Audit_I_Chapter_3,_Pt_II,_Assessing_Risk_of_Material_Missstatement.pptx

Chapter 3 Audit Planning Ch 3-Part II - Assessing the Risk of Material Misstatement

Learning Objectives 3.2.1 Define risk assessment and its purpose 3.2.2 Distinguish the different types of risk assessment procedures 3.2.3 Understand important auditor considerations related to the risk of material misstatement due to fraud 3.2.4 Define significant risk, describe the auditor’s responsibility to identify significant risks 3.2.5 Describe the audit risk model and its components 3.2.6 Assess acceptable audit risk 3.2.7 Consider the impact of several factors on the assessment of inherent risk 3.2.8 Discuss the relationship of risks to audit evidence

Figure 8.1 Planning an Audit and Designing an Audit Approach (The Planning process) (Planning process 1-4) focusing on Materiality is discussed in 3.1 (previous part) (Planning process 5-8, focusing on risk assessment ) will be discussed in 3.2 (this part) Audit I YA AAUSC 2022

Risk Assessment What is Risk Assessment? Risk assessment - is the i dentification and evaluation of several aspects of an entity whereby risks are identified and evaluated for use in guiding the audit procedures that will be necessary in order to substantiate the amounts reported in the financial statements. Risk assessment - is the determination of the QUANTITATIVE and QUALITATIVE estimate of risk . The Quantitative aspect attempts to quantify risk by assigning numerical values ( eg 5%,10%..) The Qualitative aspect makes a judgment about risk as high, medium, low.

..Risk Assessment Purpose of Risk Assessment At all stages of the audit, including during risk assessment, the auditor must bear in mind what the overall objectives are. As per ISA 200 Overall objectives of the independent auditor are : 'To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects , in accordance with an applicable financial reporting framework; and to report on the financial statements, and communicate as required by the ISAs, in accordance with the auditor's findings . In order to obtain assurance- about whether the financial statements are free from material misstatement , the auditor needs to consider how and where misstatements are most likely to arise. By assessing risk of material misstatement: the auditor identifies areas of FSs susceptible to material misstatement and design and perform further audit procedures.

…. Risk Assessment Risk assessment helps the auditor : to ensure the key areas more susceptible to material misstatement are adequately investigated and tested during the audit. to identify low risk areas where reduced testing may be appropriate, and to ensure time is not wasted by over-testing these areas. Once the auditor has identified the audit risks, procedures can be put in place in response to that risk.

..Risk Assessment Why is Risk Assessment so Important to an Audit? Risk assessment is an essential task, particularly if the auditor desire efficiency and effectiveness for the audit. When properly performed, Risk assessment, tells the auditor: 1.which audit procedures are necessary to do , and 2.which audit procedures can be omitte d. In general, risk assessment is a means by which maximum result is attained with minimal effort. Both ISA 315 & ISA 330 recognize that assessing risk is at the core of the audit process , and these two ISAs specify that the auditor is required to obtain an understanding of the risk relevant to the financial statements . It is a good audit practice to assess risk annually and to plan work based on present conditions and identified risks.

..Risk Assessment---- ISA 315 requires auditor to identify and assesses the risk of material misstatement , whether due to fraud or error, at both the financial statement and assertion level The risk of material misstatement exists at two levels : a . Overall financial statement level b. Assertion level Auditing standards require the auditor to assess the risk of material misstatement at each of these levels and to plan the audit in response to those assessed risks. .

.. Risk Assessment a. Risk of Material Misstatement at the Overall Financial Statement Level Risk at this level refers to risks that relate pervasively to the financial statements as a whole and potentially affect a number of different transactions and accounts. It is important for the auditor to consider risks at the overall financial statement level , given those risks may increase the likelihood of risks of material misstatement across a number of accounts and assertions for those accounts.

… Risk Assessment …..Risk of Material Misstatement at the Overall Financial Statement Level Factors that may increase the risks of material misstatement at the overall financial statement level include: Deficiencies in management’s integrity or competence Ineffective oversight by the board of directors , or Inadequate accounting systems and records Declining economic conditions or significant changes in the industry may also increase the risk of material misstatement at this level These factors increase the likelihood that material misstatements may be present in a number of assertions affecting several classes of transactions, account balances, or financial statement disclosures . .

b. Risk of Material Misstatement at the assertion Level Assertions / Management assertions / are implied or expressed r epresentations by management about: classes of transactions ( transaction related assertions ) the related accounts and ( balance related assertions) disclosures in the financial statements. (disclosure related assertions) In most cases assertions are implied . The three categories of assertions are: transaction related assertions ( Occurrence, Completeness, Accuracy, Classification, Cutoff ). balance related assertions ( Existence, Completeness, Valuation and allocation, Rights and obligations ) disclosure related assertions ( Occurrence and rights and obligations, Occurrence, Accuracy and valuation, Classification and understandability )

After the relevant assertions have been identified, the auditor can then develop audit objectives for each category of assertions . The auditor’s audit objectives follow and are closely related to management assertions , because the auditor’s primary responsibility is to determine whether management assertions about financial statements are justified.

… Risk Assessment … Risk of Material Misstatement at the assertion Level Developing audit objectives for classes of transactions, account balances, and presentation and disclosure helps the auditor to: - design audit procedures to accumulate sufficient appropriate evidence about each aspect of the assertions. For example, developing an audit objective specific to the accuracy of transactions helps the auditor design and perform audit procedures to: - obtain evidence about the accuracy of transactions ,

QqQq developing an audit objective for the classification of transactions helps the auditor to : - design and perform audit procedures to obtain evidence about whether the transactions are recorded in the appropriate accounts. Auditing standards- require the auditor : to assess the risk of material misstatement at the assertion level for- classes of transactions , account balances , and presentation and disclosure in order to determine the nature, timing , and extent of further audit procedures.

SSSSS Risk of Material Misstatement at the assertion Level Nature -the type of audit procedure applied ( physical count, confirmation.. ) Time -When to apply the audit procedures ( at the end of the year, during the audit, ….) Extent- How much sample to take? Auditors develop audit objectives for each of the assertions and perform audit procedures to obtain persuasive audit evidence that each of those audit objectives is achieved . As a result, auditors typically assess the risk that audit objectives related to assertions for classes of transactions, account balances, and presentation and disclosure are not achieved .

… … Risk Assessment …Risk of Material Misstatement at the assertion Level The risk of material misstatement- at the assertion level consists of two components : inherent risk and control risk. Inherent risk- represents the auditor’s assessment of the susceptibility of an assertion to material misstatement , before considering the effectiveness of the client’s internal controls. For example, inherent risk may be higher for accounts whose valuations are dependent on complex calculations or accounting estimates subject to significant estimation judgment. Control risk - represents the auditor’s assessment of the risk that a material misstatement could occur in an assertion and not be prevented or detected on a timely basis by the client’s internal controls. For example, - control risk may be higher if the client’s internal control procedures fail to include independent review and verification by other client personnel of complex calculations used or significant estimates developed to determine the valuation of an account balance recorded in the client’s financial statements . Inherent risk and control risk are the client’s risks and they exist independent of the audit of the financial statements.

..Risk Assessment The Risk Assessment Process The risk assessment process includes: Understanding and evaluating the entity and its environment Understanding and evaluating the risks of fraud at the entity Understanding and evaluating the internal control processes and procedures at the entity Performing an overall evaluation of all information gathered and risks assessed Design audit procedures to respond to the overall risk of material misstatement and any other significant risks

Planning and Risk Assessment Procedures

.. Planning and Risk Assessment Procedures i . Engagement Team Discussion the engagement team must discuss the areas in which the FSs of the entity may be susceptible to material misstatement whether due to fraud or error [ISA315.A14]. The audit team members , including the auditor with final responsibility for the audit will have a "brainstorming" session to exchange ideas mainly about: how and where they believe the entity's FSs might be affected by material misstatement due to fraud , how management could do wrong and conceal fraudulent financial reporting , and how assets of the entity could be misappropriated. The discussion helps experienced members to share experience to inexperienced staff

.. Planning and Risk Assessment Procedures …Engagement Team Discussion The discussion includes: About the two main types of fraud 1. Fraudulent Financial reporting: is an intentional misstatement or omission of amounts or disclosures with the intent to deceive/mislead users . Deliberate overstatement/understatement of asset, revenue, expense, liability. Eg use of practices such as Earnings management, income smoothing- Earnings management ( deliberate actions taken by management to meet earnings objectives) Income smoothing- (a form of earnings management in which revenues and expenses are shifted between periods to reduce fluctuations in earnin gs) 2. Misappropriation of assets- is fraud that involves theft of an entity’s assets (by employees or management).

.. Planning and Risk Assessment Procedures …Engagement Team Discussion …The discussion includes: About the Three conditions for fraud:

.. Planning and Risk Assessment Procedures …Engagement Team Discussion …The discussion includes: about the Three conditions for fraud: Three conditions for fraud arising from fraudulent financial reporting and misappropriations of assets are referred to as the fraud triangle: Incentives/Pressures- Management or other employees have incentives or pressures to commit fraud (Employees with excessive financial obligations, or those with drug abuse or gambling problems, may steal to meet their personal needs/ to fund extravagant lifestyle). Opportunities- Circumstances provide opportunities for management or employees to commit fraud (absence of control, position or power) Attitudes/Rationalization- An attitude, character, or set of ethical values exists that allows management or employees to commit a dishonest act, or they are in an environment that imposes sufficient pressure that causes them to rationalize committing a dishonest act.

.. Planning and Risk Assessment Procedures Engagement Team Discussion …The discussion includes: A consideration of the known external and internal factors affecting the entity that might Create incentives/pressures for management and other (employees, directors..) to commit fraud, Provide the opportunity for fraud to be committed , and Indicate a culture or environment that enables management to rationalize committing fraud. The discussion should occur with an attitude that includes a questioning mind . And, for this purpose, it is essential to set aside any prior beliefs the audit team members may have that management is honest and has integrity .

.. Planning and Risk Assessment Procedures Engagement Team Discussion …The discussion includes: Finally, the discussion should include: how the auditor might respond to the susceptibility of the entity's financial statements to material misstatement due to fraud . Responding to these risks properly is critical to achieving a high-quality audit An emphasis should be placed on the importance of maintaining the proper state of mind throughout the audit regarding the potential for material misstatement due to fraud.

.. Planning and Risk Assessment Procedures ii. Determine Materiality Determine the amounts that will be considered material in relation to the financial statements. It is better to use industry standards to perform the calculation of materiality. (Remember: Materiality is already discussed in Ch 3-Part I)

.. Planning and Risk Assessment Procedures iii. Risk Assessment Procedures

.. Planning and Risk Assessment Procedures ….Risk Assessment Procedures Types of risk assessment procedures include: Inquiries o f management and others within the entity and those charged with governance. Observatio n Inspection Analytical procedures • Risk assessment procedures - are performed to confirm truthfulness of information obtained during the risk assessment process

.. Planning and Risk Assessment Procedures ….Risk Assessment Procedures Analytical procedures Preliminary analytical procedures: analytical procedures must be performed while planning the audit with an objective of identifying the existence of unusual transactions or events, and amounts, ratios, and trends that might indicate matters that have financial statement and audit planning implications . - Analytical procedures related to revenue: the auditor also should perform analytical procedures relating to revenue with the objective of identifying unusual or unexpected relationships involving revenue accounts that may indicate a material misstatement due to fraudulent financial reporting.

.. Planning and Risk Assessment Procedures ….Risk Assessment Procedures I dentifying the Risk of Material Misstatement Due to Fraud Make inquiries of management and others within the entity to obtain their views about the risks of fraud and how they are addressed. Consider any unusual or unexpected relationships that have been identified in performing analytical procedures in planning the audit. Consider whether one or more fraud risk factors exist . Consider other information that may be helpful in the identification of risks of material misstatement due to fraud.

.. Planning and Risk Assessment Procedures ….Risk Assessment Procedures .. Identifying the Risk of Material Misstatement Due to Fraud The auditor should inquire of management about Whether management has knowledge of any fraud or suspected fraud affecting the entity Whether management is aware of allegation of fraud or suspected fraud affecting the entity, for example, received in communications from employees, former employees, analysts, regulators, or others Management's understanding about the risks of fraud in the entity , including any specific fraud risks the entity has identi fied or account balances or classes of transactions for which a risk of fraud may be likely to exist

.. Planning and Risk Assessment Procedures ….Risk Assessment Procedures .. Identifying the Risk of Material Misstatement Due to Fraud …The auditor should inquire of management about: Programs and controls the entity has established to mitigate specific fraud risks the entity has identified, to prevent, deter, and detect fraud, and how management monitors those programs and controls For an entity with multiple locations, the nature and extent of monitoring of operating locations or business segments, and whether there are particular operating locations or business segments for which a risk of fraud may be more likely to exist Whether management communicates to employees its views on business practices and ethical behavior and How management communicates its views on business practices and ethical behavior to employees ( eg . through meeting, website …)

.. Planning and Risk Assessment Procedures ….Risk Assessment Procedures Considering Fraud Risk Factors Because fraud is usually concealed, material misstatements due to fraud are difficult to detect . •The auditor may identify events or conditions that: 1.indicate incentives/pressures to perpetrate fraud 2.opportunities to carry out the fraud, or: 3.attitudes/rationalizations to justify a fraudulent action.

.. Planning and Risk Assessment Procedures v. Understand the Entity and Its Environment Usually, auditors ask the following questions to gain understanding about the entity: How is the company’s performance as compared with others in the industry? Are there any new competitive pressures or opportunities? Have key vendor relationships changed? Can the entity obtain necessary knowledge of products? How strong is the entity’s cash flow? Has the entity met its debt obligations? Who are your key personnel and why are they important ? What is the entity’s strategy? Do you have any related party transactions?

.. Planning and Risk Assessment Procedures .. Understanding Internal Control Auditors are required to gain an understanding of the entity’s policies and procedures to determine if: a control system is in place and controls are properly designed and implemented . Auditors are required to perform inquiry, observation, and inspection to determine if controls have been properly implemented Note: Inquiry alone is not sufficient to understand the design and implementation of controls Evaluate the design and implementation of controls Related to significant risks Related to risks that cannot be tested effectively using substantive procedures alone Gain an Understanding of the entity policy and procedures How the incorrect processing of transactions is resolved How detail is reconciled to the general ledger for material accounts

.. Planning and Risk Assessment Procedures Performing Walkthroughs/testing by making or practicing Walkthroughs can be a very effective way of determining whether controls have been properly designed and implemented . Procedures of a walkthrough include: Select one or a few transactions Trace from initial creation of the source document to final posting in the general ledger Inspect documents and records used in processing, make inquiries, and observe procedures being performed

.. Planning and Risk Assessment Procedures …….Performing Walkthroughs During the walkthrough, the auditor will document the following: Understanding of internal control components Sources of information Procedures performed Controls evaluated related to significant risks and risks for which substantive procedures alone are not effective Processing of transactions for each significant transaction class The process of closing the accou nts and preparation of report.

.. Planning and Risk Assessment Procedures vi. Retrospective Review of Accounting Estimates Auditors perform review of Accounting Estimates to evaluate : Effectiveness of management’s estimation process Information relevant to current year estimates The need for disclosure The existence of possible management bias

Identifying Significant Risks/Audit Areas How auditors identify significant risks/audit areas? Significant Risk A significant risk represents an identified and assessed risk of material misstatement (RMM) of the FSs or disclosures that, in the auditor’s professional judgment , r equires special audit consideration . Significant risks are likely to be included in public company audit reports as critical audit matters Significant risks often relate to: Non-routine transactions -transaction that is unusual, either due to size or nature , and that is infrequent in occurrence Matters that require significant judgment Fraud risk

….Identifying Significant Risks/Audit Areas When auditors identify significant risks/audit areas , (areas that present possibility of material misstatement of the FSs or disclosures ) they consider the fallowing factors and apply professional judgment and are required to be skeptic in the process: Auditors Consider the following factors in identifying significant risk : Volume of activity Size and composition of accounts Types of transactions Presence of fraud risks or other significant risks Changes from the prior period

Use of professional judgment & professional skepticism in applying Risk assessment procedures Auditors assess Risk of Material Misstatement (RMM) by assessing each risk that contributes to Audit risk. Remember, Audit Risk=RMM x Detection Risk =RMM has two components, IR & CR a. Assessment of Inherent Risk: As inherent risk is the risk that items will be misstated due to the characteristics of those items , such as the fact they are estimates or that they are important items in the accounts , the auditors must use their professional judgment and all available knowledge to assess inherent risk . If no such information or knowledge is available then the inherent risk is high.

..Use of professional judgment & professional skepticism in applying Risk assessment procedures … Assessment of Inherent Risk : The assessment of inherent risk is important because it is auditors’ attempt to predict where misstatements are most and least likely in the financial statement segments This assessment affects: the amount of evidence that the auditor needs to accumulate, the assignment of staff , and the review of audit documentation Auditors begin their assessments of inherent risk during the planning phase and update the assessments throughout the audit

..Use of professional judgment & professional skepticism in applying Risk assessment procedures …Assessment of Inherent Risk: The auditor should consider several major factors when assessing inherent risk: (Factors affecting Inherent Risks) Nature of the client’s business Results of previous audits Initial versus repeat engagement Susceptibility to misappropriation of assets Existence of related parties Complex o r non-routine transactions Judgment required to correctly record account balances and transactions Makeup of the population Factors related to fraudulent financial reporting Factors related to misappropriation of assets

..Use of professional judgment & professional skepticism in applying Risk assessment procedures …Assessment of Inherent Risk: The following factors help the auditor to assess Inherent Risk -Auditor's knowledge of its clients -Auditor’s knowledge of its client's operating environment -Auditor’s knowledge of each auditable area

b. Assessment of Control Risk Similar to the case of inherent risk, auditors must use their professional judgment and all available knowledge . Factors Affecting Control Risk Quality of managemen t and staff Quality of internal control system Level of supervision Level and quality of internal audit coverage in an organization Factors that help to assess Control Risk - Assessing the behavior of management & staff, their attitude towards control, the internal control system and the level of internal audit service Information about time elapsed since last audit. In general, assessment of inherent risk and control risk (misstatement) requires the audit team to have a good knowledge of how the client’s activities, control systems , affect financial statements.

How to apply professional skepticism in assessing inherent and control risk (Misstatement) Professional skepticism requires the auditor to be alert to : Audit evidence that contradicts other audit evidence Information that brings in to question the reliability of documents and responses to enquires to be used as audit evidences Conditions that may indicate possible fraud Circumstances that suggest the need for audit procedures in addition to those required by ISAs. (ISA 200,A20)

assessment of each risk that contributes to Audit risk c. Assessment of Detection risk: For the Detection risk component of audit risk, auditors have degree of control over. If risk is too high to be tolerated, the auditors can carry out more work to reduce this aspect of audit risk and audit risk as a whole. How the auditor can reduce detection risk and the overall audit risk to an acceptable level? An auditor can reduce detection risk and overall audit risk by: Adequate planning Assigning more experienced people to the audit team The application of professional skepticism Applying wider range of audit procedures Increasing sample size

…..How to address Detection Risk Setting appropriate materiality levels and also testing levels help to address detection risk Eg (1) The auditor assigns -Inherent Risk (IR) as 100% (assume no control) - Control Risk (CR) as100 % (assume poor internal control system) - Acceptable Audit risk (AAR) as 5% for inventory & Warehousing Cycle. (the auditor wants to be 95% sure that audit result for this cycle is correct) What will be the Planned Detection Risk (PDR)? If AAR = IR x CR x PDR, Planned Detection Risk(DR)= Audit Risk (AR) Inherent Risk (IR) x Control Risk (CR)

PDR= 0.05 = 0.05=5% 1X1 Note: Both IR,CR are subjectively estimated by the auditor on the basis of his/her knowledge about various factors affecting these risks

.. Use of professional judgment & professional skepticism in applying Risk assessment procedures Eg (2) The auditor assigns - Acceptable Audit risk (AAR) as 5% , the auditor wants to be 95% sure that opinion is correct - Inherent Risk (IR) as 50% (based on assessing various factors) - Control Risk (CR) as 20 % (based on tests of control) What will be the Planned Detection Risk (PDR)? If AAR = IR x CR x PDR, Planned Detection Risk(DR)= Audit Risk (AR) Inherent Risk (IR) x Control Risk (CR) PDR= 0.05 = 0.5= 50% 0.5X0.2 Note: Assessing IR & CR as low increases Planned detection risk

Relationship between Risks and Evidences Relationships between Risks and Decisions about Audit Evidence Low Acceptable Audit Risk implies the need for more accuracy; eg AAR 5%, means, the auditor wants to be 95% accurate Higher IR and CR results in lower Planned Detection Risk (PDR) ie ; If the auditor assess higher IR and CR, it means, greater level of the audit work is required to lower the detection risk, so as to achieve the desired level of audit risk

Relationship between Risks and Evidences Relationships between Risks and Decisions about Audit Evidence Risk assessment should be performed by experienced staff Inherent Risk The lower the assessed level of inherent risk, the more the reliable evidence is needed for the audit Control Risk The lower the assessed level of control risk, the more the extensive test of control is needed than less tests of control Detection Risk The lower the assessed level of detection risk, the more the extensive substantive test is needed than less substantive tests Higher degree of professional judgment is needed

The Auditor’s Responses to Assessed Risks (ISA 330) The main objective of ISA 330 is to give guidance on how auditors should obtain sufficient appropriate evidence regarding the assessed risks of material misstatement by designing and implementing appropriate responses to those risks . Paragraph 6 of ISA 330 requires that: ‘The auditor shall design and perform further audit procedures whose nature, timing, and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level.’ ISA 330 requires that auditors should carry out tests of control and substantive procedures

… The Auditor’s Responses to Assessed Risks (ISA 330) .. The Auditor’s Responses to Assessed Risks (ISA 330) Tests of control - it is an audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level . Tests of control usually include short, quick tests which generate either a ‘yes’ or a ‘no’ answer , where ‘yes’ is favorable (confirming the operation of an internal control), and ‘no’ is unfavourable (indicating that an internal control is not operating satisfactorily). Tests of control – examples for a purchases system Consider when the auditor reviews a company’s purchases system and internal controls, and the assertion of occurrence (that recorded purchases represent goods and services received and which pertain to the entity).

An appropriate internal control would be that Purchase orders are raised for each purchase and are authorized by appropriate senior personnel. GRNs are prepared as an evidence for receiving Items Eg . A test of control for purchase include examining a sample of purchase orders to ensure that they have been appropriately authorised .

Identifying Significant Risks/Audit Areas .. The Auditor’s Responses to Assessed Risks (ISA 330) A ‘yes’ answer would confirm that the internal control requiring authorization of purchase orders is working, whereas a ‘no’ answer would indicate that the internal control does not appear to be working, hence requiring further audit investigation. Another example of a test of control for a purchases system would be - to inspect a sample of goods received notes to confirm that stores inwards staff sign for goods received . Once again, a ‘yes’ answer is positive, confirming that staff have signed the goods received note and a ‘no’ answer would be negative, requiring further audit work to be carried out to determine why the goods received note had not been signed . This test of control would also help to confirm the occurrence assertion.

…The Auditor’s Responses to Assessed Risks (ISA 330) .. The Auditor’s Responses to Assessed Risks (ISA 330 Substantive procedures - are audit procedures designed to detect material misstatements at the assertion level. Substantive procedures comprise 1. tests of details (of classes of transactions, account balances and disclosures) and 2. analytical procedures. As the name suggests, substantive procedures are more substantive and time consuming , requiring more detailed audit work to be carried out ISA 330 requires that the auditor shall always carry out substantive procedures on material items irrespective of the assessed risks of material misstatement, and that the auditor shall design and perform substantive procedures for each material class of transactions, account balance, and disclosure .

…The Auditor’s Responses to Assessed Risks (ISA 330) .. The Auditor’s Responses to Assessed Risks (ISA 330) Substantive procedures involves more work than tests of control . -Consider once again the example of the purchases system for a manufacturing company and the assertion of existence for account balances in the statement of financial position. Typical tests of detail would involve some physical verification of year-end balances outstanding , which would require obtaining and reviewing the ending purchase ledger account balances for a sample of purchase ledger accounts with selected suppliers.

Typically, this could include agreeing the ending balance figure to the supplier’s statement, or even possibly requesting third party confirmation by the supplier of the amount outstanding .

Cut-off testing - would also be typically carried out on year-end purchase ledger balances, which would involve obtaining a sample of pre- and post - year-end goods received notes and agreeing these to the matching pre- or post-year-end purchase invoices , to ensure that only goods received before the end of the accounting period were included. This test would also help to confirm the assertion of existence.

…The Auditor’s Responses to Assessed Risks (ISA 330) .. .. The Auditor’s Responses to Assessed Risks (ISA 330) Timing (when to apply audit procedures (tests of control or substantive procedures ) ISA 330 indicates that the auditor may perform tests of control or substantive procedures: at an interim date or at the period end . If substantive testing is performed at an interim date then additional substantive procedures alone or combined with tests of control are required for the intervening period. This will provide a reasonable basis for extending the audit conclusions from interim date to the period end.

The standard also indicates that, in general, the extent of audit procedures increases as the risk of material misstatement increases. (More risk-more audit procedures; Less risk, less audit procedures) When is it necessary to perform tests of control? The auditor should perform tests of controls if: There is a need to rely on the controls to reduce the level of substantive procedures conducted. Substantive tests alone are not adequate Inquiry alone is not sufficient for testing controls

…The Auditor’s Responses to Assessed Risks (ISA 330) .. .. The Auditor’s Responses to Assessed Risks (ISA 330) Rotational tests of contro ls are permitted in certain circumstances, when : there is a need to obtain evidence about whether the controls have changed using inquiry, observation, and inspection If controls have changed, rotation is not appropriate Auditors are required to test a control at least once every three years If several controls are rotationally tested, test some controls each year If the auditor is to relay on controls for significant risks, controls must be tested in the current year

Finalizing the Overall Audit Strategy and Audit Plan Finalizing the audit strategy and audit plan involves the following: Assessing Risks at FS level and Developing Responses Develop the detailed audit plan Assess risks at the relevant assertion level Develop the overall audit strategy Assess risks at the financial statement level

…Finalizing the Overall Audit Strategy and Audit Plan) Assess Risks at the Financial Statement Level Identify risks that are pervasive to the financial statements and potentially affect many assertions Assess the risk of material misstatement at the financial statement level Develop overall responses Document the risk assessment and the responses

…Finalizing the Overall Audit Strategy and Audit Plan) Develop the Overall Audit Strategy The overall audit strategy should include identification and evaluation of the following: Characteristics of the engagement that define its scope Reporting objectives of the engagement Important factors that determine audit focus Resources needed to perform the audit

……Finalizing the Overall Audit Strategy and Audit Plan Factors That Determine Audit Focus Materiality levels Overall risks and responses Preliminary identification of high risk audit areas Preliminary identification of material locations and accounts Whether the auditor plans to test and rely on controls Composition and deployment of the audit team

……Finalizing the Overall Audit Strategy and Audit Plan What is the Assertion Level? The “assertion level” is the level at which statements are presented as completely true . For example, management tells the auditor the financial statements show a true valuation of inventory, - the inventory reported on FS exists and can be checked –management are formally “asserting” this statement as being correct, so we call this at the “assertion level”. Assessing Risks at the Relevant Assertion Level This involves auditors identification of risks of material misstatement (due to error or fraud) for specific— Account balances Transaction classes Disclosures Auditors consider what can go wrong at the relevant assertion level

……Finalizing the Overall Audit Strategy and Audit Plan …Assessing Risks at the Relevant Assertion Level Assessing risks at the assertion level Are the risks of a magnitude that could result in material misstatement? What is the likelihood that the risks could result in material misstatement? Likelihood is a function of: ( 1) Inherent risk (2)Control risk Need a basis for the assessment Identify significant risks that require special audit consideration : Fraud risks Other significant risks • Significant risks often relate to : Significant economic, accounting, or other developments Complex, non-routine, or judgmental matters Transactions with related parties

……Finalizing the Overall Audit Strategy and Audit Plan …Assessing Risks at the Relevant Assertion Level Identify risks for which substantive procedures alone are not adequate Revise the risk assessment and reconsider planned audit procedures if audit evidence contradicts the original risk assessment Document the following: Risk assessment at the relevant assertion level Basis for the assessment Significant risks Risks for which substantive procedures alone are not adequate

……Finalizing the Overall Audit Strategy and Audit Plan The Detailed Audit Plan It consists the nature , timing , and extent of further audit procedures to respond to the risk assessment (i.e., the audit program) It provides linkage between the risk assessment and the responses at the assertion level Tailoring the audit program If Low RMM -Primarily analytical procedure, then -Some tests of details (required by SASs) If Low to Moderate RMM -Analytical procedure •Tests of details needed to respond to risk If Moderate to High RMM Tests of details and extended analytics •For audit areas or assertions with higher risk

……Finalizing the Overall Audit Strategy and Audit Plan Assess the Risk of Material Misstatement (RMM) Risk of Material Misstatement = Inherent Risk X Control Risk Using the RMM formula, we are assessing risk at the assertion level. Audit procedures are selected and performed in response to the calculated RMM.

……Finalizing the Overall Audit Strategy and Audit Plan) Overall responses ISA 330 lists the following overall responses that may be used by auditors in order to address the assessed risks of material misstatement at the financial statement level : Emphasizing to the audit team the need to maintain professional skepticism. Assigning more experienced staff , those with special skills, or using experts. Changes to the nature, timing and extent of direction and supervision of members of the engagement team and the review of the work performed . Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed.

……Finalizing the Overall Audit Strategy and Audit Plan …Overall responses Changes to the overall audit strategy as required by ISA 300 or planned audit procedures, and may include changes to : The auditor’s determination of performance materiality in accordance with ISA 320. The auditor’s plans to test the operating effectiveness of controls , and the persuasiveness of audit evidence needed to support the planned reliance on the operating effectiveness of the controls , particularly when deficiencies in the control environment or the entity’s monitoring activities are identified . The nature, timing and exten t of substantive procedures . For example, it may be appropriate to perform substantive procedures at or near the date of the financial statements when the risk of material misstatement is assessed as higher.

……Finalizing the Overall Audit Strategy and Audit Plan) The Input and Output The inputs in audit planning include all of the above audit risk assessment procedures. The outputs (sometimes called linkage) of the audit risk assessment process are: Audit strategy Audit plan (audit programs) The auditor tailors the strategy and plan according to the risk assessment

……Finalizing the Overall Audit Strategy and Audit Plan) ..The Input and Output Audit Strategy The audit strategy sets out in general terms: how the audit is to be conducted and sets the scope, timing and direction of the audit. The staffing issue The audit strategy then guides the development of the audit plan, which contains the detailed responses to the auditor’s risk assessment. An underpinning principle of audit planning under the Clarified ISAs is that the audit plan should contain detailed responses to the specific risks identified from obtaining an understanding of the audited entity Audit strategy and plan can be prepared side by side.

……Finalizing the Overall Audit Strategy and Audit Plan) ..The Input and Output Audit program An audit program is a collection of audit procedures for an audit area or an entire audit (for a component of F/S or entire F/S), each including sample size, item to choose and the timing of the sample Preparation of an audit program is part of planning an audit. It shows the steps in the audit process that helps to achieve the audit objectives, the work that has to be done It is prepared for each component of an audit (Audit program for cash, for receivables, for inventory..,) to guide the auditor: What procedure to apply, When to apply the procedure, How to apply and so on It is used as a base to assign auditors and also follow up the work It also reduces supervisor’s time spent on guiding new auditors

……Finalizing the Overall Audit Strategy and Audit Plan) ..The Input and Output Audit Plan The audit plan is a detailed programme giving instructions as to how each area of the audit will be conducted. The audit plan details the specific procedures to be carried out to implement the strategy and complete the audit. ISA 300 provides guidance on what should be included in the audit plan, stating that the audit plan should describe: the nature, timing and extent of planned risk assessment procedures the nature, timing and extent of planned further audit procedures at the assertion level other planned audit procedures that are required to be carried out so that the engagement complies with ISAs. Typically an audit plan will include sections dealing with business understanding, risk assessment procedures, planned audit procedures ie the responses to the risks identified and other mandatory audit procedures

……Finalizing the Overall Audit Strategy and Audit Plan Role of Risk Assessment Procedures

……Finalizing the Overall Audit Strategy and Audit Plan Common Errors in the Risk Assessment Process Risks identified in planning are not considered in the risk assessment. Fraud risks identified are not reflected in risk assessment and no audit response is prepared. Areas identified as significant in other planning steps are not identified as significant in the risk assessment planning . Audit responses developed to address identified risks are not reflected in the audit program. Audit procedures to be performed which are documented in the risk assessment are not added in the audit program . Low risk areas identified during risk assessment as areas being addressed using a limited approach are actually tested substantively with excessive audit procedures.

……Finalizing the Overall Audit Strategy and Audit Plan) Summary Auditors identify risk s and then respond to them Planning an audit involves more than just obtaining business understanding and performing risk assessment. Planning is a dynamic process that may evolve during the audit, and should always respond to changes in the circumstances of the audited entity. Adherence to the requirements of ISA 300 should result in a well-focused audit, staffed by appropriate personnel, performing relevant and appropriate audit procedures.

End of Chapter 3: Part II Questions Audit I YA AAUSC 2022

Audit_I_Chapter_3,_Pt_II,_Assessing_Risk_of_Material_Missstatement.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Audit_I_Chapter_3,_Pt_II,_Assessing_Risk_of_Material_Missstatement.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

Slide 62

Slide 63

Slide 64

Slide 65

Slide 66

Slide 67

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

Slide 73

Slide 74

Slide 75

Slide 76

Slide 77