected  Reducing detection risk by modifying
 Provide a margin/buffer for possible nature, timing, extent of planned
undetected misstatements substantive procedures
Audit Plan
- Overview of the engagement, outlines nature
and characteristics of client’s business and
overall audit strategy
- More detailed than the audit strategy
- Includes description of:
 NTE of risk assessment procedures
(PSA 3155)
 NTE of planned further audit
procedures at assertion level (PSA
3306)
 Other planned audit procedures
required for compliance with PSAs
- Planning of NTE of specific procedures depend
on outcome of risk assessment; Auditor may
begin execution of further audit procedures of
some areas BEFORE completing the more
detailed audit plan of all remaining further
instructions
- Auditor may wish to prepare a memorandum
setting forth the preliminary audit plan (for
large entities)
Typical info found in the audit plan:
1. Description of client (structure, nature)
2. Audit objectives (i.e. for stockholders, creditors,
special-purpose)
3. Nature and extent of other services (e.g. tax
returns -preparation)
4. Timetable
5. Work to be done by client’s employer
6. Assignment of audit staff
7. Target completion dates
8. Planning materiality
9. Special problems to be resolved (as revealed by
analytical procedures)
10. Conditions that require changes in audit test
5
PSA 315 – “Identifying and Assessing Risks of Material
Misstatements through Understanding the Entity and Its
Environment”
6
PSA 330 – “The Auditor’s Responses to Assessed Risk”
Auditor shall:
– Update and change overall strategy and audit plan
as necessary
– Plan the NTE of direction, supervision, review of
engagement team members
 Size and complexity of entity
 Area of audit
 Assessed RMM (i.e. increased RMM
requires improvement of procedures of
DSR)
 Capabilities and competence of team
– Document:
 Overall strategy
 Audit plan
 Significant changes made and reasons for
such
– Undertake ff. PRIOR to initial audit:
 PSA 220 procedures re: client acceptance
 Communicate with predecessor auditor in
compliance with ethical requirements
Consideration for Smaller Entities
- Entire audit may be performed by the
engagement partner (may be a sole
practitioner)
- Questions of DSR do not arise
- Audit partner still has to be satisfied that the
audit has been done in accordance with the
PSAs
- Complex and usual transactions: consult with
suitably-experienced auditors or auditors/
professional body
- Suitable, brief memorandum may serve as
documented strategy
Documentation
– Overall audit strategy
 Key decisions considered necessary to
plan the audit
 scope, timing, conduct of audit
2. Audit Plan
 NTE of:
i. Risk assessment
ii. Further audit procedures at
assertion level for each
material class of transaction,
balance, disclosure in
response to assessed risk
 Auditor may use:
i. Standard audit programs
ii. Audit completion checklists
*must be appropriately tailored*
3. Significant changes
 Reasons for changes
 Auditor’s response to events,
conditions, results of audit
procedures that resulted in such
changes
– Client acceptance procedures (PSA 220)
– Communication with predecessor auditor in
compliance with ethical requirements
*Purpose of planning the audit are the SAME whether
audit is initial or recurring.
Initial audits - auditor may need to expand planning
activities; additional considerations in planning:
 Arrangements w/ previous auditor, unless
prohibited by law
 Major issues in connection with initial
selection as auditors (including applications of
accounting/auditing principles and reporting
standards)
 Planned audit procedures regarding opening
balances (par, 2 PSA 5107)
 Assignment of personnel according to
capabilities
 Other procedures required by QC system

*This explains strategy and plan finally

adopted for the audit*

 Form and extent depend on:

i. Size and complexity of entity
ii. Materiality
iii. Extent of other
documentation
iv. Circumstances of the specific
audit engagements

Additional Considerations in Initial Audit Engagements

7
PSA 510 – “Initial Engagements – Opening Balances”
Other Critical Matters in Engagement Planning 3. Work Performed by Other Auditors/Parties
- Considerations:
1. Analytical Procedures
 Involvement of other auditors in audit
- Purpose:
of components
 Understand business process
 Involvement of experts
 Identify areas of potential risk
 Number of locations
- Auditor creates expectations, compares with
- Predecessor auditor
FS; difference is assessed for relevance in
 Working papers may be reviewed
terms of risk
 Client background info
- Significant ratios, account relationships,
 Internal control
comparisons with prior periods assist in
 Beginning balances
identifying unusual transactions
 Client’s consent needed
- Relevant non-financial info may be utilized
(e.g. no. of employees, area of store, volume If unable to obtain necessary info, treat as
of goods) a NEW CLIENT
- Required by PSA 5208
Other CPA:
- Principal Auditor
2. Engagement or Audit Team Establishment
 Responsible for reporting on FS on
- Audit team: people with different levels of
entities w/ one or more components
expertise and experience; usually consists of:
 Considerations in becoming the
 Engagement partner
principal auditor:
 Manager
– Materiality of portion of FS
 at least one senior
that principal audits
 one or more staff auditors
– Degree of knowledge of
- Considerations in determining # of people toa
business components
assign:
– RMM in the FS of components
 Size and complexity of the audit
audited by others
 Availability and experience of
– Performance of additional
personnel
procedures re: audit of
 Necessity for special expertise
components resulting in
 Opportunity to train personnel
significant participation of
 Continuity
principal in such audit
 Rotation
- Other Auditor
- For regulated industries s.a. banking, major
 Responsible for a component (other
members of the audit team must have
entity whose financial info is included
necessary
in FS audited by principal auditor)
 PSA 600 9establishes standards when
auditor uses the work of another
- Specialists
 Unique knowledge
 Judgment in another field
- Client’s Staff
 Working papers
 Reduces cost
 Frees auditor from routine work
 NEVER accept work at face value
 Labeled as PBC (Prepared by client)
with initials of auditor who verified
- Internal Auditors
 Enhances control risk
 Assist in specific audit procedures

8 9
PSA 520 PSA 600 – “Using the Work of Another Auditor”
4. Going Concern Assumption
- PSA 570 10- assessment whether substantial
doubt exists re: ability to continue as a GC
- Auditor is NOT required to design specific
procedures when such doubt exists
- +paragraph: audit was conducted under the
assumption that the entity will continue as a
going concern
- Considerations (ref. Cabrera AT p. 402):
 Financial
 Operating
 Other
- Negatives can be counter-balanced by
positives
5. Related Parties
- Affiliated company, principal owner of client
company, other party where one of the
parties can influence management or
operating policies of the other
- Transactions with RP (related party
transaction) are disclosed in the FS if material
- GAAP requires disclosure of nature of RP
relationship
- High inherent risk due to lack of
independence bet. RP
- Related parties should be identified and
included in permanent files early in the
engagement
- How to identify RP:
 Management inquiry
 SEC filings review
 Examination of stockholders’ listings
to identify principal stockholders
6. Client’s Legal Obligations
- Client should review pertinent current-year
info:
 Minutes of directors’/SHs’ meetings
 Changes to articles of incorporation or
by-laws (new clients: read from
inception, make summaries)
 Significant contracts executed during
the year
 E.g. major contracts, mergers, debt,
compensation, asset purchase
agreements, current situations and
future business plans, authorization of
dividends
10
PSA 570
7. Completion of Initial Audit Program
- Audit program: a set of audit procedures
specifically designed for each audit;
substantive tests and tests of controls
- Instructions to assistants
- Audit of objectives for each audit engagement
- List of audit procedures to be performed
- Auditor may or may not rely on existing
controls in obtaining evidence (choose
efficient methods)
- Auditor must have flexibility in performing
procedures because some have time limits
- Written audit program is required for each
engagement
- Considerations:
 Inherent risk, control risk, required
level of assurance to be provided by
substantive tests
 Timing of tests of controls and
substantive procedures
 Coordination of assistance from the
entity
 Availability of assistants
 Involvement of other auditors or
expers
- For initial engagements, AP will develop in the
ff. stages:
I. Broad phases outlined during the
engagement
II. Other details after review of internal
controls and accounting procedures
has begun
III. Procedures on specific phases can b e
further challenged/revised as the
work progresses
- For recurring engagements,
 Study program of preceding audit
 Current audit program must reflect:
– Modifications
– Requirements by experience
gained in the business,
internal control, accounting
methods of the client
8. Time Budget
- Estimate total hours an audit is expected to
take
- Based on info obtained in understanding of
the client (first major step)
- Basis for estimating fees
- Communicates to staff those areas that
require more time
- Measures staff efficiency (may motivate them,
but can also compromise quality)
- Determine whether progress is satisfactory at
each stage of the engagement
- Considerations:
 Client’s size based on gross assets,
sales, no. of employees
 Location of client facilities
 Anticipated accounting and auditing
problems
 Competence and experience of staff
available
- For repeat engagements, time budget
development is in reference to previous year’s
detailed time records
- Managing time
 important because time is basis of
billing
 auditor’s time is most costly element
of engagement
- Underreporting of time
 staff only reports only a fraction of
actual time spent performing a
procedure
 creates unrealistic basis of next years’
time budget
 staff may experience burnout
- Periodic accounting of time and budget
determine causes of variance between actual
and budgeted hours; guides in projecting
audit time for next audits
- May sometimes prove unattainable because
records are not in satisfactory condition
- CPA firms’ professional reputation and legal
liability DO NOT permit shortcutting or
omission of audit procedures to meet a
predetermined time estimate
9. Assignment of Personnel to the Engagement
- Typically, size of staff is directly proportionate
to size of client
- Major consideration in staffing: need for
continuity
 Familiarity with technical
requirements
 Closer interpersonal relationships w/
client personnel
- Persons assigned must be familiar with
client’s industry
- PSA 220: competence of assistants are
considered in deciding extent of DSR
- Delegation of work must be in a manner that
provide reasonable assurance that it will be
performed with due care
10. Scheduling of Work
- Audit work that may be performed during
interim period:
 Consideration of internal control
 Issuance of management letter
 Substantive tests of transactions that
occurred up to interim dare
 Optional: Tests of certain financial
statement balances (may increase the
risk to be controlled by the auditor
because significant errors may arise
during remaining period)
- Advantages of performing work during
interim period:
 Timely release of audited FS
 More effective assessment of internal
control by observing such at various
times
 Early consideration to accounting
problems
 More uniform workload for CPA firms
- Other substantive tests are scheduled near
and after year-end. Considerations:
 Deadline of final audit report and
filing of ITRs
 Ability of client’s staff to submit
required schedules
 Other audit clients
Documentation of Audit Plan/Program
- Working papers:
1. Audit plans
2. Audit programs
3. Time budget
Planning for a Repeat Engagement
- Easier than planning for new client
- Auditor should NOT merely duplicate previous
audit program
- Audit program must be modified for any
changes in client’s operations, internal
control, business environment
Summary of PSAs
1. PSA 210 – “Agreeing the Terms of Audit
Engagements”
2. PSA 220 – “Quality Control for an Audit of
Financial Statements”
3. PSA 300 – “Planning and Audit of Financial
Statements”
4. PSA 315 - “Identifying and Assessing Risks of
Material Misstatements through Understanding
the Entity and Its Environment”
5. PSA 320 – “Materiality in Planning and Performing
an Audit”
6. PSA 330 – “The Auditor’s Responses to Assessed
Risk”
7. PSA 510 – “Initial Engagements – Opening
Balances”
8. PSA 520
9. PSA 600 – “Using the Work of Another Auditor”
Additional Notes:
Overall Audit Plan = Overall Audit Strategy
Detailed Audit Plan = Audit Program