Professional Documents
Culture Documents
Understanding The Entity and It
Understanding The Entity and It
I. Risk assessment procedures and sources of information about the entity and its environment,
including its internal control
II. Understanding the entity and its environment, including its internal control
V. Documentation
I. RISK ASSESSMENT PROCEDURES AND SOURCES OF INFORMATION ABOUT THE ENTITY AND ITS
ENVIRONMENT, INCLUDING ITS INTERNAL CONTROL
- Obtaining and understanding of the entity and its environment, including its internal control, is
continuous, dynamic process of gathering, updating and analyzing information throughout the
audit.
- The auditor also may choose to perform substantive procedures or test of controls concurrently
with risk assessment procedures because it is efficient to do so.
INQUIRUES
In addition, the auditor performs other audit procedures where the information obtained may
be helpful in identifying risk of material misstatement.
Inquiries of other within the entity, such as production and internal audit personnel, and other
employees with different levels of authority, may be useful in providing the auditor with
different perspective in identifying risk of material misstatement.
ANALYTICAL PROCEDURES
Accordingly, the auditor considers the result of such analytical procedures along with other
information gathered in identifying the risks of material misstatement.
OBSERVATION AND INSPECTION
Observation and inspection may support inquiries of management and others, and also provide
information about the entity and its environment. Such audit procedures include the following;
Inspection of documents (such as business plans and strategies), records, and internal control
manuals
II. UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT INCLUDING ITS INTERNAL CONTROL
- The auditor’s understanding of the entity and its environment consists of an understanding of
the following aspects;
(a) Relevant industry, regulatory, and other external factors including the applicable financial
reporting framework
(c) The entity’s selection and application of accounting policies, including the reasons of changes
thereto
(d) The entity’s objectives and strategies and those related business risks that may result in risk of
material misstatement
The factors envisioned here include industry conditions, such as the competitive environment,
supplier and customer relationship, and technological developments.
Many firms have adopted a financial model to evaluate the client’s industry that considers the
attractiveness and other characteristics of the entity.
Concerning the overall attractiveness of the industry, they consider such factor as:
Barriers to entry
Strength of competitors
- Legislative and regulatory requirements often determine the applicable financial reporting
framework to be used by management in preparing the entity’s financial statement.
Industry Conditions
- The market and competition, including demand, capacity, and price competition
Regulatory environment
- Regulatory requirements
B. NATURE OF ENTITY
Using a manufacturing company as an example: the auditors will obtain an understanding of:
The processes used to create demand for products and services and to manage relations with
customers.
The processes used to establish contract terms and to bill and collect receivables.
The activities performed after the goods and services have been delivered.
The processes used to acquire and maintain human resources and technology, including
research and development.
BUSINESS OPERATIONS
Conduct of operations
INVESTMENTS
Capital investments activities, including investments in plant and equipment and technology and
any recent or planned changes
FINANCING
Group structure
Beneficial owners
Related parties
Inventories
OBJECTIVES AND STRATEGIES AND RELATED BUSINESS RISK
The auditor should obtain an understanding of the entity’s objectives and strategies, and the
related business risk that may result in in material misstatements of the financial statements.
Understanding for entity’s objectives, strategies and business risk are important because the
risk of material misstatement is often associated with an entity’s business risk.
Objectives
Strategies
Business Risk
Existence of objectives
For examples:
Industry developments
New products and services
Regulatory requirements
Use of IT
Effects of implementing a strategy, particular any effects that will lead to new accounting
requirements.
Performance measures, whether external or internal, create pressures on the entity that, in
turn, may motivate management to take action to improve the business performance or to
misstate the financial statements.
Management may use a variety of techniques to measure and review performance, such as
budgets, key performance indicators, variance analysis, and segment performance reports.
The methods of measuring and reviewing performance are important to the auditors in
determining the incentives of management and other employees because their compensation is
often tied to the measures.
Internally-generated information used by management for this purpose may include key
performance indicators (financial and non-financial), budgets, variance analysis, segment
information and divisional, departmental or other level performance reports, and comparisons
of an entity’s performance with that of competitors. External parties may also measure and
review the entity’s financial performance.
Internal measures may highlight unexpected results or trends requiring management’s inquiry
of others in order to determine their cause and take corrective action (including in some cases,
the detection and correction of misstatements on a timely basis). Performance measures may
also indicate to the auditor a risk of misstatement of related financial statement information.
Trends
Competitor analysis
The nature and extent of the audit work to be performed on a particular engagement depend
largely upon the effectiveness of the client’s internal control in preventing or detecting material
misstatements in the financial statements.
Relates the identified risks to what can go wrong at the assertion level;
Considers whether the risks are of a magnitude that could result in a material misstatement of
the financial statements; and
Considers the likelihood that the risks could result in a material misstatement of the financial
statements.
The auditor should determine which of the risks identified are, in the auditor’s judgment, risks
that require special audit consideration (such risks are defined as “significant risks”).
The determination of significant risks, which rise on most audits, is a matter for the auditor’s for
the auditor’s professional judgment.
In considering the nature of the risks, the auditor considers a number of matters, include the
following:
Significant risks often relate to significant non-routine transactions and judgmental matters.
Non-routine transactions are transactions that are unusual, either due to size or
nature, and that therefore occur infrequently.
Risks of material misstatement may be greater for risks relating to significant non-routine
transactions arising from matters such as the following:
The nature of non-routine transactions, which may make it difficult for the
entity to implement effective controls over the risks.
Risks of material misstatement may be greater for risks relating to significant judgmental
matters that require the development of accounting estimates, arising from matters such as the
following:
The following are examples of conditions and events that may indicate the existence of risks of
material misstatement.
The auditor shall communicate material weakness in internal control identified during the audit
on a timely basis to management at an appropriate level of responsibility.
MATERIAL WEAKNESS may also be identified in controls that prevent, or detect and correct,
error, or those to prevent and detect fraud.
DOCUMENTATION
The auditor should document:
b) Key element of understanding obtained regarding each of the aspects of the entity and its
environment
c) The identified and assessed risk of material misstatement at the financial statement level and
the assertion level
AUDIT DOCUMENTATION provides guidance regarding documentation in the context of the audit of
financial statements.
AUDIT RISK refers to the possibility that the auditors fail to appropriately modify their opinion
on financial statements that are materially misstated.
INHERENT RISK- is the susceptibility of an account balance or class of transactions to
misstatement that could be material, individually or when aggregated with misstatement in
other balances or classes, assuming there are no related internal controls.
CONTROL RISK- is the risk that a misstatement, that could occur in an account balance or class of
transactions and that could be material. It will not be prevented-or-detected and corrected on a
timely basis by the accounting and internal control systems.
DETECTION RISK- is the risk that an auditor’s substantive procedures will not detect a
misstatement that exists.
The complexity of underlying transactions and other events which might require using the work
of an expert.
Certain characteristics of the client and its industry affect the inherent risk.
Going concern
• Complex calculations,
• Difficult accounting issues,
• Significant judgment, or
CONTROL RISK
This is the risk that a material error in an account will not be prevented or detected on a timely
basis by the client’s system of internal control. This can never be zero because internal control
systems cannot provide complete assurance that all material errors will be prevented or
detected.
To assess control risk auditor’s study the methods and procedures by which the company
controls its accounting processes.
The process of evaluating the effectiveness of an entity’s accounting and internal control
systems.
The auditor should make a preliminary assessment of control risk, at the assertion level, for each
material account balance or class of transactions.
The preliminary assessment of control risk for a financial statement assertion should be
high unless the auditor:
a) Is able to identify internal controls relevant to the assertion which are likely to prevent or
detect, and correct a material misstatement; and
DETECTION RISK
This refers to the risk that the auditor’s examination will not detect a material error in an
account balance.
In estimating the detection risk, the auditor should consider the likelihood that he will make an
error, such as misinterpreting the evidence obtained or misapplying an auditing procedure.
Some detection risk would always be present even if an auditor were to examine 100% of the
account balance or class of transaction.
The auditor should consider the assessed level of inherent and control risks in
determining the nature, timing and extent of substantive procedures required to reduce audit
risk to an acceptably low level. The auditor would consider:
The factors to be considered on assessing acceptable audit risk and the methods used by auditors are as
follows:
Integrity of management
Related parties
Nonroutine transactions
Susceptibility to defalcation
Made up of population
Planned Detective Risk is the amount of risk the auditor can allow for an assertion or a measure of
the risk that audit evidence for a segment will fail to detect misstatements exceeding a tolerable
amount, should such misstatement exist.
key points:
It is dependent on the other three factors in the model.
It determines the amount of substantial evidence that the auditor plans to accumulate
PDR can be computed using the equation:
Where:
AcAR= IR x CR x AcDR
Where:
The auditor needs to obtain the same level of assurance in order the same level of assurance in
order to express an unqualified opinion on the financial statements of both small and large entities.
However, many internal controls which would be relevant to large entities are not practical in small
business.