PDF Overview of a Risk-Based Audit Process

Summary

This document provides an overview of the risk-based audit process authored by Henly S. Pahilagao. It covers various aspects of conducting an audit, including pre-engagement procedures, engagement arrangements, and client selection. The document emphasizes risk assessment, identifying the importance of auditing and assurance within the audit process.

Full Transcript

OVERVIEW OF RISK-
BASED
AUDIT PROCESS

AUDITING AND ASSURANCE
PRINCIPLES

HENLY S. PAHILAGAO, CPA,
PHD
Engagement Overview

PREENGAGEME INTERNAL
AUDIT SUBSTANTIV
NT CONTROL ISSUE
PLANNING E
PROCEDURES CONSIDERATI REPORT
PROCEDURES
ON
 An audit approach that begins with an
assessment of the types of likelihood of
Risk-Based misstatements in account balance and
then adjusts the amount and type of audit
Audit Approach work, to the likelihood of material
misstatements occuring in account
balances.`
 Identification of the client’s strategy and the
process for developing that strategy.

Examination of the core business process
The auditors and resource management
perform the
following: Identification for each of the key processes
the objectives, inputs, activities, outputs,
systems and transactions.

Assessment of the risks that the processes
will not meet the goals and controls related to
those risks.
 Risk is a concept used to express
Meaning of uncertainty about events and/or their
Risk outcomes that could have a material effect
on the organization.
 Audit Risk- risk that an auditor may give an
unqualified opinion on financial statements that
are materially misstated.

Four Critical
Components of
Risk
Engagement Risk- the economic risk that a
CPA firm is exposed to simply because it is
associated with a particular client including loss
of reputation, inability of the client to pay the
auditor, or financial loss because management
is not honest and inhibits the audit process.
 Financial Reporting Risk- those risk that
relate directly to the recording of
transactions and the presentation of
financial data in an organization’s
financial statements.
Four Critical
Components of
Risk
Business Risk – those risk that affect
the operations and potential outcomes
of organizational activities.
 Phase I –Risk Assessment

Performance of preliminary engagement
activities to decide whether to
The Risk – accept/continue an audit engagement.
Based Audit
Process Planning the audit to develop an overall
audit strategy and audit plan.

Performance of risk assessment
procedures to identify/assess risk of
material misstatement through
understanding the entity.
 Phase II –Risk Response

The Risk – Designing overall responses and
Based Audit further audit procedures to the
assessed risk of material
Process misstatement.
Implementing responses to
assessed risk of material
misstatement to reduce audit risk to
an acceptably low level.
 Phase III –Reporting
1.Reporting the audit evidence obtained to
The Risk – determine what additional audit work (if
Based Audit any) is required.

Process 2.Forming an opinion based on audit
findings and preparing the auditor’s report
CONDUCTING AN AUDIT OF FINANCIAL
STATEMENTS

Pre-engagement (PSA
210 and 220)
 Evaluate compliance with ethical
requirements (PSA 220)

Pre- Evaluate continuance of
engagement relationship with existing clients
Procedures (PSA 220)

Establish the terms of the
engagement (PSA 210)
 Client selection and retention

Communication between predecessor and
successor auditors

Pre-
engagement Engagement letters

Arrangements
Staff assignment

Time budget
 The auditor maintains the necessary
independence and ability to perform
the engagement.
There are no issues with
management integrity that may affect
the auditor’s willingness to continue
Client Selection the engagement.
and Retention There is no misunderstanding with
the client as to the terms of the
engagement.
 It is competent to perform the
engagement and has the
capabilities including time and
resources to do so

CPA Firm shall
assess Can comply with the relevant
ethical requirements and
whether

Has considered the integrity of the
client and does not have
information that would lead it to
conclude that the client lacks
integrity
 Whether the financial reporting framework to
be applied in the financial statements are
acceptable
Agreement of management that it
acknowledges and understands its
responsibility.
Preconditions Preparation of financial statements in accordance with
applicable financial reporting framework including
to Audit where relevant to their fair presentation.
Internal control as management determines is
necessary to enable the preparation of financial
statements that are free from material misstatements
whether due to fraud or error, and

`
 To provide the auditor with;
Access to all information of
which management is aware
that is relevant to the
preparation of financial
statements such as records,
documentation and other
matters
Preconditions Additional information that the
auditor may request from
to Audit management for the purpose of
the audit; and
Unrestricted access to persons
within the entity from whom the
auditor determines it necessary
to obtain audit evidence`
Terms of Audit
Engagements
PHILIPPINE STANDARD ON
AUDITING 210
 To establish standards and provide
guidance on:

Purpose Agreeing the terms of the
engagement with the client; and

The auditor’s response to a request
by a client to change the terms of
an engagement to one that
provides a lower level of
assurance.
 The auditor and the client
should agree on the terms of
the engagement.

Terms of The agreed terms would need to
be recorded in an audit
Engagement engagement letter or

other suitable form of contract.
 The objective of the audit of financial statements;

Management’s responsibility for the financial statements;

Principal Management’s responsibility for establishing and maintaining
effective internal control;
Contents of
Engagement The scope of the audit;

Letter/Contrac The form of any reports or other communication of results of the
t engagement;

unavoidable risk that even some material misstatement may
remain undiscovered; and

Unrestricted access to whatever records, documentation and
other information requested in connection with the audit.
 Arrangements regarding the planning and performance of
the audit.

Expectation of receiving from management written
confirmation concerning representations made in
connection with the audit.
Other
Request for the client to confirm the terms of the
information to engagement by acknowledging receipt of the engagement
letter.
be included
Description of any other letters or reports the auditor
expects to issue to the client.

Basis on which fees are computed and any billing
arrangements.
 Arrangements concerning the involvement of
other auditors and experts in some aspects of
the audit.
Arrangements concerning the involvement of
internal auditors and other client staff.

To be added, Arrangements to be made with the predecessor
auditor, if any, in the case of an initial audit.
when relevant
Any restriction of the auditor’s liability when
such possibility exists.

A reference to any further agreements between
the auditor and the client.
 Factors that influence the decision

Who appoints the auditor of the component.

Separate letter Whether a separate auditor’s report is to be issued
to Components on the component.

Legal requirements.

The extent of any work performed by other
auditors.
 Factors that may make it appropriate to send a new
letter:
Any indication that the client misunderstands the
objective and scope of the audit.
Any revised or special terms of the engagement.

Recurring A recent change of senior management or those
Audits charged with governance.
A significant change in ownership.

A significant change in nature or size of the client’s
business.
Legal or regulatory requirements.
 Consider

Change in Reasonableness of basis for
Engagement requesting a change

Legal or The auditor should
not agree to a
change of
contractual engagement where
there is no
implications of the reasonable
justification for
change. doing so.
 change relates to information that is
incorrect, incomplete or otherwise
unsatisfactory.
Change is not
reasonable
when.. E.g. The auditor is unable to obtain
sufficient appropriate audit evidence
regarding receivables and the client
asks for the engagement to be changed
to a review engagement.
 A change in
circumstances that
affects the entity’s
Change is
reasonable
requirements or
when… A misunderstanding
concerning the nature of
service originally
requested
 Where the terms of the
engagement are
changed, the auditor and
When there is the client should agree
reasonable on the new terms.
justification the report issued would be
that appropriate for the
revised terms of
engagement.
 No reference is made to:

To avoid
The original engagement; or
confusion

Any procedures except where the
engagement is changed
that may have been to an engagement to
undertake agreed-upon
performed in the procedures and thus
reference to the
original procedures performed is
a normal part of the
engagement, report.
 The auditor should continue with original
engagement

If unable to If not allowed to continue…
agree to a withdraw and consider whether there is
change in any obligation, either contractual or
otherwise, to report to other parties, such
engagement as those charged with governance or
shareholders, the circumstances
necessitating the withdrawal