UNDERSTANDING THE ENTITY AND IT’S ENVIRONMENT

PHASE 1-C: PERFORMANCE OF RISK ASSESSMENT PROCEDURES TO IDENTIFY/ASSESS RISK OF

MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY

I. Risk assessment procedures and sources of information about the entity and its environment,
including its internal control

II. Understanding the entity and its environment, including its internal control

III. Identifying and assessing of the risk of material misstatement

IV. Material weakness of internal control

V. Documentation

I. RISK ASSESSMENT PROCEDURES AND SOURCES OF INFORMATION ABOUT THE ENTITY AND ITS
ENVIRONMENT, INCLUDING ITS INTERNAL CONTROL

- Obtaining and understanding of the entity and its environment, including its internal control, is
continuous, dynamic process of gathering, updating and analyzing information throughout the
audit.

- The auditor also may choose to perform substantive procedures or test of controls concurrently
with risk assessment procedures because it is efficient to do so.

RISK ASSESSMENT PROCEDURES:

a) Inquiries of management and others within the entity;

b) Analytical procedures; and

c) Observation and inspection

INQUIRUES

 In addition, the auditor performs other audit procedures where the information obtained may
be helpful in identifying risk of material misstatement.

 Inquiries of other within the entity, such as production and internal audit personnel, and other
employees with different levels of authority, may be useful in providing the auditor with
different perspective in identifying risk of material misstatement.

ANALYTICAL PROCEDURES

 Analytical procedures may be helpful in identifying the existence of unusual transactions or

events, and amounts, ratios, and trends that might indicate matters that have financial
statement and audit implications.

 Accordingly, the auditor considers the result of such analytical procedures along with other
information gathered in identifying the risks of material misstatement.
OBSERVATION AND INSPECTION

 Observation and inspection may support inquiries of management and others, and also provide
information about the entity and its environment. Such audit procedures include the following;

 Observation of entity activities and operation

 Inspection of documents (such as business plans and strategies), records, and internal control
manuals

 Reading reports prepared by management and those charged by governance

 Visits to the entity’s premises and plant facilities;

 Tracing transactions through the information system relevant to financial reporting

II. UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT INCLUDING ITS INTERNAL CONTROL

- The auditor’s understanding of the entity and its environment consists of an understanding of
the following aspects;

(a) Relevant industry, regulatory, and other external factors including the applicable financial
reporting framework

(b) The nature of the entity

(c) The entity’s selection and application of accounting policies, including the reasons of changes
thereto

(d) The entity’s objectives and strategies and those related business risks that may result in risk of
material misstatement

(e) The measurement and review of the entity’s financial performance

INDUSTRY, REGULATORY AND OTHER EXTERNAL FACTORS, INCLUDING THE APPLICABLE

FINANCIAL REPORTING FRAMEWORK

The factors envisioned here include industry conditions, such as the competitive environment,
supplier and customer relationship, and technological developments.

Many firms have adopted a financial model to evaluate the client’s industry that considers the
attractiveness and other characteristics of the entity.

Concerning the overall attractiveness of the industry, they consider such factor as:

 Barriers to entry

 Strength of competitors

 Bargaining power of supplies of raw materials and labor

 Bargaining power of customers

- The industry in which the entity operates may give rise to specific risk of material misstatement
arising from the nature of the business or the degree of regulation.

- Legislative and regulatory requirements often determine the applicable financial reporting
framework to be used by management in preparing the entity’s financial statement.

- Examples of matters an auditor may consider the following;

Industry Conditions

- The market and competition, including demand, capacity, and price competition

- Cyclical or seasonal activity

- Product technology relating to the entity’s products

- Energy supply and cost

Regulatory environment

- Accounting principles and industry specific practices

- Regulatory framework for a regulated industry

- Legislation and regulation that significantly affect the entity’s operations

- Regulatory requirements

- Direct supervisory activities

- Taxation ( corporate and other )

- Government policies currently affecting the conduct of the entity’s business

- Monetary, including foreign exchange controls

- Fiscal; Financial incentives

- Tariffs, trade restrictions

- Environmental requirements affecting the industry and the entity’s business

Other external factors currently affecting the entity’s business

- General level of economic activity (recession and growth)

- Interest rates and availability of financing

- Inflation, currency revaluation

B. NATURE OF ENTITY

Using a manufacturing company as an example: the auditors will obtain an understanding of:

 The processes use to procure store and manage raw materials.

 The processes used to machine, assemble, package and test products.

 The processes used to create demand for products and services and to manage relations with
customers.

 The processes used to establish contract terms and to bill and collect receivables.

 The processes use to take orders and deliver goods.

 The activities performed after the goods and services have been delivered.

 The processes used to acquire and maintain human resources and technology, including
research and development.

Examples of matters an auditor may consider include the following:

BUSINESS OPERATIONS

 Nature of revenue sources

 Products or services and markets

 Conduct of operations

 Alliances, Joint ventures and outsourcing activities

 Involvement in electronic commerce, including internet sales and marketing activities.

 Location of productions facilities, warehouse and offices

 Important suppliers of goods anf services

 Research and development activities

 Transaction with related parties

INVESTMENTS

 Acquisitions, mergers or disposal of business activities

 Investments and disposition of securities and loans

 Capital investments activities, including investments in plant and equipment and technology and
any recent or planned changes

FINANCING

 Group structure

 Leasing of property, plant or equipment for use in the business

 Beneficial owners

 Related parties

 Use of derivative financial instrument

FINANCIAL REPORTING

 Accounting principles and industry specific practices

 Revenue recognition practices

 Accounting for fair value

 Inventories

 Foreign currency assets, liabilities and transactions


OBJECTIVES AND STRATEGIES AND RELATED BUSINESS RISK
The auditor should obtain an understanding of the entity’s objectives and strategies, and the
related business risk that may result in in material misstatements of the financial statements.

 Understanding for entity’s objectives, strategies and business risk are important because the
risk of material misstatement is often associated with an entity’s business risk.

 Objectives

 Strategies

 Business Risk

Existence of objectives

For examples:

 Industry developments
New products and services

 Expansion of the business

 New accounting requirements

 Regulatory requirements

 Use of IT

 Effects of implementing a strategy, particular any effects that will lead to new accounting
requirements.

 D. MEASUREMENT AND REVIEW OF THE ENTITY’S FINANCIAL PERFORMANCE

The auditor should obtain an understanding of the measurement and review of the entity’s
financial performance.

 Performance measures, whether external or internal, create pressures on the entity that, in
turn, may motivate management to take action to improve the business performance or to
misstate the financial statements.

 Management may use a variety of techniques to measure and review performance, such as
budgets, key performance indicators, variance analysis, and segment performance reports.
 The methods of measuring and reviewing performance are important to the auditors in
determining the incentives of management and other employees because their compensation is
often tied to the measures.

 Obtaining an understanding of the entity’s performance measures assists the auditor in

considering whether such pressures result in management actions that may have increased the
risks of material misstatement.

 Internally-generated information used by management for this purpose may include key
performance indicators (financial and non-financial), budgets, variance analysis, segment
information and divisional, departmental or other level performance reports, and comparisons
of an entity’s performance with that of competitors. External parties may also measure and
review the entity’s financial performance.

 Internal measures may highlight unexpected results or trends requiring management’s inquiry
of others in order to determine their cause and take corrective action (including in some cases,
the detection and correction of misstatements on a timely basis). Performance measures may
also indicate to the auditor a risk of misstatement of related financial statement information.

Examples of matters an auditor may consider include the following:

 Key ratios and operating statistics

 Key performance indicators

 Employee performance measures and incentive compensation policies

 Trends

 Use of forecasts, budgets and variance analysis

 Analyst reports and credit rating reports

 Competitor analysis

 Period-on-period financial performance

 UNDERSTANDING THE CLIENT”S INTERNAL CONTROL

Internal control is designed to provide reasonable assurance of achieving objectives related to
reliable financial reporting, efficiency and effectiveness of operations, and compliance with
applicable laws and regulations.

 The nature and extent of the audit work to be performed on a particular engagement depend
largely upon the effectiveness of the client’s internal control in preventing or detecting material
misstatements in the financial statements.

III. IDENTIFYING AND ASSESSING THE RISK OF MATERIAL MISSTATEMENT

The auditor identify and assess the risks of material misstatement at the financial statement level,
and at the assertion level for classes of transactions, account balances, and disclosures. For this
purpose, the auditor:
 Identifies risks throughout the process of obtaining an understanding of the entity and its
environment, including relevant controls that relate to the risks, and by considering the classes
of transactions, account balances, and disclosures in the financial statements;

 Relates the identified risks to what can go wrong at the assertion level;

 Considers whether the risks are of a magnitude that could result in a material misstatement of
the financial statements; and

 Considers the likelihood that the risks could result in a material misstatement of the financial
statements.

 The auditor should determine which of the risks identified are, in the auditor’s judgment, risks
that require special audit consideration (such risks are defined as “significant risks”).

 The determination of significant risks, which rise on most audits, is a matter for the auditor’s for
the auditor’s professional judgment.

 In considering the nature of the risks, the auditor considers a number of matters, include the
following:

 Whether the risk is a risk of fraud.

 Whether the risk is related to recent significant economic, accounting or other

developments and, therefore, requires specific attention.

 The complexity of transactions.

 Whether the risk involves significant transactions with related parties.

 The degree of subjectivity in the measurement of financial information .

 Whether the risk involves significant transactions.

 Significant risks often relate to significant non-routine transactions and judgmental matters.

 Non-routine transactions are transactions that are unusual, either due to size or
nature, and that therefore occur infrequently.

 Judgmental matters may include the development of accounting estimates for

which there is significant measurement uncertainty.

 Risks of material misstatement may be greater for risks relating to significant non-routine
transactions arising from matters such as the following:

 Greater management intervention to specify the accounting treatment.

 Greater manual intervention for data collection and processing.

 Complex calculations or accounting principles.

 The nature of non-routine transactions, which may make it difficult for the
entity to implement effective controls over the risks.
 Risks of material misstatement may be greater for risks relating to significant judgmental
matters that require the development of accounting estimates, arising from matters such as the
following:

 Accounting principles for accounting estimates or revenue recognition may be

subject to differing interpretation.

 Required judgment may be subjective, complex or require assumption about

the effects of future events, for example, judgment about fair value.

 The following are examples of conditions and events that may indicate the existence of risks of
material misstatement.

 Operations in regions that are economically stable.

 Operations exposed to volatile markets, for example, futures trading.

 High degree of complex regulation.

 Going concern and liquidity issues including loss of significant customers.

 Constraints on the availability of capital and credit.

 Changes in the industry in which the entity operates.

 Changes in the supply chain.

 Developing or offering new products or services, or moving into new lines of

business.

 Expanding into new locations.

 Changes in the entity such as large acquisitions or reorganizations or other

unusual events.

 Entities or business segments likely to be sold.

 Complex alliances and joint ventures.

 Use of off-balance-sheet finance, special-purpose entities, and other complex

financing arrangements.

 Significant transactions with related parties.

 Lack of personnel with appropriate accounting and financial reporting skills.

 Changes in key personnel including departure of key executives.

 Weaknesses in internal control, especially those not addressed by management.

 Inconsistencies between the entity’s IT strategy and its business strategies.

 Changes in the IT environment.

 Installation of significant new IT systems related to financial reporting.

  Inquiries into the entity’s operations of financial results by regulatory or
government bodies.

 Past misstatements, history of errors or a significant amount of adjustments at

period end.

 Application of new accounting pronouncements.

 Accounting measurements that involve complex processes.

 MATERIAL WEAKNESS IN INTERNAL CONTROL

The auditor shall evaluate whether, on the basis of the audit work performed, the auditor has
identified a material weakness in the design, implementation or maintenance of internal
control.

 The auditor shall communicate material weakness in internal control identified during the audit
on a timely basis to management at an appropriate level of responsibility.

TYPES OF MATERIAL WEAKNESS IN INTERNAL

 Risk of material misstatement

 A weakness in the entity’s risk assessment process

 MATERIAL WEAKNESS may also be identified in controls that prevent, or detect and correct,
error, or those to prevent and detect fraud.

DOCUMENTATION
The auditor should document:

a) The discussion among the engagement team

b) Key element of understanding obtained regarding each of the aspects of the entity and its
environment

c) The identified and assessed risk of material misstatement at the financial statement level and
the assertion level

d) The risk identified and related controls

AUDIT DOCUMENTATION provides guidance regarding documentation in the context of the audit of
financial statements.

F. ASSESSING INHERENT RISK AND CONTROL RISK AT THE ASSERTION LEVEL

 In performing audits, auditor test the validity of financial statements assertions.

 At the assertion level, a misstatement is material if it exceeds the tolerable misstatement

specified for the assertion. The risk that a financial statement assertion is materially misstated is
frequently referred to as risk of the assertion level.

 AUDIT RISK refers to the possibility that the auditors fail to appropriately modify their opinion
on financial statements that are materially misstated.
 INHERENT RISK- is the susceptibility of an account balance or class of transactions to
misstatement that could be material, individually or when aggregated with misstatement in
other balances or classes, assuming there are no related internal controls.

 CONTROL RISK- is the risk that a misstatement, that could occur in an account balance or class of
transactions and that could be material. It will not be prevented-or-detected and corrected on a
timely basis by the accounting and internal control systems.

 DETECTION RISK- is the risk that an auditor’s substantive procedures will not detect a
misstatement that exists.

At the Financial Statement Level

 The integrity of the management.

 The management experience or knowledge and changes in management.

 Unusual pressures on management.

 The nature of the entity’s business.

 Factors affecting the industry in which the entity operates.

At the Account Balance and Class of Transaction Level

 Financial statement accounts likely to be susceptible to misstatement.

 The complexity of underlying transactions and other events which might require using the work
of an expert.

 The degree of judgment involved in determining account balances.

 Susceptibility of assets to loss or misappropriation.

 The completion of unusual and complex transactions.

 Transactions not subjected to ordinary processing.

Certain characteristics of the client and its industry affect the inherent risk.

 Inconsistent profitability relative to the industry.

 Operating results that are highly sensitive to economic factors

 Going concern

 Large known likely misstatements detected in prior audits, and

 Substantial turnover, questionable reputation, or inadequate accounting skills of management.

Specific accounts and assertions differ in their inherent risk.

• Difficult to audit transactions or balances

• Complex calculations,
• Difficult accounting issues,

• Significant judgment, or

• Valuation that vary significantly based on economic factors

CONTROL RISK

 This is the risk that a material error in an account will not be prevented or detected on a timely
basis by the client’s system of internal control. This can never be zero because internal control
systems cannot provide complete assurance that all material errors will be prevented or
detected.

 To assess control risk auditor’s study the methods and procedures by which the company
controls its accounting processes.

PRELIMINARY ASSESSMENT OF CONTROL RISK

 The process of evaluating the effectiveness of an entity’s accounting and internal control
systems.

 The auditor should make a preliminary assessment of control risk, at the assertion level, for each
material account balance or class of transactions.

The preliminary assessment of control risk for a financial statement assertion should be
high unless the auditor:

a) Is able to identify internal controls relevant to the assertion which are likely to prevent or
detect, and correct a material misstatement; and

b) Plans to perform tests of control to support the assessment.

DETECTION RISK

 This refers to the risk that the auditor’s examination will not detect a material error in an
account balance.

 In estimating the detection risk, the auditor should consider the likelihood that he will make an
error, such as misinterpreting the evidence obtained or misapplying an auditing procedure.

 Some detection risk would always be present even if an auditor were to examine 100% of the
account balance or class of transaction.

The auditor should consider the assessed level of inherent and control risks in
determining the nature, timing and extent of substantive procedures required to reduce audit
risk to an acceptably low level. The auditor would consider:

(a) The nature of the substantive procedures

(b) The timing of substantive procedures

(c) The extent of substantive procedures

Step 1 Determined planned audit risk
Plan the audit risk for each financial statement assertion. This is referred to as planned audit risk or
acceptable audit risk. In assessing acceptable audit risk, the auditor must assess each of the factors
affecting it.

The factors to be considered on assessing acceptable audit risk and the methods used by auditors are as
follows:

Step 2: Assess inherent risk

The assessment of inherent risk implies that the auditor attempts to predict where misstatements
are most and least likely in the financial statements segments. There is always some risk that the
client has made misstatements that are individually or collectively large enough to make the
financial statements misleading.

 Nature of the client’s business

 Integrity of management

 Results of previous audits

 Initial versus repeat engagement

 Related parties

 Nonroutine transactions

 Susceptibility to defalcation

 Judgment required to correctly record account balances and transactions

 Made up of population

Step 3 Assess control risk

Control risk represents:
Assessment whether internal controls are effective The auditor’s intention to make the assessment
below 100% as part of the audit plan.

o Obtaining an understanding of internal control

o Evaluate how well it should function

o Test the internal control for effectiveness

STEP 4: Determine allowable Detection Risk

Planned Detective Risk is the amount of risk the auditor can allow for an assertion or a measure of
the risk that audit evidence for a segment will fail to detect misstatements exceeding a tolerable
amount, should such misstatement exist.

 key points:
It is dependent on the other three factors in the model.

 It determines the amount of substantial evidence that the auditor plans to accumulate
PDR can be computed using the equation:

PDR= AAR / (IR x CR)

Where:

PDR- Planned Detection Risk

AAR- Acceptable Audit Risk

IR- Inherent Risk

CR- Control Risk

The audit risk model for evaluating audit result is:

AcAR= IR x CR x AcDR

Where:

AcAR- Achieved Audit Risk

IR- Inherent Risk

CR- Control Risk

AcDR- Achieved Detection Risk

Three ways to reduce achieved audit risk to an acceptable level:

1. Reduced Inherent Risk

2. Reduced Control Risk

3. Reduced achieved Detection Risk by increasing substantive audit test

AUDIT RISK IN THE SMALL BUSINESS

The auditor needs to obtain the same level of assurance in order the same level of assurance in
order to express an unqualified opinion on the financial statements of both small and large entities.
However, many internal controls which would be relevant to large entities are not practical in small
business.