Risk-Based Audit Approach: Key Concepts

Questions and Answers

Which of the following best describes a risk-based audit approach?

• An audit approach which ignores internal controls and focuses solely on substantive testing.
• A method where auditors primarily focus on verifying the accuracy of financial statements without considering potential risks.
• An audit approach that equally distributes audit efforts across all areas, regardless of risk assessment.
• An audit approach that assesses the likelihood of misstatements in financial data and adjusts the audit work accordingly. (correct)

In a risk-based audit approach, which activity aligns with the risk assessment phase?

• Performing preliminary engagement activities to decide whether to accept the audit engagement (correct)
• Implementing responses to reduce audit risk.
• Forming an opinion based on audit findings.
• Designing overall responses to assessed risks.

What is the primary focus when auditors identify a client's strategy as part of a risk-based audit?

• To assess the client's compliance with environmental regulations.
• To determine the marketing strategies employed by the client.
• To understand the client's strategic objectives and the processes used to achieve them. (correct)
• To evaluate the client's investment portfolio and asset allocation.

How does the risk-based audit approach define 'risk'?

The uncertainty about events that could have a material effect on the organization. (D)

Which of the following is a key consideration when evaluating the continuance of a relationship with an existing audit client?

Whether there is a misunderstanding with the client as to the terms of the engagement. (C)

An auditor identifies a potential conflict of interest during the pre-engagement phase. Which action would be most appropriate?

Evaluate compliance with ethical requirements regarding independence. (B)

Which of the following describes 'audit risk'?

The risk that the auditor may issue an unqualified opinion on materially misstated financial statements. (C)

Which of the following best illustrates an activity performed during the 'Risk Response' phase of a risk-based audit?

Performing tests of controls to address specific risks. (B)

A CPA firm accepting association with a client that later causes reputational damage to the firm exemplifies which type of risk?

Engagement Risk (C)

Which type of risk directly relates to the recording of transactions and presentation of data in financial statements?

Financial Reporting Risk (B)

What is the primary purpose of performing preliminary engagement activities in an audit?

To determine if the audit firm can accept or continue the audit engagement. (C)

How do business risks typically manifest within an organization?

As threats to the organization's operations and potential outcomes. (A)

An auditor discovers that the client has not provided all the necessary information requested during the audit. In which phase of the risk-based audit process would this finding most likely necessitate additional work?

Reporting (B)

An auditor identifies a weakness in a client's cash handling procedures, increasing the likelihood of theft. Which type of risk does this primarily relate to?

Financial Reporting Risk (A)

During client selection and retention, which of the following factors would most likely cause an auditor to decline a new engagement or discontinue an existing one?

Disagreement over the applicable financial reporting framework. (C)

In the context of pre-engagement arrangements, what is the key purpose of an engagement letter?

To establish the terms of the audit engagement with the client. (A)

A CPA firm is evaluating whether to accept a new audit engagement. Which of the following factors should the firm assess to ensure they possess the competence to perform the engagement?

Availability of sufficient time and resources, combined with the capabilities to complete the engagement. (B)

Before accepting an audit engagement, a CPA firm must evaluate its ability to comply with relevant ethical requirements. Which situation would create a conflict?

A partner in the firm owns a material amount of stock in the client company. (A)

Management acknowledges and understands its responsibilities related to financial statements. Which responsibility is included?

Preparing financial statements fairly presented in accordance with the applicable financial reporting framework. (A)

Which of the following is not considered a precondition to an audit?

The auditor having complete discretion over the selection and compensation of management. (A)

During an audit, management limits the auditor's access to specific financial records, citing confidentiality concerns. How should the auditor respond?

Consider whether the scope limitation is a precondition that was not met. (C)

Which of the following is the least likely item to be included in an engagement letter?

The auditor's personal investment portfolio. (B)

An auditor is planning the arrangements regarding the planning and performance of the audit. Which of the following factors would be least relevant to consider when determining the scope of the audit?

Audit fees agreed upon with the client. (A)

According to PSA 210, what is the purpose of agreeing to the terms of the audit engagement with the client?

To set standards and provide guidance on agreeing with the client and on lower levels of assurance. (A)

A client requests a change in the terms of the audit engagement to a review engagement, which provides a lower level of assurance. What should the auditor consider first in responding to this request?

The client's motivation for the change and any potential scope limitations. (B)

In which scenario would it be most appropriate for an auditor to send a new engagement letter to a client?

When the client demonstrates a misunderstanding of the audit's objective. (C)

If an auditor concludes that management's integrity is questionable after accepting the engagement, what is the auditor's most appropriate course of action?

Discuss the concerns with the audit committee, and re-evaluate the risks and terms of engagement. (B)

An auditor is planning to use the work of an expert in a specialized field. Which factor is least important to document in the engagement letter?

The expert’s professional certification details. (C)

When auditing a component of a larger entity, what factor least influences whether a separate engagement letter should be sent to the component?

The component's geographical location. (A)

Which of the following is not typically addressed in the engagement letter regarding the risk of undetected misstatements?

A guarantee that no immaterial misstatements will remain undiscovered. (A)

An auditor is taking over an engagement from a predecessor auditor. Which arrangement is most appropriately included in the engagement letter?

Arrangements to be made with the predecessor auditor in the initial audit phase. (D)

If an auditor intends to include a restriction on their liability in the engagement letter, what consideration is most important?

That the restriction is permissible under applicable laws and regulations. (C)

Which scenario would most likely warrant a recurring audit, assuming all other factors remain constant?

A significant change in the ownership of the company. (A)

An auditor is unable to obtain sufficient appropriate audit evidence regarding inventory. Under which condition is it unreasonable for the client to request a change to a review engagement?

Change relates to information that is incorrect, incomplete or otherwise unsatisfactory. (B)

An auditor discovers a material misstatement during an audit but the client refuses to correct it. The client then asks for the engagement to be changed to a compilation engagement. How should the auditor respond?

Refuse the change in engagement because there is no reasonable justification. (C)

Which situation presents a reasonable justification for changing an audit engagement to another type of engagement?

A change in circumstances affects the entity’s requirements. (C)

An auditor and client have agreed to change the terms of the engagement. What primary action should they take?

The auditor and the client should agree on the new terms. (B)

In a changed engagement, what should the auditor not reference in the report issued?

The original engagement. (D)

Following a change in engagement from an audit to agreed-upon procedures, the auditor's report should include reference to which of the following?

The procedures performed. (D)

A company has been acquired by a larger corporation midway through its fiscal year. How should this event influence the decision to conduct a recurring audit?

Increases the necessity, due to the significant change in ownership and potential financial restructuring. (A)

Flashcards

Risk-Based Audit

An audit approach focusing on the likelihood of misstatements in account balances, adjusting audit work accordingly.

Auditor's Risk Assessment

Involves identifying a client's strategy, examining business processes, and assessing risks to meeting goals.

Risk

Uncertainty about events that could materially affect an organization.

Audit Risk

The risk that an auditor gives an unqualified opinion on materially misstated financial statements.

Engagement Risk

Economic risk to a CPA firm due to association with a client, including reputation loss or inability to pay.

Financial Reporting Risk

Risks related to recording transactions and presenting financial data.

Business Risk

Risks that affect organizational operations and potential outcomes.

Critical Risk Components

Components are Engagement Risk, Financial Reporting Risk, and Business Risk.

Phase I of Risk-Based Audit

Preliminary actions to decide whether to accept or continue an audit engagement.

Phase II of Risk-Based Audit

Designing and implementing audit procedures in response to assessed risks.

Phase III of Risk-Based Audit

Reporting audit evidence and forming an opinion.

Pre-engagement Procedures

Procedures conducted before formally starting the audit.

Ethical Compliance Evaluation

Evaluating ethical requirements and independence.

Client Continuance Evaluation

Assessing whether to continue serving an existing client.

Engagement Terms Establishment

Establishing the scope and terms of the audit agreement.

Client Retention Factors

Ensuring independence, integrity, and clear engagement terms.

Engagement Letter

A formal document outlining the objectives, scope, and responsibilities of an audit.

Objective of Audit

Ensuring financial statements are free from material misstatement.

Management's Responsibility

The party responsible for preparing and fairly presenting the financial statements.

Internal Control

The policies and procedures designed to prevent or detect material misstatements.

Scope of the Audit

The procedures necessary to achieve the objective of the audit.

Unavoidable Audit Risk

The risk that some material misstatements may not be detected during the audit.

Unrestricted Access

Auditor should have full access to records, documentation, and information.

Management Representation

A written statement from management confirming representations made during the audit.

Firm Competence

The CPA firm must have the competence, time, and resources to perform the engagement.

Ethical Compliance

The CPA firm must be able to comply with ethical requirements.

Client Integrity

The CPA firm should assess the integrity of the client and ensure no information suggests a lack of integrity.

Internal Control Responsibility

Management acknowledges responsibility for internal controls necessary for preparing financial statements free from material misstatement.

Auditor Access

Management provides access to all relevant information and unrestricted access to persons within the entity.

Engagement Terms

Agreeing on the terms of the engagement with the client and responding to requests to change the engagement terms.

Engagement Agreement

The auditor and client should agree on the terms of the engagement.

Recurring Audits

Audits that occur due to specific events rather than a set schedule, like a recent change in senior management or ownership.

Change in Engagement (Auditor's Perspective)

Evaluating the reasons for a change in audit engagement to ensure they are reasonable and justified.

Reasonable Change in Engagement

Circumstances affecting the entity's requirements or a misunderstanding regarding the originally requested service.

Unreasonable Change Justification

When the change relates to incorrect, incomplete, or unsatisfactory information.

Example of Unreasonable Change

Auditor unable to obtain sufficient audit evidence, leading client to request to change to a review engagement.

Agreement on New Terms

The auditor and client should agree on the new terms of the engagement

Appropriate Report for Revised Terms

The issued report would be appropriate for the revised terms of engagement.

No Reference to Original Engagement

The report shouldn't reference the original engagement; or any procedures performed in the original engagement

Study Notes

• Henly S. Pahilagao, CPA, PHD created an overview of risk-based audit process, auditing and assurance principles

Engagement Overview

• Includes preengagement procedures, audit planning, internal control consideration, substantive procedures, and issue report

Risk-Based Audit Approach

• Begins with assessing the types of likelihood of misstatements in account balance
• Adjusts the amount and type of audit work, to the likelihood of material misstatements occurring in account balances

Auditor Tasks

• Identifying the client's strategy and the process for developing that strategy
• Examining the core business process and resource management
• Identifying for each of the key processes the objectives, inputs, activities, outputs, systems and transactions
• Assessing the risks that the processes will not meet the goals and controls related to those risks

Risk Defined

• Expresses uncertainty about events and/or their outcomes with a material effect on the organization

Four Critical Components of Risk

• Audit Risk is the risk that an auditor may give an unqualified opinion on financial statements that are materially misstated
• Engagement Risk is the economic risk that a CPA firm is exposed to simply because it is associated with a particular client including loss of reputation, inability of the client to pay the auditor, or financial loss because management is not honest and inhibits the audit process
• Financial Reporting Risk relates directly to the recording of transactions and the presentation of financial data in an organization's financial statements
• Business Risk affects the operations and potential outcomes of organizational activities

Risk-Based Audit Process: Phase I-Risk Assessment

• Performance of preliminary engagement activities to decide whether to accept/continue an audit engagement
• Planning the audit to develop an overall audit strategy and audit plan
• Performance of risk assessment procedures to identify/assess risk of material misstatement through understanding the entity

Risk-Based Audit Process: Phase II-Risk Response

• Design overall responses and further audit procedures to the assessed risk of material misstatement
• Implement responses to assessed risk of material misstatement to reduce audit risk to an acceptably low level

Risk-Based Audit Process: Phase III-Reporting

• Report the audit evidence obtained to determine what additional audit work (if any) is required
• Form an opinion based on audit findings and prepare the auditor's report

Conducting an Audit

• Includes pre-engagement based on Philippine Standards on Auditing (PSA) 210 and 220

Pre-engagement Procedures

• Evaluate compliance with ethical requirements based on (PSA 220)
• Evaluate continuance of relationship with existing clients based on (PSA 220)
• Establish the terms of the engagement based on (PSA 210)

Pre-engagement Arrangements

• Encompasses client selection and retention
• Also communication between predecessor and successor auditors
• Requires engagement letters
• The use of staff assignment
• Time budget is also required

Client Selection and Retention Considerations

• An auditor should maintain the necessary independence and ability to perform the engagement
• There are no issues with management integrity that may affect the auditor's willingness to continue the engagement
• There is no misunderstanding with the client as to the terms of the engagement

CPA Firm Assessment

• Must be competent to perform the engagement and has the capabilities including time and resources to do so
• Able to comply with the relevant ethical requirements
• Must consider the integrity of the client and does not have information that would lead to conclude that the client lacks integrity

Preconditions to Audit

• The financial reporting framework to be applied in the financial statements must be acceptable
• Both parties should agree that management acknowledges and understands its responsibility
  • To prepare financial statements in accordance with applicable financial reporting framework including where relevant to their fair presentation
  • To have internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatements whether due to fraud or error
  • The auditor should be provided with access to all information of which management is aware that is relevant to the preparation of financial statements such as records, documentation and other matters
  • Management must grant additional information that the auditor may request for the purpose of the audit
  • Give unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence

Terms of Audit Engagements

• Pertains to Philippine Standard on Auditing 210

Engagement Purpose

• Establishes standards and provide guidance on, agreeing the terms of the engagement with the client, and the auditor's response to a request by a client to change the terms of an engagement to one that provides a lower level of assurance

Engagement Terms

• The auditor and the client should agree on the terms of the engagement
• The agreed terms would need to be recorded in an audit engagement letter or other suitable form of contract

Contents of Engagement Letter/Contract

• The objective of the audit of financial statements
• Management's responsibility for the financial statements
• Management's responsibility for establishing and maintaining effective internal control
• The scope of the audit
• The form of any reports or other communication of results of the engagement
• There is unavoidable risk that even some material misstatement may remain undiscovered
• Unrestricted access to whatever records, documentation and other information requested in connection with the audit

Included Information

• Arrangements regarding the planning and performance of the audit
• Expectation of receiving from management written confirmation concerning representations made in connection with the audit
• Obtaining confirmation of the terms of the engagement by acknowledging receipt of the engagement letter
• A description of any other letters or reports the auditor expects to issue to the client
• The basis of fees and billings arrangements

Relevant Additions

• Arrangements concerning the involvement of other auditors and experts in some aspects of the audit
• Arrangements concerning the involvement of internal auditors and other client staff
• Arrangements to be made with the predecessor auditor, if any, in the case of an initial audit
• Can specify any restriction of the auditor's liability when such possibility exists
• A reference to any further agreements between the auditor and the client

Separate Letter to Components Reflects

• Factors that influence the decision
• Who appoints the auditor of the component
• Whether a separate auditor's report is to be issued on the component
• Includes legal requirements
• The extent of any work performed by other auditors

Recurring Audits

• Factors that may make it appropriate to send a new letter
• Any indication that the client misunderstands the objective and scope of the audit
• Changed or special terms of the engagement
• Recent changes of senior management or those charged with governance
• A significant change in ownership
• Significant change in nature or size of the client's business
• Legal or regulatory requirements

Changes in Engagement

• Consider the reasonableness of basis for requesting a change
• Be wary of any legal or contractual implications of the change
• Audit should not agree to a change of engagement where there is no reasonable justification for doing so

When Changes are Impermissible

• When change relates to information that is incorrect, incomplete or otherwise unsatisfactory, such as when the auditor cannot obtain sufficient appropriate audit evidence regarding receivables and the client asks for the engagement to be changed to a review engagement

When Changes can be Made

• Change in circumstances that affects the entity's requirements
• A misunderstanding concerning the nature of service originally requested

Reaching New Terms Agreement

• If the terms of the engagement are changed, the auditor and the client should agree on it
• The issued report would be that appropriate for the revised terms of engagement

Avoiding Confusion Post-Change in Engagement

• No reference should be made to the original engagement; or any procedures that may have been performed in the original engagement, except where the engagement is changed to an engagement to undertake agreed-upon procedures and thus reference to the procedures performed is a normal part of the report

Disagreement Post-Change Request

• If unable to come to an agreement the auditor should continue with original engagement
• In absence of continuation, the auditor should withdraw and consider whether there is any obligation, either contractual or otherwise, to report to other parties, such as those charged with governance or shareholders, the circumstances necessitating the withdrawal

Description

Explore the risk-based audit approach, covering risk assessment, client strategy identification, and risk response. Identify potential conflicts of interest during the pre-engagement phase. Learn about audit risk and its relation to financial statement presentation.