Understanding Audit Risk Assessment Process

Slide Note
Embed
Share

Learn about the audit risk assessment process, including objectives, risk assessment techniques, and the PPC audit approach. Understand preliminary engagement activities, client acceptance/continuance considerations, and important documentation. Explore how to assess risks of material misstatement and develop responses, as well as perform further audit procedures and evaluate findings. Enhance your understanding of identifying and assessing risks, concentrating audit effort in high-risk areas, and issuing reports and communications.


Uploaded on Sep 20, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Understanding Audit Risk Assessment

  2. Objectives of This Course: Outline the PPC audit risk assessment process Understand how to use PPC practice aids to perform and document risk assessment

  3. What is Risk Assessment? Risk Assessment Obtain an understanding of the client, including internal control Identify and assess risks of material misstatement of the financial statements, whether due to error or fraud Evaluate both overall risks and risks that affect only specific assertions Audit Procedures Concentrate audit effort in high risk areas Inherent risk Control risk Perform less extensive procedures in low risk areas Linkage

  4. PPC Audit Approach Step Description Perform Preliminary Engagement Activities Client acceptance/continuance Establish an understanding with the client in an engagement letter 1 Perform Planning and Risk Assessment Procedures Hold an engagement team discussion Determine materiality Perform risk assessment procedures Understand the entity and its environment, including internal control Perform a retrospective review of accounting estimates 2 Assess Risks and Develop Responses Assess risks at the financial statement level Develop the overall audit strategy Assess risks at the relevant assertion level Develop the detailed audit plan 3 Perform Further Audit Procedures Tests of controls Substantive procedures 4 Evaluate Audit Findings 5 Issue Reports and Communications 6

  5. Preliminary Engagement Activities Client acceptance/continuance Establish an understanding with the client

  6. Client Acceptance/Continuance Consider: Nature and purpose of engagement Preconditions for an audit Client s reputation, integrity, and competence Communication with predecessor Compliance with ethical requirements, including independence Adequacy of accounting records Firm resources and competence Engagement economics Other risk concerns Document CX-1.1: Engagement Acceptance and Continuance Form CX-1.2: Engagement Independence Compliance and Nonattest Services Documentation Form CX-7.1: Risk Assessment Summary Form (if risks are identified)

  7. Establish an Understanding with the Client Establish an understanding about: Objectives of the engagement Auditor s services to be performed, including nonattest services Management s responsibilities Auditor s responsibilities Limitations of the engagement Communicate the understanding in a written engagement letter CL-1.1: Audit Engagement Letter

  8. Planning and Risk Assessment Procedures Hold an engagement team discussion Determine materiality Perform risk assessment procedures Understand the entity and its environment, including internal control Perform a retrospective review of accounting estimates

  9. Engagement Team Discussion Susceptibility of the financial statements to material misstatement, including material misstatement due to fraud or error that could result from the related party relationships Application of GAAP to the entity s facts and circumstances in light of its accounting policies Fraud-related matters Include: Critical issues and areas of significant audit risk Areas susceptible to management override of controls Unusual accounting practices Important control systems Significant IT applications and how IT may affect the audit Materiality considerations Need to exercise professional skepticism Business risks

  10. Engagement Team Discussion (cont.) Attendance: Engagement partner Key members of engagement team Document: How and when the discussion occurred, who participated, and decisions about planned responses CX-3.2: Engagement Team Discussion CX-7.1: Risk Assessment Summary Form (if risks are identified)

  11. Materiality Materiality for the financial statements as a whole Materiality for particular items of lesser amounts Performance materiality Component materiality (group audits only)

  12. Materiality (cont.) Apply professional judgment Consider decisions that users make Use appropriate benchmarks, such as % of assets or revenue Re-evaluate materiality as the audit progresses. If lower, reconsider: Level of performance materiality Adequacy of procedures

  13. Materiality (cont) Document: Materiality at the financial statement level If applicable, materiality level(s) for particular transaction classes, account balances, or disclosures Performance materiality Factors considered in their determination Any revisions made during the audit The amount below which misstatements would be considered clearly trivial CX-2: Financial Statement Materiality Worksheet for Planning Purposes CX-3.5: Analysis of Group Components and Determination of Component Materiality

  14. Risk Assessment Two categories of audit procedures: Risk assessment procedures Further audit procedures Risk Assessment Procedures Both Provide Audit Evidence Further Audit Procedures

  15. Risk Assessment Procedures Diagram Observation and Inspection Analytical Procedures Inquiry Risk Assessment Procedures

  16. Risk Assessment Procedures (cont) Performed to obtain an understanding of the entity and its environment, including internal control, for the purpose of assessing risks All of the procedures should be performed Inquiry alone is not sufficient to understand internal control Provide audit evidence

  17. Inquiries Management Internal audit (if such a function exists) Other employees External parties (maybe)

  18. Required Inquiries Inquire about: Entity and its environment Fraud-related matters Related parties Accounting estimates Compliance with laws and regulations Service organizations Document the inquiries: CX-3.3, Fraud Risk Inquiries Form CX-7.1, Risk Assessment Summary Form (if risks are identified)

  19. Observation and Inspection Inspect documents and records Read management and internal reports and minutes Read external information Visit premises and plant facilities Trace transactions through the system (walkthroughs)

  20. Analytical Procedures Preliminary analytical procedures Analytical procedures related to revenue required by AU-C 240 To enhance understanding of the business and identify potential risk areas Documented by completing a step on AP-1: Audit Program for General Planning Procedures Add risks to CX-7.1: Risk Assessment Summary Form

  21. Risk Assessment Procedures Document the procedures performed AU-C 230 provides guidance on documenting procedures For inquiries, document the date, name, and title of individual, inquiry, and response For observation, document what was observed, where, when, and entity personnel involved For inspection, document the identifying characteristics, for example, document name or number and date

  22. Understanding the Entity and Its Environment Perform risk assessment procedures (inquiry, analytics, observation, and inspection) to gather information about: Industry, regulatory, and other external factors Nature of the entity Objectives, strategies, and related business risks Measurement and review of the entity s financial performance Selection and application of accounting policies Internal control

  23. Understanding the Entity and Its Environment (cont) Obtain an understanding of the client s selection and application of accounting policies Are accounting policies appropriate for the entity and consistent with the industry? Are there any changes in accounting policies? 23

  24. Understanding the Entity and Its Environment (cont.) Consider the presence of fraud risk factors Update information obtained in prior years by performing risk assessment procedures to determine if the information has changed

  25. Using the PPC Approach CX-3.1: Understanding the Entity and Identifying Risks Key elements of the understanding The consideration of fraud risk factors Sources of information Risk assessment procedures performed CX-7.1: Risk Assessment Summary Form CX-6.1: Entity Risk Factors and CX-6.2: Fraud Risk Factors (memory joggers) 25

  26. Understanding Internal Control Diagram Control Environment Risk Assessment Information and Communication Monitoring Control Activities 26

  27. Understanding Internal Control Understand design and implementation Perform inquiry, observation, and inspection Inquiry alone is not sufficient to understand the design and implementation of controls 27

  28. Understanding Internal Control (cont.) Evaluate the design and implementation of controls Related to significant risks Related to risks that cannot be tested effectively using substantive procedures alone Understand How the incorrect processing of transactions is resolved How detail is reconciled to the general ledger for material accounts 28

  29. Understanding Internal Control (cont) Document the following: Understanding of internal control components Sources of information Procedures performed Controls evaluated related to significant risks and risks for which substantive procedures alone are not effective

  30. The PPC Approach Entity-level controls Control environment Risk assessment Information and communication Monitoring Activity-level controls Financial reporting system Control activities IT environment and general IT controls

  31. Using the PPC Approach (cont) CX-4.1: Understanding the Design and Implementation of Internal Control Evaluate entity-level controls Identify significant transaction classes CX-4.2.1: Financial Reporting System Documentation Form Significant Transaction Classes Document the processing of transactions for each significant transaction class Document the financial close and reporting process

  32. Using the PPC Approach (cont) CX-4.2.2: Financial Reporting System Documentation Form IT Environment and General IT Controls Understand the effect of IT CX-4.3.1: Walkthrough Documentation Memo or CX-4.3.2: Walkthrough Documentation Table For each walkthrough CX-5: Activity and Entity-level Control Forms (optional)

  33. Identifying Significant Transaction Classes Transaction classes that present a reasonable possibility of material misstatement of the financial statements or disclosures based on: Volume of activity Size and composition of accounts Types of transactions Presence of fraud risks or other significant risks Changes from the prior period

  34. Understanding Significant Transaction Classes How are transactions initiated and authorized? How are transactions recorded, processed, and corrected? How are transactions transferred to the general ledger and reconciled? What reports are generated and how are they used?

  35. Understanding Significant Transaction Classes (cont) Consider control objectives: Completeness: All transactions are recorded Occurrence: All recorded transactions occurred and pertain to the entity Accuracy: Transactions are recorded in the proper amount Classification: Transactions are recorded in the proper account Cutoff: Transactions are recorded in the proper period

  36. Documenting Significant Transaction Classes Narrative description Focus on key controls and control objectives related to identified risks How are control objectives achieved? What controls are in place to address significant or fraud risks? Are controls properly designed and implemented?

  37. Performing Walkthroughs Select one or a few transactions Trace from initial creation of the source document to final posting in the general ledger Inspect documents and records used in processing, make inquiries, and observe procedures being performed

  38. Retrospective Review of Accounting Estimates Performed to evaluate: Effectiveness of management s estimation process Information relevant to current year estimates The need for disclosure The existence of possible management bias AP-1: Audit Program for General Planning Procedures

  39. Assessing Risks and Developing Responses Assess risks at the financial statement level Develop the overall audit strategy Assess risks at the relevant assertion level Develop the detailed audit plan

  40. Assess Risks at the Financial Statement Level Identify risks that are pervasive to the financial statements and potentially affect many assertions Assess the risk of material misstatement at the financial statement level Develop overall responses Document the risk assessment and the responses CX-7.1: Risk Assessment Summary Form (Part I) 40

  41. Develop the Overall Audit Strategy Characteristics of the engagement that define its scope Reporting objectives of the engagement Important factors that determine audit focus Resources needed to perform the audit 41

  42. Factors That Determine Audit Focus Materiality levels Assessed risk of material misstatement at financial statement level Preliminary identification of high risk audit areas Whether you plan to test controls Level of client assistance 42

  43. Assess Risks at the Relevant Assertion Level Identify risks of material misstatement (due to error or fraud) for specific Account balances Transaction classes Disclosures Consider what can go wrong at the relevant assertion level 43

  44. Assess Risks at the Relevant Assertion Level Diagram Rights or Obligations Valuation or Allocation Accuracy or Classification Completeness Account Balances, Transaction Classes, Disclosures Existence or Occurrence Cutoff 44

  45. Assess Risks at the Relevant Assertion Level (cont) Assessing risks at the assertion level Are the risks of a magnitude that could result in material misstatement? What is the likelihood that the risks could result in material misstatement? Likelihood is a function of: Inherent risk Control risk Need a basis for the assessment 45

  46. Assess Risks at the Relevant Assertion Level (cont..) Identify significant risks that require special audit consideration Fraud risks Other significant risks Significant risks often relate to: Significant economic, accounting, or other developments Complex, nonroutine, or judgmental matters Transactions with related parties 46

  47. Assess Risks at the Relevant Assertion Level (cont ) Identify risks for which substantive procedures alone are not adequate Revise the risk assessment and reconsider planned audit procedures if audit evidence contradicts the original risk assessment

  48. Assess Risks Document the following: Risk assessment at the relevant assertion level Basis for the assessment Significant risks Risks for which substantive procedures alone are not adequate CX-7.1: Risk Assessment Summary Form (Part II) 48

  49. The Detailed Audit Plan The nature, timing, and extent of further audit procedures to respond to the risk assessment (i.e., the audit program) Provides linkage between the risk assessment and the responses at the assertion level 49

  50. Tailoring the PPC Audit Programs No audit program Used for insignificant audit areas with low RMM Limited Primarily substantive analytics Some tests of details (required by GAAS) Basic Basic + Extended Tests of details and extended analytics For audit areas or assertions with higher risk

Related


More Related Content