Risk Assessment and Response to Assessed Risks
Substantive tests should increase
As the acceptable level of detection risk decreases, the assurance directly provided from
nature of tests of controls
As the planned level of assurance increases, the auditor seeks more reliable audit evidence Those controls subject to testing by performing inquiry combined with inspection or reperformance ordinarily provide more assurance than those controls for which the audit evidence consists solely of inquiry and observation. material misstatement detected by the auditor's procedures that was not identified by the entity ordinarily is indicative of the existence of a material weakness in internal control
timing of tests of controls
Audit evidence pertaining only to a point in time may be sufficient for the auditor's purpose, for example, when testing controls over the entity's physical inventory counting at the period end. If the auditor plans to rely on controls that have changed since they were last tested, the auditor should test the operating effectiveness of such controls in the current audit When there are a number of controls for which the auditor determines that it is appropriate to use audit evidence obtained in prior audits, the auditor should test the operating effectiveness of some controls each audit.
good indicator of potential financial failure
Client is constantly short of cash and working capital Client relies heavily on debt financing, especially by financing permanent assets with short-term loans. Client has had increasing net losses for several years.
auditor's understanding of the entity and its environment consists of an understanding of the following aspects
I. Industry, regulatory, and other external factors, including the applicable financial reporting framework. II. Nature of the entity, including the entity's selection and application of accounting policies. III. Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements. IV. Measurement and review of the entity's financial performance. V. Internal control.
distinguishing feature of risk-based auditing
Identifying areas posing the highest risk of financial statement errors. Analysis of internal control. Concentrating audit resources in those areas presenting the highest risk of financial statement errors.
inverse
If individual audit risk remains the same, detection risk bears _________relationship to inherent and control risks. The greater the inherent and control risks the auditor believes exists, the less detection risk that can be accepted. The auditor might make separate or combined assessments of inherent risk and control risk
main purpose of risk assessment procedures
Obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and assertion levels
risks of material misstatement
Pending litigation and contingent liabilities. Application of new accounting pronouncements. Entities or business segments likely to be sold. Constraints on the availability of capital and credit.
The auditor's assessment of the identified risks at the assertion level provides a basis for considering the appropriate audit approach for designing and performing further audit procedures
The auditor may determine that only by performing tests of controls may the auditor achieve an effective response to the assessed risk of material misstatement for a particular assertion. The auditor may determine that performing only substantive procedures is appropriate for specific assertions and, therefore, the auditor excludes the effect of controls from the relevant risk assessment. The auditor needs to be satisfied that performing only substantive procedures for the relevant assertion would be effective in reducing the risk of material misstatement to an acceptably low level.
PSA 315 requires
The auditor to obtain an understanding of the entity and its environment, including its internal control. Discussion among the engagement team about the susceptibility of the entity's financial statements to material misstatement. The auditor to identify and assess the risks of material misstatement at the financial statement and assertion levels.
A potential business risk created by industry developments may most likely include
The entity does not have the personnel or expertise to deal with the changes in the industry.
. Nature of an entity
The entity's operations, its ownership and governance, the types of investments that it is making and plans to make, the way that the entity is structured and how it is financed.
PSA 315
The requirements and guidance of this PSA are to be applied in conjunction with the requirements and guidance provided in other PSAs The purpose of this PSA is to establish standards and to provide guidance on obtaining an understanding of the entity and its environment, including its internal control, and on assessing the risks of material misstatement in a financial statement audit.
Qualified or disclaimer of opinion
When the auditor determines that detection risk regarding a financial statement assertion for a material account balance or class of transactions cannot be reduced to an acceptable level, the auditor should express
it affects the level of detection risk the auditor may accept.
Why would the auditor assess control risk?
medium
acceptable level of detection risk if the assessed level of Inherent risk is High and the Control risk is Low?
Modify the nature of audit procedures to obtain more persuasive audit evidence
assessment of the risks of material misstatement at the financial statement level is affected by the auditor's understanding of the control environment. Weaknesses in the control environment ordinarily will lead the auditor to
substantive procedures
audit procedures related to the financial statement closing process: I. Agreeing the financial statements to the underlying accounting records. II. Examining material journal entries and other adjustments made during the course of preparing the financial statements.
AR = IR x CR x DR
audit risk model DR - dependent variable
nature timing extent
auditor should design and perform further audit procedures whose _________ are responsive to the assessed risks of material misstatement at the assertion level.
significant risks that require special audit consideration
auditor should determine which of the risks identified are, in the auditor's judgment, risks that require special audit consideration. auditor excludes the effect of identified controls related to the risk to determine whether the nature of the risk, the likely magnitude of the potential misstatement including the possibility that the risk may give rise to multiple misstatements, and the likelihood of the risk occurring are such that they require special audit consideration. often derived from business risks that may result in a material misstatement.
inherent control
differ from detection risk: Exist independently of the financial statement audit. Functions of the client and its environment while detection risk is not.
detection risk
function of the effectiveness of an auditing procedure and its application. arises partly from uncertainties that exists when the auditor does not examine 100 percent of the population. arises partly because of other uncertainties that exist even if the auditor were to examine 100 percent of the population
extent of further audit procedures
includes the quantity of a specific audit procedure to be performed. determined by the judgment of the auditor after considering the materiality, the assessed risk, and the degree of assurance the auditor plans to obtain. increasing it is effective only if the audit procedure itself is relevant to the specific risk
analytical procedures
may be helpful in identifying the existence of unusual transactions or events, and amounts, ratios, and trends that might indicate matters that have financial statement and audit implications. In performing this as risk assessment procedures, the auditor develops expectations about plausible relationships that are reasonably expected to exist. When comparison of those expectations with recorded amounts or ratios developed from recorded amounts yields unusual or unexpected relationships, the auditor considers those results in identifying risks of material misstatement.
business risks
may have an immediate consequence for the risk of misstatement for classes of transactions, account balances, and disclosures at the assertion level or the financial statements as a whole.
discussion among the engagement team about the susceptibility of the entity's financial statements to material misstatements
members of the engagement team should discuss the susceptibility of the entity's financial statements to material misstatements. The objective of this discussion is to gain a better understanding of the potential for material misstatements of the financial statements resulting from fraud or error in the specific areas assigned to them, and to understand how the results of the audit procedures that they perform may affect other aspects of the audit. provides an opportunity for more experienced engagement team members, including the engagement partner, to share their insights based on their knowledge of the entity, and for the team members to exchange information about the business risks.
nature of the audit procedures
most important consideration in responding to the assessed risks
nature, timing & extent of substantive procedures
nature, timing and extent of substantive procedures Tests of details are ordinarily more appropriate to obtain audit evidence regarding certain assertions about account balances, including existence and valuation greater the risk of material misstatement, the greater the extent of substantive procedures.
substantive procedures
performed in order to detect material misstatements at the assertion level, and include tests of details of classes of transactions, account balances, and disclosures and substantive analytical procedures. When the auditor has determined that an assessed risk of material misstatement at the assertion level is a significant risk, the auditor should perform substantive procedures that are specifically responsive to that risk. In order to obtain sufficient appropriate audit evidence, the substantive procedures related to significant risks are most often designed to obtain audit evidence with high reliability
nature of further audit procedures
refers to their purpose and their type Certain audit procedures may be more appropriate for some assertions than others auditor is required to obtain audit evidence about the accuracy and completeness of information produced by the entity's information system when that information is used in performing audit procedures
timing of further audit procedures
refers to when audit procedures are performed or the period or date to which the audit evidence applies auditor may perform tests of controls or substantive procedures at an interim date or at period end. If the auditor performs tests of controls or substantive procedures prior to period end, the auditor considers the additional evidence required for the remaining period.
tests of controls
required when an entity conducts its business using IT and no documentation of transactions is produced or maintained, other than through the IT system performed only on those controls that the auditor has determined are suitably designed to prevent, or detect and correct, a material misstatement in an assertion.
Inquiries of management and others within the entity. Analytical procedures Observation and inspection
risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control,
audit risk
risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated.
extent of tests of controls
to obtain sufficient appropriate audit evidence that the controls operated effectively throughout the period of reliance If the rate of expected deviation is expected to be too high, the auditor may determine that tests of controls for a particular assertion may not be effective. Because of the inherent consistency of IT processing, the auditor may not need to increase the extent of testing of an automated control.
PSA 330 requires
to: Determine overall responses to address risks of material misstatement at the financial statement level. Design and perform further audit procedures, including tests of the operating effectiveness of controls, when relevant or required, and substantive procedures, whose nature, timing, and extent are responsive to the assessed risks of material misstatement at the assertion level. Evaluate whether the risk assessment remain appropriate and to conclude whether sufficient appropriate audit evidence has been obtained.