Chapter corr CONCEPTS OF A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT Expected Learning Outcomes After studying this chapter, you should be able to: 4 Understand the core concepts of a Financial Statement Audit including the following: eee cee Nature of an independent Financial Statement Audit The overall objectives of the Independent Auditor and the conduct of an audit in accordance with Philippine Standards on Auditing. Ethical Requirements Relating to an Audit of Financial Statements. Conduct of an Audit of Financial Statements. Scope of an Audit of Financial Audit. Professional Skepticism. Reasonable Assurance. Audit risk and Materiality. Responsibility for the Financial Statements Understand the Risk-Based Audit Process . Distinction between risk-based audit approach and account- based activities Stages and the activities in the risk-based audit process Relevant Philippine Standards on Auditing (PSAs) used in the Risk-Based Audit Process Components of the Audit-Risk Model Factors to consider in Implementing the Audit Risk Model Limitations of the Audit Risk Model QU BSCHAPTER 1 CORE CONCEPTS OF A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT NATURE OF (NDEPENDENT FINANCIAL STATEMENTS AUDIT Auditing is a systematic process by which a competent, independent person objectively obiains and evaluates evidence regarding assertions.about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users. OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH PHILIPPINE STANDARDS ON AUDITING (PSH200) ‘The Philippine Standard on Auditing (PSA) establishes the independent auditor's overall responsibilities when conducting an audit of financial statements. Specifically, ii sets out the overall objectives of the independent auditor, and explains the nature and scope of an audit designed to enable the independent auditor to meet those objectives. It also explains the scope, authority and structure of the PSAs, and includes requirements establishing the general responsibilities of the independent auditor applicable in all audits, including the obligation to comply with the PSAs. OBJECTIVES OF AN AUDIT In conducting an audit of financial statements, the overall objectives of the auditor are: (a) To obiain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, them by enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and (©) To report on the financial statements, and communicate as required by the PSAs, in accordance with the auditor's findings.A Risk-Based Approach to Conducting a Quality Audit 3 The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. This is achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. In the case of most general-purpose frameworks, that opinion is on whether the financial statements are presented fairly, in all material respects, in accordance with the framework. An audit conducted in accordance with PSAs and relevant ethical requirements enables the auditor to form that opinion. An audit of financial statements is an assurance engagement, as defined in the Philippine Framework for Assurance Engagements. The Framework defines and describes the elements and objectives of an assurance engagement. The PSAs apply the Framework in the context of an audit of financial statements and contain the basic principles and essential procedures, together with related guidance, to be applied in such an audit. ETHICAL REQUIREMENTS RELATING TO AN AUDIT OF FINANCIAL STATEMENTS The auditor should comply with relevant ethical requirements relating to audit engagements.. As discussed in PSA 220, "Quality Control for an Audits of Financial Statements," ethical requirements relating to audits of financial statements ordinarily comprise Parts A and B of the Code of Ethics for Professional Accountants in vie Philippines (Ethics Code)! effective April 6, 2018 adopted and promulgated by the Board of Accountancy. PSA 220 (Revised) identifies the fundamental principles of professional ethics established by Parts A and B of the Ethics Code and sets out the ogagement partner's responsibilities with respect to ethical requirements. PSA 220 recognizes that the engagement team is entitled to rely on a firm's systems in meeting its responsibilities with respect to quality control procedures applicable to the individual audit engagement (for example, in relation to capabilities and competence of personnel through their recruitment and formal training; independence through the accumulation and communication of relevant independence information; maintenance of client relationships through acceptance and continuance systems; and adherence to regulatory and legal requirements through the monitoring process), unless information provided by the firm or other parties suggests otherwise. Accordingly, Philippine Standard on Quality Control (PSQC) 1, "Quality Control for Firms that Perform Audits and ‘Adapted to the Coa of Ethies for Professional Accountants issued by the International Federation of Accountants.4 Chapter 1 Reviews of Financial Statements, and Other Assurance and Related Services Engagements," requires the firm to establish policies and procedures designed. to: provide it witl reasonable assurance that the firm and its personnel comply with relevant ethicel requirements. CONDUCT OF AN AUDIT OF FINANCIAL STATEMENTS The auditor should conduct an audit in accordance with Philippine Standards on Auditing. PSAs contain basic principles and essential procedures together with related guidance in the form of explanatory and other material, including appendices. ‘The basic principles and essential procedures are to be understood and applied in the context of explanatory and other materials that provide guidance for their application. The text of a whole Standard is considered in order to understand and apply the basic principles and essential procedures. In conducting an audit in accordance with PSAs, the auditor is also aware of and considers Philippine Auditing Practice Statements (PAPSs) applicable to the audit engayement. PAPSs provide interpretative guidance and practical assistance to auditors in implementing PSAs. An auditor who does not apply the guidance included in a relevant PAPS needs to be prepared to explain how the basic principles and essential procedures in the Standard addressed by the PAPS have been complied with. ‘The auditor may also conduct the audit in accordance with both ISAs and PSAs. However, there are currently no fundamental differences between the IAASB pronouncements and corresponding requirements issued by the AASC and no such differences are expected in the future.” SCOPE OF AN AUDIT OF FINANCIAL STATEMENTS ‘The term "scope of an audit" refers to the audit procedures deemed necessary in the circumstances to achieve the objective of the audit. In determining the audit procedures to be performed in conducting an audit in accordance with Philippine Standards on Auditing, the auditor should comply with each of the Philippine Standards on Auditing relevant to the audit. Je mated nie Preface tothe Philippine Standards on Quality Control, Auatng, Review, and Other Assurance and Related Someone stated poty ofthe AASC to make the Intemational Standards and Practice Statements issued by the [AASB re topliceble tandards and practice statements Inthe Philippine. To implement such policy, the ASC mates Philppine- ire ape toe paragraph or sections in Inernerinal Standards and Practice Statements tha ae addresed in broad terms 0 ee chemenoll community asa whole to make then clearly applicable the Philippine, ar provides adtional information in crsain parage pha or sections, whenever necessary 0 fcilite and clearly extablih ther application inthe PhllppnesA Risk-Based Approach to Conducting a Quality Audit 5 The auditor should not represent compliance with Philippine Standards on Auditing unless the auditor has complied fully with all of the Philippine Standards on Auditing relevant to the audit. The auditor may, in exceptional circumstances, judge it necessary to depart from a basic principle or an essential procedure that is relevant in the circumstances of the audit, in order to achieve the objective of the audit. In such a case, the auditor is not precluded from representing compliance with PSAs, provided the departure is appropiiately documented as required by PSA 230 (Clarified), "Audit Documentation.” PROFESSIONAL SKEPTICISM The auditor should plan and perform an audit with an attitude of professional skepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated. An attitude of professional skepticism means the auditor makes a critical assessment, with a questioning mind, of the validity of audit evidence obtained and is alert \o audit evidence that contradicts or brings into question the reliability of documents and responses to inquiries and other information obtained from management and those charged with governance. For example, an attitude of professional skepticism is necessary throughout the audit process for the auditor to reduce the risk of overlooking unusual circumstances, of over generalizing when drawing conclusions from audit observations, and of using faulty assumptions in determining the nature, timing and extent of the audit procedures and evaluating the results thereof. When making inquiries and performing other audit procedures, the auditor is not satisfied with less-than- persuasive audit evidence based on a belief that management and those charged with governance are honest and have integrity. Accordingly, representations from management are not a substitute for obtaining sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor's opinion. REASONABLE ASSURANCE An auditor conducting an audit in accordance with PSAs obtains reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance is a concept _ relating to the accumulation of the audit evidence necessary for the auditor to conclude that there are no material misstatements in the financial statements taken as a whole. Reasonable assurance relates to the whole audit process.6 _Chaper 1 An auditor cannot obtain absolute assurance because there are inherent limitations in an audit that affect the auditor’s ability to detect material misstatements. These limitations result from factors such as the following: e The use of testing. The inherent limitations of internal control (for example, the possibility ‘of management override or collusion). © ‘The fact that most audit evidence is persuasive rather than conclusive. Also, the work undertaken by the auditor to form an opinion is permeated by judgmeni, in particular regarding: (a) The gathering of audit evidence, for example. in deciding the nature, timing and extent of audit procedure; and (b) The drawing of conclusions based on the audit evidence gathered, for example, assessing the reasonableness of the estimates made by management in preparing the financial statements. Further, other limitations may affect the persuasiveness of evidence available to draw conclusions on particular assertions (for example, transactions between related parties). In these cases, certain PSAs identify specified audit procedures which will, because of the nature of the particular assertions, provide sufficient appropriate audit evidence in the absence of: (a) Unusual circumstances which increase the risk of material misstatement eyond that which would ordinarily be expected; or (b) Any indication that a material misstatement has occurred. Accordingly, because of the factors described above, an audit is not a guarantee that the financial statements are free from material misstatement, because absolute assurance is not attainable. Further, an audit opinion does not assure the future viability of the entity nor the efficiency or effectiveness with which management as conducted the affairs of the entity.A Risk-Based Approach to Conducting a Quality Audit _7 AUDIT RISK AND MATERIALITY The auditor obtains and evaluates audit evidence to obtain reasonable assurance about whether the financial statements give.a true and fair view or are presented fairly, in all material respects, in accordance with the applicable financial reporting framework. The concept of reasonable assurance acknowledges that there is a risk tle audit opinion is inappropriate. The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated is known as “audit risk”. The auditor should plan ‘and perform the audit to. reduce audit risk to an acceptably low level that is consistent with the objective of an audit. The auditor reduces audit risk by designing and performing audit procedures to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base an audit opinion. Reasonable assurance is obtained when the auditor has reduced audit risk to an acceptably low level. RESPONSIBILITY FOR THE FINANCIAL STATEMENTS While the auditor is responsible for forming and expressing an opinion on the financial statements, the responsibility for the preparation and presentation of the financial statements in accordance with the applicable financial reporting framework is thai of the management’ of the entity, with oversight from those charged with governance. The audit of the financial statements does not relieve management or those charged with governance of their responsibilities.8 Chapter 1 THE RISK-BASED AUDIT PROCESS Introduction Risk-based audit approach is an audit approach that begins with an assessment of the types ard likelihood of misstatements in account balance and then adjusts the amount and type of audit work, to the likelihood of material misstatements occurring in account balances. In risk-based audit, the’audit team views all activities in the organization first in terms of risks to strategies and objectives, and then in terms of management’s plans and provesses to mitigate the risk. The auditors obtain an understanding of the client’s objectives. The risks are identified and the auditors determine how management plans to mitigate the risk and whether those plans are in place and ely. operating effe: Account-based audit is an approach wherein the auditor obtains an understanding of control and assesses control risk for partioular types of errors and frauds in specific accounts and cycle. STAGES OF THE RISK-BASED AUDIT PROCESS Under the PSAs which are risk-based, specific audit procedures vary from one engagement (o the, next. The following stages are, however, involved in every engagement. Phase I. Risk Assessment This phase involves the following activities: a. Performance of preliminary engagement activities to decide whether to accept / continue an audit engagement. . b. Planning the audit to develop an overall audit strategy and audit plan. c. Performance of risk assessment procedures to identify / assess risk of material misstatement through understanding the entity.A Risk-Based Approach to Conducting a Quality Audit _9 Phase II. I Risk Response This phase covers the following activities: a. Designing overall responses and further audit procedures to develop appropriate resporises to the assessed risk of material misstatement. b. Implementing responses to assessed risk of material misstatement to reduce audit risk to an acceptably low level. Phase III. Reporting This phase involves the following activities: a. Evaluating the audit evidence obtained to determine what additional audit work (if any) is required. b. Forming an opinion based on audit findings and preparing the auditor’s report. A simpler way of describing the three elements is illustrated below. Figure 1-1; Describing the Three Elements RISK ASSESSMENT RISK RESPONSE REPORTING What events* could occu Did the events" identified | What audit opinion, based that would cause a material occur and result in a on the evidence obtained, is misstatement in the material misstatement in | appropriate on the financial financial statements? the financial statements? statements? * An “event” is simply a business or fraud risk factor that, if it actually occurred, would adversely affect the entity’s ability to achieve its objective of preparing financial statements that do not contain material misstatements resulting from error and fraud. This would also include risks resulting from the absence of internal control to mitigate the potential for material misstatements in the financial statements. Figure 1-2 shows the schematic risk-based audit process in accordance with the guidelines provided by the International Federation of Accountants.10 Chapter 1 Figure 1-2: Risk-Based Audit Progess* “ACTIVITY PURPOSE, ] DOCUMENTATION Perform p liminary Dicide whether to Listing of fisk factors engagement — | accept engagement Independence Materalty Plan the audit —} Develop an overall auc Audit team discussions Strategy and aucit pa Overall audit strateg rl Perfor risk Identify / assess —»| Business and fraud risk < | >] assessment RMM* through under- including significant risks = ' procedures standing the entity LT = ** Risk of Material Misstatemient) a2 ; Design / implementation of : relevant internal o : ‘Assessed RMM at t —>) © FIS Level i ’ Le Assertion level —— Update of overall strategy Design overall Develop appropriate Overall responses = responses and responses to the >| © Audit plan that inks molt further audit assessed RM assessed RM to ws i procedures further audit procedures a |i 2 |i = ‘ Implement & |! | responses to ad ia alee © Work performed; | L__ assessed RM, ooena © Audit findings — New / revised risk factors lane and audit procedures it Determine what + Changes in materiality . oie: cares || Ser wrk * Communications on i (if any) is required audit findings q Yes + Conclusions on audit ° procedures performed < = is additional work es a requ red? Noy Prepare the Auditors Form an opinion based, J” Significant decision report ‘on aucit findings Signed audit opinion pikdanted from “Guide so Using International Standards of Auditing in the Audits of Small and Medium Sized Entities” Volumes | and i’, Core Goncepts / Practical Application - Fourth Edition”. Copyright © November 2018 by IFAC, All rightsrréserved. Used with permission of IFAC.A Risk-Based Approach to Conducting a Quality Audit 11 Figure 1-3 presents the Relevant Philippine Standards On Auditing (PSAS) To Be Used In The Risk-Based Audit Process Figure 1-3: Relevant Philippine Standards On Auditing (PSAS) To Be Used In The Risk-Based Audit Process GUIDANCE ON FUNDAMENTAL CONCEPTS TOPIC Applicable PSA(s) General Principles PSA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing Quality Control PSA 200, Quality Control for an audit of Financial Statements Management Assertions PSA 315, Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment (Newly Revised Standard effective for audits of financial statements for periods ending on or after December 15, 2013) Audit Evidence | PSA 500, Audit Evidence Audit Documentation PSA 230, Audit Documentation PHASE | - RISK ASSESSMENT INCLUDING MAKING CLIENT ACCEPTANCE AND CONTINUANCE DECISIONS : Client Acceptance and PSA 210, Agreeing the Terms of Audit Engagements Continuance Considering Fraud PSA 240, The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements Consideration of Laws and Regulations in Planning the Audit PSA 250, Consideration of Laws and-Regulations in an Audit of Financial Statements Planning an Audit PSA 300, Planning an Audit of Financial Statements Assessing Risk of Material PSA 315, Identifying and Assessing the Risks of Material Misstatements Misstatement through Understanding the Entity and its Environment (Newly Revised Standard effective for audits of financial statements for periods ending:o#rer after December 15, 2013) PSA 320, Materiality in Planning and Performing an Audit Planning Audit Procedures PSA 330, The Auditor's Responses to Assessed Risks Understanding Related PSA 550, Related Parties Parties12 Chapter | Communicating with those Charged with Governance about the Audit Plan PSA 260, Communication with Those Charged with Governance PHASE Il - RISK RESPONSE Testing Controls for the Financial Statement Audit PSA 330, The Auditor's Responses to Assessed Risks “Audit Sampling for Tests of Controls PSA 530, Audit Sampling Testing Controls inan Integrated Audit Obtaining Evidence about Compliances with Laws and Regulations PSA 250, Consideration of Laws and Regulations in an Audit of Financial Statements ‘Substantive Audit Procedures PSA 330, The Auditor's Responses to Assessed Risks PSA 500, Audit Evidence Se Evidence egarding the Valuation of investments in securities and derivative instruments; b. Existence and condition of inventory; c. Completeness of litigation, claims, and assessmenis involving the entity; and d. Presentation and disclosure of segment information, in accordance with the applicable financial reporting framework External Confirmations PSA 501, Audit Evidence Specific Considerations for Selected Items PSA 505, External Confirmations ‘Audit Sampling ‘or Substantive Tests PSA 530, Audit Sampling Obtaining Evideice about Related Parties PSA 550, Related Parties Auditing Accounting Estimates PSA 840, Auditing Accounting Estimates, Including Fair Value | Accounting Estimates, and relate DisclosuresA Risk-Based Approach to Conducting a Quality Audit 13 [ Analytical Procedures as a Substantive Test | Using an Auditor's Specialist! Expert PHASE Ill- REPORTING PSA 520, Analytical Procedures PSA 620, Using the Work of an Auditor's Expert Evaluating the Implications of Noncompliance with Laws and Regulations PSA 250, Consideration of Laws and Regulation in an Audit of Financial’Statemenis Evaluating Financial |_ Statemeni Misstatements “PSA 460, Evaluation of Misstatements Identified during the Audit | Subsequent Events PSA 560, Subsequent Events | Disclosures about Related Parties | Going Cones -| PSA 550, Related Parties PSA 570, Going Concern Management Represeniations PSA 580, Written Representations Omitted Procedures Communica'ing with those _ PSA 260, Communication with Those Charged with Govemance l | Mawer Paragraphs in the |__Audit Report Special Considerations Charged with Governance _ Supervision 2 : Engagemen' Quality Review | ne Audit Opinions PSA 700, Forming an Opinion and Reporting on Financial J ins Statements Audit Opinion Modifications | PSA 705, Modifications to the Opinion in the Independent Auditor's Report ean PSA 706, Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor's Report PSA 800, Special Considerations — Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks PSA 805, Special Considerations - Audits of Single Financial Statements and Specific Elements, Accounts or Items of a Financial Statement14 Chapte: 1 UNDERST ANDING THE AUDIT RISK MODEL Nature of Risk Risk is a concept used to express uncertainty about events and/or their outcomes that could have a material effect on the organization. The four critical components of risk that are relevant to conducting the audit are: 1 Audi’ Risk. The risk that an auditor may give an unqualified opinion on financial statements that are materially misstated. Engogement Risk. The economic risk that a CPA Firm is exposed to simply because it is associated with a particular client including loss of reputation, inability of the client to pay the auditor, or financial loss because management is not honest and inhibits the audit process. Engagement risk is controlled by careful selection and retention of client. Finencial Reporting Risk. Those risks that relate directly to the recording of transactions and the presentation of financial data in an organization’s financial statements. Business Risk. Those risks that affect the operations and potential outcomes of organizational activities. The following considerations are important in integrating the concepts of materiality and risk in the conduct of a risk-based audit: L Risky areas of a business must be identified by the auditors to determine which account balances are more prone to material misstatements, how the misstatements might occur and how a client might be able to cover them up. Auditors need to develop approaches and methodologies to allocate overall assessments of materiality to individual account balances because some account balances may be more important to users. Audits involve testing or sampling and thus cannot provide absolute (100%) assurance that the fitiancial statements are free of material misstatements without inordinately driving up the cost of audits. Not all clients are worth accepting. Since audits rely on testing and to some exient on the integrity of management, there are some clients that an audit firm should not accept because the engagement risk is too high. Competition for clients among audit firms is high. Clients choose auditors based on a number of factors including fees, service, industry knowledge, personal rapport and ability to assist the client.A Risk-Based Approach to Conducting a Quality Audit 15 6. Auditors should understand society’s expectations of financial reporting to reduce audit risk to an acceptably low level and therefore minimize lawsuits that the users may possibly bring forth. Although audit risk is a concept, it is often illustrated using quantitative examples. For instance, the relationship between engagement risk and audit risk may be presented as follows: 5 Engagement Risk High Moderate Tow ‘Audit Risk | Donot accept client. | Set very low (1%) | Set within professional standards but can be higher than companies with higher engagement risk (5%) © Setting audit risk at 1% is equivalent to performing a statistical test using 99% confidence level. Audit risk set at 1% implies that the auditor is willing to take a 1% chance of issuing an unqualified opinion on materially misstated financial statements. e Audit risk set at 5%, implies that the auditor is willing to take a 5% chance of issuing an unqualified opinion’ on materially misstated financial statements. ®° High levels of audit risk are appropriate for client with lower levels of engagement risk. Based on the assessment of engagement risk, the auditor sets the desired audit tisk. Audit risk oftentimes illustrated using numeric or quantitative examples. In fact many audit firms use the measures associated with statistical sampling to set audit risk, e.y., setting audit risk at a 1% level for high-risk clients and 5% for lower-risk clients. Other auditing firms use a broader description of audit risk as high, moderate or low and adjust the nature of their audit procedures accordingly. The following general observations are considered to have influenced the implementation of the audit risk model: © The beiter the company's internal controls, the lower the likelihood’ of material misstatement. e Unusua! or complex transactions are more likely to. be errorieoitsly. recorded than am recurring or routine transactions. e The amount and persuasiveness of audit evidence gathered ‘should. vary, inversely with audit risk; i.e., lower audit risk requires gathering: more persuas ve evidence. ‘16 Chapter 1 COMPONENTS OF AUDIT-RISK MODEL These general premises have been incorporated into an audit risk (AR) model with three components: inherent'risk (IR), control risk (CR) and detection-sisk (DR) as ‘ollows: AR=IRxCRxDR where Inherent risk (IR) is the initial susceptibility of a transaction or accounting adjustment to be recorded in error, or for the transaction not to be recorded in the absence of internal controls. Control risk (CR) is the risk that the client's internal control system will fail to prevent or detect a misstatement. Detection risk (DR) is the risk that the audit procedures will fail to detect a material misstatement. Stated differently, audit risk is the risk that the auditor may give an unqualified opinion on materially misstated financial statements. It is influenced by: (IR) the likelihood that a transaction, estimate, or adjustment might be recorded incorrectly; (CR) the likelihood that the client's internal control processes would fail to prevent or detect the misstatement and (DR) the likelihood that, if a misstatement occurred, the auditor's procedures would fail to detect the misstatement. The audit risk model may also be illustrated using a quantitative approach with probability assessments applied to each of the model's component. Illustrative Case I: Quantitative Example of Audit Risk: High Risk of Material Misstatement XYZ Mining Corporation, an audit client of Aquino and Marcos CPAs., has many complex transactions and weak internal control. The auditors assess both inherent risk and control risk at their maximum. This implies that the client does not have effective control (CR) and there is a high risk that the transaction would be recorded incorrectly (IR). The auditors believe that engagement risk is high and have set audit risk at the 0.01 level. This means that the auditors do not want to take much of a risk that the misstatement goes undetected in the financial statements.A Risk-Based Approach to Conducting a Quality Audit 17 The effect on the extent of audit procedures and thus, detection risk is as follows: =IRxCRxDR DR= _AR (IR x CR) DR= __.01 or 0.01 of 1% (0 x 1.0) In this particular case, detection risk and audit risk are the same because the auditor cannot rely on internal control to prevent or detect misstatements. This illustration therefore yields the instinctive result: "Poor controls and a high likelihood of misstatement would lead to extended audit work to maintain audit risk at an acceptable level." Illustrative Case I: Quantitative Example of Audit Risk: Low Risk of Material Misstatement Zoren Trading Corporation is an audit client of Cayetano and Loren CPAs. Zoren has simple trensactions, well-trained accounting personnel effective control is no incentive to misstate the financial statements. The auditor's previous audit experience with the client; an understanding of the client's internal controls and the results of preliminary testing this year indicate a low risk of material misstatement existing in the accounting records. The auditor assesses inherent risk as low as 50% and control risk of 20%. Audit risk is consistent with it low engagement risk of 0.05. The detection risk for this engagement is determined as follows: DR= _AR é (IR x CR) DR= __.05 (50x20) or 0.50 or 50%18 Chapter | The auditor could therefore design tests of the accounting records with a lower detection risk, in this situation 50%, because only minimal substantive tests of account balances are needed to provide corroborating evidence on the expectations that the accounts are not materially misstated. The auditor, however wouid have had to test whether the controls are operating effectively in order to support a control risk assessment below 100%. FACTORS TO CONSIDER IN IMPLEMENTING THE AUDIT RISK MODEL The following general observations on an audit. client influence the implementation of the audit risk model: 1. High-risk activities This includes operations or events where a material misstatement could easily occur. For example, an inventory of high-value diamonds or gold bars held by a jeweler, or a new / complex accounting system being introduced, 2. Existence of large non-routine transactions Identified significant related party transactions outside the entity’s normal course of business are to be treated as giving rise to significant risks, This includes infrequent and large transactions. For exampfe: “Unusual volume of routine transactions with a related party; ‘A major sales or supply contract; The purchase or sale of major business assets or business segments; and Sale of the business to a third party. Routine non-complex transactions that are subject to systematic processing are'less likely to give rise to significant risks. _.3. Matters requiring judgment or management intervention Examples would include: ‘ The assumptions and calculations used by management in developing major estimates; * Complex calculations or accounting principles; * Revenue recognition (presumed to be a significant tisk) that is subject to differing interpretation;A Risk-Based Apphoach to Conducting a Quality Audit 19 ‘% Where management intervention is required to specify the accounting treatment to be used. 4. Potential for fraud The risk of not detecting a material misstatement resulting from fraud (which is intentional and deliberately concealed) is higher than the risk of not detecting one resulting from error. In evaluating whether significant risk could result from the identified fraud risk factors and the possible scenarios and schemes identified in team discussions, consider the following: “ Skillfulness of the potential perpetrator; *% Relative size of individual amount manipulated; “Level of authority of management or employee to: - directly or indirectly manipulate accounting records, and - override control procedures; © — Significant fraud risks may be identified at any stage in the audit as a result of new information being obtained. LIMITATIONS OF THE AUDIT RISK MODEL Audit risk is a concept that drives the auditor’s thinking about planning the audit and then executing an audit. The illustrations are designed to provide guidance, but shou'd not be applied rotely to any audit client. CPA firms in determining their approach to implementing the audit risk model should consider the following limitations: a) Inherent risk is difficult to formally assess. Some transactions because of their complexity are more susceptible to error but it is quite difficult to assess that level of risk independent of the client’s accounting system: b) The model treats each risk component as separate and independent when in fact the components are not independent. It is also quite difficult to separate a client’s material controls and inherent risk. ) Audit risk is judgmentally determined. d) Audit technology is not so fully developed that each component of the model can be accurately assessed. Auditing is based on testing and precise estimates of the model’s components are not possible. Auditors can, however, make subjective assessments and use the audit risk model as. guide.