Audits must follow a logical pattern to achieve objectives:

1. To express the opinion regarding assessment of risk

Risk-based audit
Important elements - interrelated
1. Risk
2. Materiality

● Evidence gathering is cumulative

Strategies in risk-based audit

1. Purely/predominantly substantive - extensive in nature, current &interim timing and year-
end testing, many samples, extent will be many
2. Combination - restricted in nature, timing is current & interim, rollforwarding procedures,

- Elements that would not be given much emphasis must not be materially misstated

- Quality control system must be documented in the working papers

- Quality control reviewer must be objective and competent, must not have been involved
in the engagement, must decide if the contents of the documentation are adequate to merit
conclusion

Phases
1. Risk assessment - 300 series standards
a. Preliminary Planning
i. Management of client acknowledges responsibilities in reporting
ii. Management of client acknowledges responsibility in internal controls
iii. Provide the auditor unrestricted access to evidence within the entity
iv. Ethical compliance
b. Planning proper
2. Risk response
a. Tests of control - compliance tests
b. Substantive tests - direct tests
3. Risk reporting
a. Completing the audit
b. Issuance of opinion
c. Post audit responsibilities

PSA 300 - Planning an Audit

- Auditor should plan the audit so that the engagement will be performed in an effective
manner
 - Involve the engagement partner and other key members of the engagement team to
benefit from their experience and insight and to enhance the effectiveness and efficiency
of the planning process
Benefits of adequate planning
1. Ensures that appropriate attention is devoted to important areas of the audit - significant
risk
2. Identify potential problems
3. Ensures that engagement is properly organized
4. Assists in proper assignments of team members - time budget summary
5. Facilitates the direction, supervision, and reviewing the work of engagement team
members
6. Assists in coordination of work done by auditors of components and experts
a. They must meet both requirements of:
i. Independence
ii. Confidentiality

● Establish an overall strategy for audit to develop a program

● No planning = audit failure

Extent of planning
1. Size of the entity
2. Complexity of the audit
3. Auditor’s experience with the entity
4. Changes in circumstances that occur during the audit engagement

Planning matters
1. Brainstorming/planning conference - discussion among members
2. Analytical procedures to be applied as risk assessment procedures
a. Ratio analysis - least costly

3. Obtaining of a general understanding of the legal and regulatory framework applicable to

the entity and the entity’s compliance with that framework
4. Determination of materiality
5. Involvement of expert
6. Determination of assessment procedures prior to identifying and assessing the risks of
material misstatement
7. General knowledge of entity
Procedures - ACRRIIO
• Analytical procedures - required in completing the engagement
• Confirmation
• Recalculation
• Reperformance
• Inquiry
• Inspection of assets
• Inspection of records and documents
• Observation

Scope of audit
Risk assessment procedures - getting to know the integrity issues of the management to assess
if we will accept the engagement, assessment of the risk of the entity; always required to be
performed
- Analytical procedures - required
- Inquiry procedures - predecessor auditor
- Inspection of records and documents
- Observation
Tests of control - determine the nature, timing, and extent of substantive procedures; compliance
testing
- Reperformance - walkthrough
- Recalculation
- Inquiry
- Inspection of records and documents
- Observation - limited
Substantive procedures - detects the level of misstatements; always required to be performed
- Analytical - not required, but recommended
- Confirmation - receivables
- Positive - in all cases, confirmation is needed to be received
- Negative
- Recalculation
- Inquiry - third parties
- Inspection of assets
- Inventory test count
- Observation

Three categories
1. Classes of transactions
2. Balance sheet accounts
3. Notes to financial statements

Three sources of misstatement

1. Fraud - qualified or adverse opinion, depending on the pervasive test
 2. Error
3. Noncompliance

Requisites prior to acceptance

1. Ethical requirements
2. Integrity issues
3. Establish an understanding of the terms of engagement

Purposes of preliminary activities

1. Ensure that auditor has considered events that may affect the auditor’s ability to plan
2. Perform the audit engagement to reduce risk to acceptably low level

Audit planning
1. Overall audit strategy
a. Determining the characteristics of engagement
b. Reporting objectives of the engagement to plan the timing of audit and nature of
communications
c. Considering the important factors that will determine the focus of the engagement
team’s efforts
2. Detailed audit plan
a. Description of the nature, timing, and extent of planned risk assessment
procedures
b. Description of the nature, timing, and extent of planned further audit procedures
c. Other procedures required by PSAs

Audit program
- Set of audit procedures specifically designed for each audit
- Includes both substantive tests and tests of control
- Enables the auditor to express an opinion on the financial statements taken as a whole
- When the auditor gives an opinion, it should be for the entirety of the FS as a
complete set, and not for a specific FS

PSA 700 Series - general purpose reports

PSA 800 Series - special reports

Benefits of audit program

1. Evidence of proper planning of the work and allows a review of the proposed scope oft
the audit
2. Gives members of the audit team an opportunity to review the proposed scope of the audit
before the work performed, when there is still time to modify the audit procedures
3. Guidance to less experienced staff members
4. Evidence of work performed
5. Means of controlling time
6. Consideration of control risk
Time budget summary
- Estimate total hours
- Based on information taken in auditplanningh

Steps
1. Obtain an understanding of the entity and its environment (IINOM)
a. Internal control
b. Industry condition
i. Understand the entity’s market, competition, market condition, and price
competition
ii. Understand the regulatory environment
iii. Economy-wide factors
iv. Business operations, including related party transactions
v. Investments
vi. Financing
1. Debt structure
2. Group structure
3. Leasing of property
4. Beneficial owners
5. Use of derivatives
vii. Financial reporting
c. Nature of entity
d. Objectives, strategies, and risks
i. Objectives - overall plans of the entity as defined by those charged with
governance and management; risks are those that will negate the
objectives and are uncontrollable, only remedy is to assess
1. Financial reporting risks
a. Inherent - risk of material misstatement
b. Control - risk that a material misstatement could occur and
not be prevented
c. Detection risk - controllable; risk that the auditor will fail to
detect a material misstatement that exists in relevant
assertion, remedy is to solve/measure
2. Operational risks
3. Compliance risks
ii. Strategies - operational approaches; used to mitigate or counter risks
iii. Business risks - result from significant conditions or events that could
adversely affect the entity’s ability to achieve its objectives and execute its
strategies
e. Measurement and review of financial performance
i. Key ratios
ii. KPIs
iii. Employee performance measures
 2. Performing analytical procedures
3. Consideration of fraud in audit planning
a. PSA 240 - The Auditor’s Responsibilities relating to Fraud in an Audit of Financial
Statements
b. When obtaining an understanding of the entity and its environment, the auditor
c. Fraud risk triangle - RIO/PAO
i. Incentive
ii. Opportunity
iii. Attitude/rationalization
d. Two fraudsters
1. Management - fraudulent financial reporting, more impactful
2. Employee - misappropriation of assets

4. Identifying and assessing the risk of material misstatements through understanding the
entity and its environment
a. Audit risk model
i. Obtain understanding of entity and assess level of business risks
● Measuring audit risk: AR = IR x CR x DR(overall audit
strategy)
a. Audit risk is set by the auditor; inversely related with
inherent risk and control risk; directly related to detection
risk
b. Inherent and control risk is assessed by the auditor; directly
related with level of substantive test; inversely related to
audit and detection risk
c. Detection risk is measured by the auditor; inversely related
to audit risk
i. Quantitative
ii. Qualitative
1. Ordinals
a. High
b. Medium
c. Low
● Modify
PSA 315
● In performing an audit of FS, the auditor should have or obtain a knowledge of the
business sufficient to enable the auditor to identify and understand the events,
transactions,and practice, that, in the auditor’s judgement, may have a significant effect
on the financial statement or on the examination or audit report
● General knowledge of the economy and industry within which the entity operates
● Specific knowledge of how the entity operates
● Level of knowledge of the auditor should be less than that of management

Purely or predominantly substantive - extensive

Combination - restricted

Risk assessment audit - to cover all kinds of risk

PSA 520 - Analytical procedures - study and comparison of relationships among data to identify
expected or unexpected fluctuations and other unusual items
- Requires that the auditor apply analytical procedures in the planning stage of the audit to
obtain a more detailed understanding and to identify areas of potential risk
- Enhance the understanding of the entity’s business
- Identify unexpected fluctuations and unusual relationships

High risk industries

1. Technology
2. Petroleum
3. Banking