Professional Documents
Culture Documents
Apd 5 Notes
Apd 5 Notes
Risk-based audit
Important elements - interrelated
1. Risk
2. Materiality
- Elements that would not be given much emphasis must not be materially misstated
Phases
1. Risk assessment - 300 series standards
a. Preliminary Planning
i. Management of client acknowledges responsibilities in reporting
ii. Management of client acknowledges responsibility in internal controls
iii. Provide the auditor unrestricted access to evidence within the entity
iv. Ethical compliance
b. Planning proper
2. Risk response
a. Tests of control - compliance tests
b. Substantive tests - direct tests
3. Risk reporting
a. Completing the audit
b. Issuance of opinion
c. Post audit responsibilities
Extent of planning
1. Size of the entity
2. Complexity of the audit
3. Auditor’s experience with the entity
4. Changes in circumstances that occur during the audit engagement
Planning matters
1. Brainstorming/planning conference - discussion among members
2. Analytical procedures to be applied as risk assessment procedures
a. Ratio analysis - least costly
Scope of audit
Risk assessment procedures - getting to know the integrity issues of the management to assess
if we will accept the engagement, assessment of the risk of the entity; always required to be
performed
- Analytical procedures - required
- Inquiry procedures - predecessor auditor
- Inspection of records and documents
- Observation
Tests of control - determine the nature, timing, and extent of substantive procedures; compliance
testing
- Reperformance - walkthrough
- Recalculation
- Inquiry
- Inspection of records and documents
- Observation - limited
Substantive procedures - detects the level of misstatements; always required to be performed
- Analytical - not required, but recommended
- Confirmation - receivables
- Positive - in all cases, confirmation is needed to be received
- Negative
- Recalculation
- Inquiry - third parties
- Inspection of assets
- Inventory test count
- Observation
Three categories
1. Classes of transactions
2. Balance sheet accounts
3. Notes to financial statements
Audit planning
1. Overall audit strategy
a. Determining the characteristics of engagement
b. Reporting objectives of the engagement to plan the timing of audit and nature of
communications
c. Considering the important factors that will determine the focus of the engagement
team’s efforts
2. Detailed audit plan
a. Description of the nature, timing, and extent of planned risk assessment
procedures
b. Description of the nature, timing, and extent of planned further audit procedures
c. Other procedures required by PSAs
Audit program
- Set of audit procedures specifically designed for each audit
- Includes both substantive tests and tests of control
- Enables the auditor to express an opinion on the financial statements taken as a whole
- When the auditor gives an opinion, it should be for the entirety of the FS as a
complete set, and not for a specific FS
Steps
1. Obtain an understanding of the entity and its environment (IINOM)
a. Internal control
b. Industry condition
i. Understand the entity’s market, competition, market condition, and price
competition
ii. Understand the regulatory environment
iii. Economy-wide factors
iv. Business operations, including related party transactions
v. Investments
vi. Financing
1. Debt structure
2. Group structure
3. Leasing of property
4. Beneficial owners
5. Use of derivatives
vii. Financial reporting
c. Nature of entity
d. Objectives, strategies, and risks
i. Objectives - overall plans of the entity as defined by those charged with
governance and management; risks are those that will negate the
objectives and are uncontrollable, only remedy is to assess
1. Financial reporting risks
a. Inherent - risk of material misstatement
b. Control - risk that a material misstatement could occur and
not be prevented
c. Detection risk - controllable; risk that the auditor will fail to
detect a material misstatement that exists in relevant
assertion, remedy is to solve/measure
2. Operational risks
3. Compliance risks
ii. Strategies - operational approaches; used to mitigate or counter risks
iii. Business risks - result from significant conditions or events that could
adversely affect the entity’s ability to achieve its objectives and execute its
strategies
e. Measurement and review of financial performance
i. Key ratios
ii. KPIs
iii. Employee performance measures
2. Performing analytical procedures
3. Consideration of fraud in audit planning
a. PSA 240 - The Auditor’s Responsibilities relating to Fraud in an Audit of Financial
Statements
b. When obtaining an understanding of the entity and its environment, the auditor
c. Fraud risk triangle - RIO/PAO
i. Incentive
ii. Opportunity
iii. Attitude/rationalization
d. Two fraudsters
1. Management - fraudulent financial reporting, more impactful
2. Employee - misappropriation of assets
4. Identifying and assessing the risk of material misstatements through understanding the
entity and its environment
a. Audit risk model
i. Obtain understanding of entity and assess level of business risks
● Measuring audit risk: AR = IR x CR x DR(overall audit
strategy)
a. Audit risk is set by the auditor; inversely related with
inherent risk and control risk; directly related to detection
risk
b. Inherent and control risk is assessed by the auditor; directly
related with level of substantive test; inversely related to
audit and detection risk
c. Detection risk is measured by the auditor; inversely related
to audit risk
i. Quantitative
ii. Qualitative
1. Ordinals
a. High
b. Medium
c. Low
● Modify
PSA 315
● In performing an audit of FS, the auditor should have or obtain a knowledge of the
business sufficient to enable the auditor to identify and understand the events,
transactions,and practice, that, in the auditor’s judgement, may have a significant effect
on the financial statement or on the examination or audit report
● General knowledge of the economy and industry within which the entity operates
● Specific knowledge of how the entity operates
● Level of knowledge of the auditor should be less than that of management
PSA 520 - Analytical procedures - study and comparison of relationships among data to identify
expected or unexpected fluctuations and other unusual items
- Requires that the auditor apply analytical procedures in the planning stage of the audit to
obtain a more detailed understanding and to identify areas of potential risk
- Enhance the understanding of the entity’s business
- Identify unexpected fluctuations and unusual relationships