Auditing Theory Risk

Ch 9 – Overview of Risk-Based Auditing - uncertainty about events and their outcomes

*Cabrera *Sir Jann *Salosagcol *Important
that might have MATERIAL EFFECT
- *risks relating to client and its environment
Audit
- Business and financial risk may affect each
- evidence-gathering process
other (i.e. current economic climate or
- divided into stages, but such may not occur in
competitive standing may cause management
particular order in actual engagement; auditor
to circumvent internal controls to produce
may opt to modify audit program or gather
better financial reporting results)
additional evidence anytime during the
engagement (risk assessment & risk response)
(1) Audit Risk
- final stage: reporting
– giving unmodified opinion to materially
misstated FS
Auditor’s standard report
– to avoid:
- in accordance with PSAs that require
 do not accept client
compliance with ethical requirements
(engagement risk = 0)
- plan and perform audit
 set audit risk at level that would
 reasonable assurance (auditors are
mitigate risk of failing to identify
not guarantors of fair presentation)
material misstatements
 free from MATERIAL misstatement
 do more work (raises fees, creates
(auditor’s responsibility is limited to
tension with client)
material financial info)
(2) Engagement Risk
Risk-based audit approach
– association with client
- top-down evaluation of client’s risk that goes
BEYOND the FS (s.a. business risk)
(3) *Financial Reporting Risk
- assessment of likelihood of misstatements
– directly related to recording and
before adjustment of audit procedures based
presenting of financial data in FS
on assessed risk
– factors:
- determined areas to focus on
a. Competence and integrity of
- Auditor identifies, examines, assesses the ff.:
management
 client strategies and processes
b. Incentive to management of
 core business process and resource
misstated FS
management
c. Complexity of transactions
 objectives, inputs, activities, outputs,
d. Internal control
systems, and transactions of key
processes
(4) *Business Risk
 risk that processes will not meet goals
– affect operations and potential outcomes
and controls
– factors:
a. Geographical location
Risk-based Account-based b. Economic climate
View all activities in 1. understand
c. Technological change
terms of risk to: control
d. Business volatility
1. strategies and 2. assess control
objectives risk for e. Competition
2. management’s particular errors
plans and in specific
procedures to accounts and
mitigate risk cycles
Phases of the Risk-Based Audit Process
I. Risk Assessment
a. Preliminary engagement activities to
decide whether to accept client
b. Planning the audit to develop:
i. Overall audit strategy
ii. Audit plan
c. Risk assessment through understanding
the entity
II. Risk Response
a. Develop response
b. Implement response
III. Reporting
a. Assess sufficiency of evidence
b. Form opinion
PHASE I-A: Preliminary Engagement Activities
- Assists in identifying events that may affect
ability to plan and perform audit where:
 auditor maintains independence
 there are no management integrity
issues
 there is no misunderstanding with
client as to terms
At the BEGINNING of current engagement, auditor
SHOULD perform the ff:
a. PSA 220 1- Acceptance or continuance
procedures
b. PSA 220 – ethical reqs. & indepndence
compliance evaluation
c. PSA 210 2– establish understanding of terms
 Consideration of client continuance and ethical
requirements occurs throughout the audit.
 Initial procedures on continuance and ethical
requirements are completed prior to other
significant activities
 Initial procedures for continuing engagements
occur shortly after or in connection with the
completion of the previous audit
How are clients obtained?
1. Business transactions (e.g. acquisition of
existing client of a new company)
2. Social contracts (CPA firm submits proposal to
perform client’s annual audit)
1
PSA 220 - “Quality Control for an Audit of Financial
Statements”
2 4
PSA 210 – “Agreeing the Terms of Audit Engagements”
Prior to engagement acceptance, CPA should obtain
management’s permission to investigate client’s
history, identities and reputations of directors,
officers, major shareholders.
Public Accounting firms are NOT obligated to accept
or continue undesirable clients
Prior to engagement, CPA firm must assess:
 Competence to perform (capabilities, time,
resources)
 Ability to be comply with ethical requirements
 Client integrity
Preconditions of an audit
 Acceptability of applied FR framework
 Management’s acknowledgement of its
responsibilities:
1. Prepare and fairly present FS
2. Necessary internal controls (M)3
3. Provide auditor with:
 Access to all relevant (M) info
 Additional info requested (A)4
 Unrestricted access to
persons within the entity (A)
Engagement Letter
- Final step of preliminary engagement
activities
- Where terms are recorded
- Includes:
a. Objective and scope of audit
b. Auditors’ responsibilities
c. Management’s responsibilities
d. Applicable FR framework
e. Reference to expected form and
content + disclosure that there may
be circumstance in which report may
differ
f. Fees
- Recurring audits:
 Assess if there is a need to revise or
remind the entity of terms
 Audit shall NOT agree to change in
terms without reasonable justification
 If auditor cannot agree to change:
– Withdraw if legally possible
– Report to other parties, if
obligated
3
M – management’s discretion
A – auditors’ discretion
PHASE I-B: Planning the Audit  Determination of materiality
 Involvement of experts
 Other risk assessment procedures
PSA 300 “Planning an Audit of Financial Statements”
Benefits of Audit Planning
- Audit must be planned for it to be performed
effectively – Appropriate attention to important areas
- Audit plan: normally drafted prior to working – Potential problem detection
at client’s offices – Organization, management, performance of
audit effectively and efficiently
– Assignment and Review of work
Audit Planning – Coordination of work to be done by auditors and
other parties (experts, specialists, etc.)
- Establishment of overall strategy and audit – Expedition of work completion
plan to reduce audit risk to acceptably low
level Overall Audit Strategy
- Main objective: determining scope of audit to
- Sets scope (how much), timing (when),
be performed
direction (how) of audit
- Allocating resources during an audit
- Guides the development of a more detailed
engagement
audit plan
- Involves engagement partner and key
- Best audit strategy: most efficient; least
members of engagement team (client not
possible cost
included); auditor may discuss some elements
- Considers results of preliminary activities
with management, but such discussion must
not compromise audit’s effectiveness Determines:
- Not discrete; continuous and iterative
- Scope
- Begins shortly after or in connection with
 FR framework
completion of previous audit and continues
 Industry-specific reporting
until completion of current audit
requirements.
- Nature and extent of planning depends on:
 Locations of entity components
 Size/complexity of entity
- Timing
 Previous experience w/ entity
 Deadlines of reporting
 Circumstantial changes during audit
 Key dates and meetings with
 Complexity of Audit
management
 Knowledge of the business
 Expected communication of audit
(Understanding the entity and its
status
environment):
- Direction
– to identify events,
 Materiality levels
transactions, practices that
 Areas of higher risk
may have significant effect on
 Material components and account
the FS
balances
– Better evaluate
 Internal control evaluation
reasonableness of client’s
 Recent significant developments
estimates
- Relevance of knowledge gained in
– Procedures can be selected
preliminary activities (may be compared with
with more assurance
other clients in the same industry)
– Uniquely applicable
- Nature, timing, extent of necessary resources
procedures can be designed
- Certain activities must be timed and
completed before further audit procedures
such as planning of: Benefits of Developing Audit Strategy
 Analytical procedures to be employed Audit strategy assists the auditor to determine,
 Obtaining understanding applicable subject to completion of risk assessment, matters
framework such as:
  Resources to deploy to specific areas  Knowledgeable of business and accounting
 Amount of resources to allocate and willing to study FS with reasonable
 Timing of resource deployment (interim or diligence
cut-off dates)  Understand that FS are prepared, presented,
 How resources are managed, directed, audited to levels of materiality
supervised  Recognize uncertainties in measurement of
amounts
Once overall strategy has been established, audit plan
 Make reasonable economic decisions
may be developed (not necessarily discrete/
sequential processes, but closely inter-related) Levels of Materiality
Overall Specific
For small entities, entire audit may be conducted by a
FS as a whole; highest Particular classes only;
small audit team; easier coordination; no need for amount of misstatement; sensitive areas
complex audit strategy (e.g. brief memorandum of
previous audit that is updated currently may serve as based on common
audit strategy) information needs of
various users
When developing an audit strategy, auditor must
Performance Materiality
consider appropriate levels of materiality and risk.
aka TOLERABLE MISSTATEMENT – Account Balance
Materiality (as per FRSC) Level (allocated materiality to an account)
- Used by auditor to reduce risk that the
- Information is material if its
ACCUMULATION OF UNCORRECTED
omission/misstatement influences economic
MISSTATEMENTS exceeds overall materiality
decision taken on the basis of the FS
and specific materiality
- Depends on size or error judged in particular
- LOWER than overall and specific materiality
circumstances
- Objectives:
- A threshold or cut-off point rather than a
 Ensures that misstatements less than
primary qualitative characteristic
overall/specific are detected
- Quantitative considerations: peso amount of
 Provide a margin/buffer for possible
errors/ amount in relation to FS
undetected misstatements
- Qualitative considerations: causes of the
misstatement/ nature Planning materiality/ Preliminary judgement about
- E.g. materiality level of 1M  auditor only materiality
checks accounts with balances of more than
- Amount by which it is believed that FS could
1M because <1M is immaterial
be misstated without affecting users’
- Recognizes that some info are important and
decisions based on preliminary assessment
some are not for fair presentation
- Need NOT be quantified, but OFTEN is
- May be viewed as:
- Helps auditor PLAN appropriate evidence to
(1) Largest amount of misstatement
accumulate
that an auditor could tolerate
- Relationship with evidence: inverse
(2) Smallest AGGREGATE amount that
- Auditor must consider any potential effect a
could misstate the FS
misstatement might have which may be
- Uses of materiality in audit:
greater than the peso amount involved (e.g.
 Planning stage —> scope of audit
immaterial misstatement does not allow
procedures
client to meet a contractual obligation may be
 Completion stage —> effect of
considered material)
misstatements on the FS
Alternative Bases for Materiality Levels
A matter of professional judgment.
(requires relevant skills, knowledge in decision- 1. Annualized interim FS
making) 2. Prior years’ FS
3. Budgeted FS of the current year
Auditor’s assumptions re: users
 Rules of Thumb for Planning Materiality only - Overview of the engagement, outlines nature
(Starting point) and characteristics of client’s business and
Overall Specific Performance overall audit strategy
(3-7%) Lower, No specific - More detailed than the audit strategy
Profit from SPECIFIC guidance in - Includes BROAD description of:
continuing amount for PSAs  NTE of risk assessment procedures
operations specific/ (PSA 3155)
sensitive areas Ranges from
 NTE of planned further audit
If non-profit: 60-85% of
procedures at assertion level (PSA
(1-3%) overall
3306)
Revenues/ materiality,
Expenditures where assessed  Other planned audit procedures
risk (inherent required for compliance with PSAs
(1-3%) and control) is - Planning of NTE of specific procedures depend
Assets higher or on outcome of risk assessment; Auditor may
lesser, begin execution of further audit procedures of
(3-5%) respectively some areas BEFORE completing the more
Equity detailed audit plan of all remaining further
instructions
- Auditor may wish to prepare a memorandum
Other Considerations setting forth the preliminary audit plan (for
large entities)
 Overall materiality used by PREVIOUS
AUDITOR
 Ensure that EXPERTS are instructed to use Typical info found in the audit plan:
appropriate materiality levels 2. Description of client (structure, nature)
3. Audit objectives (i.e. for stockholders, creditors,
special-purpose)
Materiality and Risk 4. Nature and extent of other services (e.g. tax
returns -preparation)
- INVERSELY related
5. Timetable
- Auditor compensates for higher risk by
6. Work to be done by client’s employer
EITHER:
7. Assignment of audit staff
 Reducing control risk by extending
8. Target completion dates
additional tests of control
9. Planning materiality
 Reducing detection risk by modifying
10. Special problems to be resolved (as revealed by
nature, timing, extent of planned
analytical procedures)
substantive procedures
11. Conditions that require changes in audit test
Main issues to consider when designing substantive
audit procedures (and proportionality with):

1. Level of assurance aimed —> direct

2. Susceptibility to MM —> directly
3. Effectiveness of internal control —> inverse

Auditor shall:

Audit Plan 5
PSA 315 – “Identifying and Assessing Risks of Material
Misstatements through Understanding the Entity and Its
Environment”
6
PSA 330 – “The Auditor’s Responses to Assessed Risk”
– Update and change overall strategy and audit plan *must be appropriately tailored*
as necessary 3. Significant changes
– Plan the NTE of direction, supervision, review of  Reasons for changes
engagement team members  Auditor’s response to events,
 Size and complexity of entity conditions, results of audit
 Area of audit procedures that resulted in such
 Assessed RMM (i.e. increased RMM changes
requires improvement of procedures of
*This explains strategy and plan finally
DSR)
adopted for the audit*
 Capabilities and competence of team
– Document:  Form and extent depend on:
 Overall strategy i. Size and complexity of entity
 Audit plan ii. Materiality
 Significant changes made and reasons for iii. Extent of other
such documentation
– Undertake ff. PRIOR to initial audit: iv. Circumstances of the specific
 PSA 220 procedures re: client acceptance audit engagements
 Communicate with predecessor auditor in
compliance with ethical requirements
Additional Considerations in Initial Audit Engagements

– Client acceptance procedures (PSA 220)

Consideration for Smaller Entities
– Communication with predecessor auditor in
- Entire audit may be performed by the compliance with ethical requirements
engagement partner (may be a sole
*Purpose of planning the audit are the SAME whether
practitioner)
audit is initial or recurring.
- Questions of DSR do not arise
- Audit partner still has to be satisfied that the Initial audits - auditor may need to expand planning
audit has been done in accordance with the activities; additional considerations in planning:
PSAs
 Arrangements w/ previous auditor, unless
- Complex and usual transactions: consult with
prohibited by law
suitably-experienced auditors or auditors/
 Major issues in connection with initial
professional body
selection as auditors (including applications of
- Suitable, brief memorandum may serve as
accounting/auditing principles and reporting
documented strategy
standards)
 Assignment of personnel according to
Documentation capabilities
 Other procedures required by QC system
1. Overall audit strategy
 First time audits require more work than
 Key decisions considered necessary to
repeat engagements because of the problem
plan the audit
re: verification of opening balances
 scope, timing, conduct of audit
 Planned audit procedures regarding opening
2. Audit Plan
balances (par, 2 PSA 5107)
 NTE of:
 Opening balance should not have
i. Risk assessment
misstatements that materially affect
ii. Further audit procedures at
current FS
assertion level for each
 Prior period’s closing balances
material class of transaction,
appropriately forwarded, or when
balance, disclosure in
appropriate, restated
response to assessed risk
 Auditor may use:
i. Standard audit programs
ii. Audit completion checklists 7
PSA 510 – “Initial Engagements – Opening Balances”
  Appropriate accounting policies are - Predecessor auditor
applied, properly accounted for, and  Working papers may be reviewed
adequately disclosed  Client background info
 Internal control
 Beginning balances
Other Critical Matters in Engagement Planning  Client’s consent needed

1. Analytical Procedures If unable to obtain necessary info, treat as

- Purpose: a NEW CLIENT
 Understand business process
Other CPA:
 Identify areas of potential risk
- Principal Auditor
- Auditor creates expectations, compares with
 Responsible for reporting on FS on
FS; difference is assessed for relevance in
entities w/ one or more components
terms of risk
 Considerations in becoming the
- Significant ratios, account relationships,
principal auditor:
comparisons with prior periods assist in
– Materiality of portion of FS
identifying unusual transactions
that principal audits
- Relevant non-financial info may be utilized
– Degree of knowledge of
(e.g. no. of employees, area of store, volume
business components
of goods)
– RMM in the FS of components
- Required by PSA 5208
audited by others
– Performance of additional
2. Engagement or Audit Team Establishment
procedures re: audit of
- Audit team: people with different levels of
components resulting in
expertise and experience; usually consists of:
significant participation of
 Engagement partner
principal in such audit
 Manager
 For consolidated FS, not necessarily
 at least one senior
one engagement team only
 one or more staff auditors
- Other Auditor
- Considerations in determining # of people to
 Responsible for a component (other
assign:
entity whose financial info is included
 Size and complexity of the audit
in FS audited by principal auditor)
 Availability and experience of
 PSA 600 9establishes standards when
personnel
auditor uses the work of another
 Necessity for special expertise
 May or may not be from the same
 Opportunity to train personnel
firm
 Continuity
- Specialists
 Rotation
 Unique knowledge
- For regulated industries s.a. banking, major
 Judgment in another field
members of the audit team must have
- Client’s Staff
necessary knowledge/ skills
 Working papers
 Reduces cost
 Frees auditor from routine work
 NEVER accept work at face value
 Labeled as PBC (Prepared by client)
3. Work Performed by Other Auditors/Parties with initials of auditor who verified
- Considerations: - Internal Auditors
 Involvement of other auditors in audit  Enhances control risk
of components  Assist in specific audit procedures
 Involvement of experts
 Number of locations 4. Going Concern Assumption

8 9
PSA 520 PSA 600 – “Using the Work of Another Auditor”
 - PSA 570 10- assessment whether substantial
doubt exists re: ability to continue as a GC
- Auditor is NOT required to design specific
procedures when such doubt exists
- +paragraph: audit was conducted under the
assumption that the entity will continue as a
going concern
- Considerations (ref. Cabrera AT p. 402):
 Financial
 Operating
 Other
- Negatives can be counter-balanced by
positives
5. Related Parties
- Affiliated company, principal owner of client
company, other party where one of the
parties can influence (significant control)
management or operating policies of the
other
- Transactions with RP (related party
transaction) are disclosed in the FS if material
- GAAP requires disclosure of nature of RP
relationship
- High inherent risk due to lack of
independence bet. RP
- Related parties should be identified and
included in permanent files early in the
engagement
- How to identify RP:
 Management inquiry
 SEC filings review
 Examination of stockholders’ listings
to identify principal stockholders
6. Client’s Legal Obligations
- Client should review pertinent current-year
info:
 Minutes of directors’/SHs’ meetings
 Changes to articles of incorporation or
by-laws (new clients: read from
inception, make summaries)
 Significant contracts executed during
the year
 Auditor understand under which legal
environment the client is in
 E.g. major contracts, mergers, debt,
compensation, asset purchase
agreements, current situations and
future business plans, authorization of
dividends
10
PSA 570
7. Completion of Initial Audit Program
- Audit program: a set of audit procedures
specifically designed for each audit;
substantive tests and tests of controls;
implements overall audit strategy/audit plan
- Instructions to assistants
- Audit of objectives for each audit engagement
- List of audit procedures NECESSARY to be
performed should ALWAYS be included in
audit plan
- Auditor may or may not rely on existing
controls in obtaining evidence (choose
efficient methods)
- Auditor must have flexibility in performing
procedures because some have time limits
- Written audit program is required for each
engagement
- Considerations:
 Inherent risk, control risk, required
level of assurance to be provided by
substantive tests
 Timing of tests of controls and
substantive procedures
 Coordination of assistance from the
entity
 Availability of assistants
 Involvement of other auditors or
experts
- For initial engagements, AP will develop in the
ff. stages:
I. Broad phases outlined during the
engagement
II. Other details after review of internal
controls and accounting procedures
has begun
III. Procedures on specific phases can be
further challenged/revised as the
work progresses
- For recurring engagements,
 Study program of preceding audit
 Current audit program must reflect:
– Modifications
– Requirements by experience
gained in the business,
internal control, accounting
methods of the client
8. Time Budget
- Estimate total hours an audit is expected to
take
 - Based on info obtained in understanding of
the client (first major step)
- Basis for estimating fees
- Communicates to staff those areas that
require more time
- Measures staff efficiency (may motivate them,
but can also compromise quality)
- Determine whether progress is satisfactory at
each stage of the engagement
- Considerations:
 Client’s size based on gross assets,
sales, no. of employees
 Location of client facilities
 Anticipated accounting and auditing
problems
 Competence and experience of staff
available
- For repeat engagements, time budget
development is in reference to previous year’s
detailed time records
- Managing time
 important because time is basis of
billing
 auditor’s time is most costly element
of engagement
- Underreporting of time
 staff only reports only a fraction of
actual time spent performing a
procedure
 creates unrealistic basis of next years’
time budget
 staff may experience burnout
- Periodic accounting of time and budget
determine causes of variance between actual
and budgeted hours; guides in projecting
audit time for next audits
- May sometimes prove unattainable because
records are not in satisfactory condition
- CPA firms’ professional reputation and legal
liability DO NOT permit shortcutting or
omission of audit procedures to meet a
predetermined time estimate
9. Assignment of Personnel to the Engagement
- Typically, size of staff is directly proportionate
to size of client
- Major consideration in staffing: need for
continuity
 Familiarity with technical
requirements
 Closer interpersonal relationships w/
client personnel
- Persons assigned must be familiar with
client’s industry
- PSA 220: competence of assistants are
considered in deciding extent of DSR
- Delegation of work must be in a manner that
provide reasonable assurance that it will be
performed with due care
10. Scheduling of Work
- Audit work that may be performed during
interim period:
 Consideration of internal control
 Issuance of management letter
 Substantive tests of transactions that
occurred up to interim dare
 Optional: Tests of certain financial
statement balances (may increase the
risk to be controlled by the auditor
because significant errors may arise
during remaining period)
- Advantages of performing work during
interim period:
 Timely release of audited FS
 More effective assessment of internal
control by observing such at various
times
 Early consideration to accounting
problems
 More uniform workload for CPA firms
- Other substantive tests are scheduled near
and after year-end. Considerations:
 Deadline of final audit report and
filing of ITRs
 Ability of client’s staff to submit
required schedules
 Other audit clients
Documentation of Audit Plan/Program
- Working papers:
1. Audit plans
2. Audit programs
3. Time budget
Planning for a Repeat Engagement
- Easier than planning for new client
- Auditor should NOT merely duplicate previous
audit program
- Audit program must be modified for any
changes in client’s operations, internal
control, business environment
Changes to Audit Plan and Program
- Planning is continuous throughout the
engagement because of changes or
unexpected results in procedures
- Audit plan/program should be REVISED AS
NECESSARY and REASONS SHOULD BE
RECORDED
Summary of PSAs
1. PSA 210 – “Agreeing the Terms of Audit
Engagements”
2. PSA 220 – “Quality Control for an Audit of
Financial Statements”
3. PSA 300 – “Planning and Audit of Financial
Statements”
4. PSA 315 - “Identifying and Assessing Risks of
Material Misstatements through Understanding
the Entity and Its Environment”
5. PSA 320 – “Materiality in Planning and Performing
an Audit”
6. PSA 330 – “The Auditor’s Responses to Assessed
Risk”
7. PSA 510 – “Initial Engagements – Opening
Balances”
8. PSA 520 – “Analytical Procedures”
9. PSA 600 – “Using the Work of Another Auditor”
Additional Notes:
Overall Audit Plan = Overall Audit Strategy
Detailed Audit Plan = Audit Program