CHAPTER 10 Risk of the assertion level

PSA 315 (Clarified) - risk that a financial statement assertion is

- deals with the auditor’s responsibility to identify
and assess the risks of material misstatements in the
financial statements, through understanding of the
entity and its environment, including its internal
control.
Risk assessment procedures
- audit procedures to obtain an understanding
- it may be used as auditor as audit evidence to
support assessments of the risks of material
misstatement.
Analytical Procedures
- helpful in identifying the existence of unusual
transactions or events, and amounts, ratios, and
trends that might indicate matters that have financial
statement and audit implications.
Observation and Inspection
- support inquiries of management and others and
provide information about the entity and its
environment.
Internal Control
- designed to provide reasonable assurance of
achieving objectives related to reliable financial
reporting, efficiency and effectiveness of
operations, and compliance with applicable laws
and regulations
The auditor should identify and assess the risks
of material misstatement at the financial
statement level, and at the assertion level for
classes of transactions, account balances, and
disclosures.
materially misstated
- a misstatement is material if it exceeds the
tolerable misstatement specified for the assertion
Audit risk
- possibility that the auditors fail to appropriately
modify their opinion on financial statements that are
materially misstated
Inherent risk
- susceptibility of an account balance, or class of
transactions to misstatement that could be material,
individually or when aggregated with misstatements
in other balances or classes, assuming there are no
related internal controls.
Control risk
- risk that a misstatement, that could occur in an
account balance or class of transactions and that
could be material, will not prevented or detected
and corrected on a timely basis by the accounting
and internal control systems.
Detection risk
- risk that an auditor’s substantive procedures will
not detect a misstatement that exists in an account
balance or class of transactions that could be
material, individually or when aggregated with
misstatements in other balances or classes.
- risk that the auditors will not detect the
misstatement
Mathematically, the auditing standards state the
relationship between audit risk and its components
as:
Audit risk = Inherent risk x Control risk x Detection
risk
Preliminary Assessment of Control Risk
- process of evaluating the effectiveness of an
entity’s accounting and internal control systems in
preventing or detecting and correcting material
misstatements.
Audit risk model
- auditors use this relationship to determine the
nature, timing, and extent of audit procedures to
manage and control audit risk.
Planned audit risk/ Acceptable audit risk
- an auditor plans audit risk for each financial
statement assertion so that he/she will be able to
express an opinion on the financial statements taken
as a whole with an appropriate low level of audit
risk.
Assess inherent risk
- implies that the auditor attempts to predict where
misstatements are most and least likely in the
financial statement segments.
Allowable detection risk/ Planned detection risk
- amount of risk the auditor can allow for an
assertion or a measure of the risk that audit evidence
for a segment will fail to detect misstatements
exceeding a tolerable amount, should such
misstatements exist.
Achieved audit risk
- A measure of the risk the auditor has taken that an
account in the financial statements is materially
misstated after the auditor has accumulated audit
evidence.
Achieved detection risk
- A measure of the risk that audit evidence for a
segment did not detect misstatement exceeding a
tolerable amount if such misstatements existed.
CHAPTER 11
Internal control
- PSA 315 paragraph 4 (c), the process and effected
by those charged with governance, management,
and other personnel to provide reasonable assurance
about the achievement of the entity’s objectives
with regard to reliability of financial reporting,
effectiveness and efficiency of operations and
compliance with applicable laws and regulations.
- Designed and implemented to address identified
business risk that threaten the achievement of any of
these objectives:
1. Reliability of the entity’s financial reporting
2. Effectiveness and efficiency of operations
3. Compliance with applicable laws and
regulations
Internal control system
- means all the policies and procedures adopted by
the management of an entity to assist in achieving
management’s objective of ensuring, as far as
practicable, the orderly and efficient conduct of its
business, including adherence to management
policies, the safeguarding of assets, the prevention
and detection of fraud and error, the accuracy and
completeness of the accounting records, and the
timely preparation of reliable financial information.
Control environment
- the overall attitude, awareness and actions of
directors and management regarding the internal
control system and its importance in the entity
- sets the tone and provides discipline and structure
- the collective effect on an entity’s board,
management, and owner’s on establishing,
enhancing, or mitigating the effectiveness of
specific control policies or procedures.
Risk assessment
- Management’s efforts to identify, analyze, and
manage risks pertaining to the preparation of
financial statements.
- may focus on how the entity considers the
possibility of transactions not being recorded or
identifies and assess significant estimates recorded
in the financial statements
Control activities
- policies and procedures to ensure that necessary
actions are taken to address risks to the achievement
of preparing reliable financial statements
- pertain to performance physical controls, and
segregation of duties
Information and communication
- the entity’s information system and procedures for
communicating matters related to the processing of
accounting data
- generates the financial statements
Information system
- consists of infrastructure, software, people,
procedures, and data
Monitoring
- the process an entity uses to assess the quality of
internal control over time
- involves assessing the design and operation of
controls on a timely basis and taking corrective
action as necessary
Internal Accounting Questionnaire Flowchart
- contains a series of questions designed to detect - a symbolic diagram of a specific part of an
control weaknesses. internal accounting control system indicating the
- Most questionnaires are designed to yes or no, or sequential flow of data and/ or authority.
not applicable answers to the questions. - an internal flowchart uses standardized
Advantages symbols, interconnecting lines, and annotations
to represent information, documents, and
 Provide audit assurance that attention is
document flow.
given to presence or absence of all controls
- provides pictorial overview of client’s internal
listed and that certain features of the system
control activities
are not overlooked
- illustrates the interaction of individuals,
 Provide a means of obtaining uniform
records and controls related to a particular
documentation of internal control system
department
reviewed
Advantages
 Provide inexperienced audit staff members
with guidance in performing internal control  Easily understood
reviews  Better overall picture or complex system
 Facilitate the early detection of potential  Parallels EDP documentation
weakness in the system\  It is easy to update

Disadvantages Disadvantages

 Auditor may view the questionnaire device  Higher level of knowledge and training are
for accomplishing an automatic evaluation required to prepare a good flowchart of a
of internal control complex system
 Controls listed on questionnaires may not  Flowcharts take more time to prepare and
suit the particular circumstances of a require more knowledge
specific audit  It is more difficult to spot internal control
 The auditor may overlook pertinent control weakness
not included in the questionnaires
Narrative description
- written description of a particular phase or phases
or a control system
Advantages

 Narrative is flexible and may be tailor-made

for engagement
  Requires a detailed analysis and thus forces
auditor to understand functioning of the
system

Disadvantages

 Auditor may not have the ability to describe

the system correctly and concisely
 This may require more time and careful
study
 Auditor may overlook important portions of
internal control system
 A poorly written internal accounting control
narrative can lead to a misunderstanding of
the system thus resulting in the improper
design and application of compliance tests