Chapter 1: Overview of

the Risk-Based Audit

Process
By:
Cabral, Erlie B.
De Jesus, Lalaine D.
Prayer
Motivation

Trust in the Lord with all your

heart and lean not to your own
understanding in all your ways
acknowledge him and he shall
direct your paths.

Proverbs 3:5-6
Learning Objectives
01 Describe the nature of auditing.

Describe the objectives of the Independent

02
02 Auditor and conduct of an audit in accordance
with Philippine Standards on Auditing.

03 Distinguish between the risk-based audit

process and the accounts-based audit process.

Describe the activities in the risk-based audit

04 process.

Explain the factors to consider in implementing the

05 Audit Risk Model.

06 Explain the limitations of the Audit Risk Model.

 WHAT IS
AUDITING?
Auditing Defined
Auditing is a systematic process by which a
competent, independent person objectively
obtains and evaluates evidence regarding
assertions about economic actions and
events to ascertain the degree of
correspondence between those assertions
and established criteria and communicating
the results to interested users.
Overall Objectives of the Independent
Auditor and the Conduct of an Audit in
Accordance with Philippine Standards
on Auditing (PSA 200)
Overall Objectives of the Independent Auditor and the Conduct of an Audit in
Accordance with Philippine Standards on Auditing (PSA 200)

a) To obtain reasonable assurance about whether the financial

statements as a whole are free from material misstatement,
whether due to fraud or error, there by enabling the auditor
to express an opinion on whether the financial statements
are prepared, in all material respects, in accordance with an
applicable financial reporting framework.

b) To report on the financial statements and communicate as

required by the PSAs, in accordance with the auditor’s
findings.
Overall Objectives of the Independent Auditor and the Conduct of an Audit in
Accordance with Philippine Standards on Auditing (PSA 200)

Ethical Requirements Relating to an Audit of Financial

Statements

Conduct of an Audit of Financial Statements

Scope of an Audit of Financial Statements

Professional Skepticism

Reasonable Assurance

Audit Risk and Materiality

Responsibility for the Financial Statements

Overall Objectives of the Independent Auditor and the
Conduct of an Audit in Accordance with Philippine
Standards on Auditing (PSA 200)
1. Ethical Requirements Relating to an
Audit of Financial Statements
1. Ethical Requirements Relating to an Audit of
Financial Statements
In PSA 220, “Quality Control for an Audits of Financial Statements,”
ethical requirements relating to audits of financial statements. PSA 220
(Revised) identifies the fundamental principles of professional ethics
established by Parts A and B of the Ethics Code and sets out the
engagement partner’s responsibilities with respect to ethical
requirements.
 
PSA 220 recognizes that the engagement team is entitled to rely
on a firm’s systems in meeting its responsibilities with respect to
quality control procedures applicable to the individual audit
engagement, unless information provided by the firm or other
parties suggests otherwise.

Philippine Standard on Quality Control (PSQC) 1, “Quality Control

for Firms that Perform Audits and Reviews of Financial Statements
and Other Assurance and Related Services Engagements,” requires
the firm to establish policies and procedures designed to provide it
with reasonable assurance that the firm and its personnel comply
with relevant ethical requirements.
Overall Objectives of the Independent Auditor and the
Conduct of an Audit in Accordance with Philippine
Standards on Auditing (PSA 200)

2. Conduct of an Audit of Financial

Statements
2. Conduct of an Audit of Financial Statements

In conducting an audit in accordance with PSAs, the auditor is also aware of and
considers Philippine Auditing Practice Statements (PAPSs) applicable to the audit
engagement. PAPSs provide interpretative guidance and practical assistance to
auditors in implementing PSA. An auditor who does not apply the guidance
included in a relevant PAPS needs to be prepared to explain how the basic
principles and essential procedures in the Standard addressed by the PAPS have
been complied with.
The auditor may also conduct the audit in accordance with both ISAs and PSAs.
However, there are currently no fundamental differences between the IAASB
pronouncements and corresponding requirements issued by the AASC and no
such differences are expected in the future.
Overall Objectives of the Independent Auditor and the
Conduct of an Audit in Accordance with Philippine
Standards on Auditing (PSA 200)
3. Scope of an Audit of Financial
Statements
 3. Scope of an Audit of Financial Statements

Scope of an Audit refers to the audit procedures deemed necessary in the

circumstances to achieve the objective of the audit. In determining the audit
procedures to be performed in conducting an audit in accordance with Philippine
Standards on Auditing, the auditor should comply with each of the Philippine
Standards on Auditing relevant to the audit. The auditor may, in exceptional
circumstances, judge it necessary to depart from a basic principle or an essential
procedure that is relevant in the circumstances of the audit, in order to achieve the
objective of the audit.
Overall Objectives of the Independent Auditor and the
Conduct of an Audit in Accordance with Philippine
Standards on Auditing (PSA 200)

4. Professional Skepticism
 4. Professional Skepticism

An attitude of professional skepticism means the auditor makes a critical

assessment, with a questioning mind, of the validity of audit evidence obtained
and is alert to audit evidence that contradicts or brings into question the reliability
of documents and responses to inquiries and other information obtained from
management and those charged with governance.
 
When making inquiries and performing other audit procedures, the auditor is not
satisfied with less-than-persuasive audit evidence based on a belief that
management and those charged with governance are honest and integrity.
Representations from management are not a substitute for obtaining sufficient
appropriate audit evidence to be able to draw reasonable conclusions on which to
base the auditor’s opinion.
Overall Objectives of the Independent Auditor and the
Conduct of an Audit in Accordance with Philippine
Standards on Auditing (PSA 200)

5.Reasonable Assurance
5.Reasonable Assurance

An auditor conducting an audit in accordance with PSAs obtains reasonable

assurance that the financial taken as a whole are free from material misstatement,
whether due to fraud or error. Reasonable assurance is a concept relating to the
accumulation of the audit evidence necessary for the auditor to conclude that
there are no material misstatements in the financial statements taken as whole.
 
An auditor cannot obtain absolute assurance because there are inherent
limitations in an audit that affect the auditor’s ability to defect material
misstatements. These limitations result from factors such as the following: The
use of testing, the inherent limitations of internal control and the fact that most
audit evidence is persuasive rather than conclusive.
 
Overall Objectives of the Independent Auditor and the
Conduct of an Audit in Accordance with Philippine
Standards on Auditing (PSA 200)

6. Audit Risk and Materiality

6. Audit Risk and Materiality

The auditor obtains and evaluates audit evidence to obtain reasonable

assurance about whether the financial statements give a true and fair view or
are presented fairly, in all material respects, in accordance with the applicable
financial reporting framework. The risk that the auditor expresses an
inappropriate audit opinion when the financial statements are materially
misstated is known as “audit risk”
 
The auditor should plan and perform the audit to reduce audit risk to an
acceptably low level that is consistent with the objective of an audit. Reasonable
assurance is obtained when the auditor has reduced audit risk to an acceptably
low level.
Overall Objectives of the Independent Auditor and the
Conduct of an Audit in Accordance with Philippine
Standards on Auditing (PSA 200)
7. Responsibility for the Financial
Statements
7. Responsibility for the Financial Statements

While the auditor is responsible for forming and expressing an opinion on

the financial statements, the responsibility for the preparation and
presentation of the financial statements in accordance with the applicable
financial reporting framework is that of the management of the entity, with
oversight from those charged with governance. The audit of the financial
statements does not relieve management or those charged with governance
of their responsibilities.
The Risk-Based Audit
Process
The Risk-Based Audit Process

Risk-based audit model is an audit approach that begins with an

assessment of the types and likelihood of misstatement in account balances
and then adjusts the amount and type of audit work to the likelihood of
material misstatement occurring in account balances.
 
In risk-based audit, the audit team views all activities in the organization first
in terms of risks to strategies and objectives, and then in terms of
management’s plans and processes to mitigate the risk. The auditors obtain
an understanding of the client’s objectives. The risks are identified and the
auditors determine how management plans to mitigate the risk and whether
those plans are in place and operating effectively.
Account-based audit
Account-based audit

It is an approach wherein the auditor

obtains an understanding of control and
assesses control risk for particular types of
errors and frauds in specific accounts and
cycle.
 
  
Account-based audit
Under the PSAs which are risk-based, specific audit procedures vary
from one engagement to the next. The following stages are however,
involved in every engagement.

Phase I. Risk Assessment

Phase II. Risk Response

Phase III. Reporting

Phase I. Risk Assessment
ACTIVITY PURPOSE DOCUMENTATION

Perform preliminary Decide whether to Listing of risk factors

engagement accept Independence
activities engagement Engagement letter

Develop an Materiality
overall audit Audit team discussions
Plan the audit strategy and audit Overall audit strategy
plan

Business and fraud risks

Perform risk Identify/assess
including significant risks
assessment RMM through
understanding Design/Implementation of
procedure
the entity relevant internal controls
Assessed RMM at :F/S Level
-Assertion level
Phase II. Risk Response
ACTIVITY PURPOSE DOCUMENTATION

Design overall
Develop Update of overall strategy
responses and further appropriate Overall responses
Audit plan that links assessed
audit procedures responses to the RMM to further audit procedures
assessed RMM

Implement Reduce audit risk Work performed

responses to to an acceptably Audit Findings
assessed RMM low level
Phase III. Reporting
ACTIVITY PURPOSE DOCUMENTATION

New /revised risk factors and

Determine what audit procedures
Evaluate the audit Changes in materiality
evidence obtain
additional audit Communications on audit
work is required? findings
Conclusions on audit procedures
performed
YES
Is
additional
work
required?

NO

Form an opinion Significant decisions

Prepare the Auditor’s
based on audit
report Signed audit opinion
findings
UNDERSTANDING
THE AUDIT RISK
MODEL
 UNDERSTANDING THE
AUDIT RISK MODEL
Audit Risk is the risk that the auditor may give an
unqualified opinion on materially misstated financial
statements.

Engagement Risk deals with whether the auditor wants

to be associated with a particular client including loss of
equation, inability of the client to pay the auditor or
financial loss because management is not honest and
inhibits the audit process.

Business Risk is risk that affects the operations and

potential outcomes of organizational activities.

Financial Reporting Risk relates to the recording of

transactions and the presentation of the financial data in
an organization’s financial statements.
 The following considerations are important in
integrating the concepts of materiality and risk in the
conduct of an audit.
1. Audits involve testing or sampling and thus provide absolute (100%)
assurance that the financial statements are free of material
misstatements without inordinately driving up the cost of audit.
2. Not all clients are worth accepting.
3. Competition for clients among audit firms is high.
4. Auditors should understand society’s expectations of financial
reporting to reduce audit risk to an acceptably low level and
therefore minimize lawsuits that the users may possibly bring forth.
5. Risky areas of a business must be identified by the auditors to
determine which account balances are more prone to material
misstatements, how the misstatements might occur and how a client
might be able to cover them up.
6. Auditors need to develop approaches and methodologies to allocate
overall assessments of materiality to individual account balances
because some account balances may be more important to users.
 Although audit risk is a concept, it is often illustrated using
quantitative examples

 
 
Engagement Risk
High Moderate Low

 Do not Set very low (1%) Set within professional standards
but can be higher than companies
accept with higher engagement risk (5%)
client.  

I. Setting audit risk at 1% is equivalent to performing a statistical test using 99%

confidence level. Audit risk set at 1% implies that the auditor is willing to take a 1%
chance of issuing an unqualified opinion on materially misstated financial statements.
II. Audit risk set at 5% implies that the auditor is willing to take a 5% chance of issuing an
unqualified opinion on materially misstated financial statements.
III. High levels of audit risk are appropriate for clients with lower levels of engagements.
The following general observations are considered to have
influenced the implementation of the audit risk model:
1. The better the company’s internal controls, the lower the
likelihood of material misstatement.
2. Unusual or complex transactions are more likely to be
erroneously recorded than are recruiting or routine
transactions.
3. The amount and persuasiveness of audit evidence gathered
should vary inversely with audit risk; i.e., lower audit risk
requires gathering more persuasive evidence.
 These general premises have been incorporated into an
audit risk (AR) model with three components: inherent risk
(IR), control risk (CR) and detection risk (DR) as follows:
 
AR=IR x CR x DR

Where;

• Inherent risk (IR) is the initial susceptibility of a transaction or

accounting adjustment to be recorded in error, or for the transaction
not to be recorded in the absence of internal controls.
• Control risk (CR) is the risk that the client’s internal control system
will fail to prevent or detect a misstatement.
• Detection risk (DR) is the risk that the audit procedures will fail to
detect a material misstatement.
 ILLUSTRATIVE CASE 1: Quantitative Example of Audit
Risk: High Risk of Material Misstatement

XYZ Mining Corporation, an audit client of Aquino and

Marcos CPA., has many complex transactions and weak
control. The auditors assess both inherent risk and control
risk at their maximum. This implies that the client does not
have effective control (CR) and there is a high risk that the
transaction would be recorded incorrectly (IR). The
auditors believe that engagement risk is high and have set
audit risk at the 0.01 level. This means that the auditors do
not want to take much of a risk that the misstatement goes
undetected in the financial statements.

This illustration therefore yields the instinctive result:

“Poor controls and a high likelihood of misstatement would

lead to extended audit work to maintain audit risk at an
acceptable level.”
ILLUSTRATIVE CASE II: Quantitative Example of Audit
Risk: Low Risk of Material Misstatement

Zoren Trading Corporation is an audit client of Cayetano

and Loren CPAs. Zoren has simple transactions, well-
trained accounting personnel, effective control and no
incentive to misstate the financial statements. The
auditor’s previous audit experience with the client; an
understanding of the client’s internal controls and the
results of preliminary testing this year indicate a low risk of
material misstatement existing in the accounting records.
The auditor assesses inherent risk as low as 50% and
control risk of 20%.
Audit risk is consistent with a low engagement risk of 0.05.

The auditor could therefore design tests of the accounting

records with a lower detection risk, in this situation 50%,
because only minimal substantive tests of account
balances are needed to provide corroborating evidence on
the expectations that the accounts are not materially
misstated
Factors to Consider in
Implementing the
Audit Risk Model
Factors to Consider in Implementing
the Audit Risk Model

01 High-risk activities

02 Existence of large non-routine

transactions

03 Matters requiring judgment or

management intervention

04 Potential for fraud

 Limitations of the Audit Risk Model

 Inherent risk is difficult to formally assess.

-
 The model treats each risk component as separate and independent when
in fact the components are not independent.

 Audit risk is judgmentally determined.

 Audit technology is not so fully developed that each component of the

model can be accurately assessed. 
Thank you