AT

avatar
Created by
Dina Dalde

Cards (217)

  • Risk assessment procedures
    Audit procedures designed and performed to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels
  • The auditor shall design and perform risk assessment procedures to obtain audit evidence that provides an appropriate basis for:
    a. The identification and assessment of risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels.
    b. The design of further audit procedures.
  • The auditor shall design and perform risk assessment procedures in a manner that is not biased towards obtaining audit evidence that may be corroborative or towards excluding audit evidence that may be contradictory.
  • Risk assessment procedures
    • Inquiries of management and of other appropriate individuals within the entity, including individuals within the internal audit function (if the function exists)
    • Analytical procedures
    • Observation and inspection
  • Risk assessment procedures alone cannot provide the auditor with sufficient appropriate audit evidence to serve as basis in forming an audit opinion.
  • Audit evidence obtained that supports the identification and assessment of risks of material misstatement may also support the detection of misstatements at the assertion level or the evaluation of the operating effectiveness of controls.
  • Inquiries of management and others within the entity
    Information obtained by the auditor to support an appropriate basis for the identification and assessment of risks, and the design of further audit procedures
  • Individuals that inquiries may be directed towards
    • Management and those responsible for financial reporting
    • Those charged with governance
    • Employees responsible for initiating, processing or recording complex or unusual transactions
    • In-house legal counsel
    • Marketing or sales personnel
    • Risk management function
    • IT personnel
    • Internal audit function
  • Analytical procedures
    Help identify inconsistencies, unusual transactions or events, and amounts, ratios, and trends that indicate matters that may have audit implications
  • Stages where analytical procedures may be performed
    • Planning stage, as a risk assessment procedure
    • Testing stage, as part of substantive procedure
    • Completion or overall review stage
  • Analytical procedures are required to be performed by the auditor as a risk assessment procedure and at the completion stage of the audit.
  • Analytical procedures performed as risk assessment procedures
    • May assist in identifying and assessing the risks of material misstatement by identifying aspects of the entity of which the auditor was unaware or understanding how inherent risk factors, such as change, affect susceptibility of assertions to misstatement
    • May assist the auditor is understanding the client's business
    • May include both financial and non-financial information
    • May use data aggregated at a high level
  • Observation and inspection
    May support, corroborate or contradict inquiries of management and others, and may also provide information about the entity and its environment
  • Examples of what risk assessment procedures may include observation or inspection of
    • The entity's operations
    • Internal documents (such as business plans and strategies), records, and internal control manuals
    • Reports prepared by management and those charged with governance
    • The entity's premises and plant facilities
    • Information obtained from external sources
    • The behaviors and actions of management or those charged with governance
  • Information from other sources
    May be relevant to the identification and assessment of the risks of material misstatement by providing information and insights about the nature of the entity and its business risks, the integrity and ethical values of management and those charged with governance, and the applicable financial reporting framework and its application
  • Other relevant sources of information
    • The auditor's procedures regarding acceptance or continuance of the client relationship or the audit engagement
    • Other engagements performed for the entity by the engagement partner
    • The auditor's previous experience with the entity and from audit procedures performed in previous audits
  • Engagement team discussion
    Provides an opportunity for more experienced engagement team members to share insights, allows the team to exchange information about business risks and susceptibility to misstatement, assists team members in further considering contradictory information, and provides a basis for communicating and sharing new information obtained throughout the audit
  • The engagement team discussion should place particular emphasis on how and where the entity's financial statements may be susceptible to material misstatement due to fraud, including how fraud may occur.
  • When the engagement is carried out by a single individual, engagement team discussion would not be possible.
  • When an engagement is carried out by a large engagement team, such as for an audit of group financial statements, it is not always necessary or practical for the discussion to include all members in a single discussion.
  • Matters the engagement team may discuss regarding disclosures
    • Changes in financial reporting requirements that may result in significant new or revised disclosures
    • Changes in the entity's environment, financial condition or activities that may result in significant new or revised disclosures
    • Disclosures for which obtaining sufficient appropriate audit evidence may have been difficult in the past
    • Disclosures about complex matters, including those involving significant management judgment as to what information to disclose
  • Understanding the entity and its environment, the applicable financial reporting framework, and the entity's system of internal control
    A dynamic and iterative process of gathering, updating and analyzing information that continues throughout the audit
  • The auditor's understanding of the entity and its environment and the applicable financial reporting framework may assist the auditor in developing initial expectations about the classes of transactions, account balances and disclosures that may be significant.
  • The auditor's understanding of the entity and its environment, and the applicable financial reporting framework, assists the auditor in understanding the events and conditions that are relevant to the entity, and in identifying how inherent risk factors affect the susceptibility of assertions to misstatement.
  • Factors that affect the nature and extent of the required understanding
    • The size and complexity of the entity, including its IT environment
    • The auditor's previous experience with the entity
    • The nature of the entity's systems and processes, including whether they are formalized or not
    • The nature and form of the entity's documentation
  • The depth of the understanding that is required by the auditor is expected to be less than that possessed by management.
  • Inherent risk factors
    Characteristics that may affect the susceptibility of assertions about classes of transactions, account balances or disclosures to misstatement
  • Inherent risk factors
    • Complexity
    • Subjectivity
    • Change
    • Uncertainty
    • Susceptibility to misstatement due to management bias or other fraud risk factors
  • Inherent risk factors may affect susceptibility of assertions to misstatement by influencing the likelihood of occurrence of a misstatement or the magnitude of the misstatement if it were to occur
  • Understanding how inherent risk factors affect the susceptibility of assertions to misstatement may assist the auditor with a preliminary understanding of the likelihood or magnitude of misstatements, which assists the auditor in identifying risks of material misstatement at the assertion level
  • Understanding the degree to which inherent risk factors affect susceptibility of assertions to misstatement also assists the auditor in assessing the likelihood and magnitude of a possible misstatement when assessing inherent risk
  • The auditor's identification of risks of material misstatement at the assertion level and assessment of inherent risk may also be influenced by audit evidence obtained by the auditor in performing other risk assessment procedures, further audit procedures or in fulfilling other requirements in the PSAs
  • The extent of susceptibility to misstatement of a class of transactions, account balance or disclosure arising from complexity or subjectivity is often closely related to the extent to which it is subject to change or uncertainty
  • The greater the extent to which a class of transactions, account balance or disclosure is susceptible to misstatement because of complexity or subjectivity, the greater the likelihood or magnitude of misstatement
  • Inherent risk factors relating to the preparation of information required by the applicable financial reporting framework
    • Complexity
    • Subjectivity
    • Change
    • Uncertainty
    • Susceptibility to misstatement due to management bias or other fraud risk factors insofar as they affect inherent risk
  • The greater the extent to which a class of transactions, account balance or disclosure is susceptible to misstatement because of complexity or subjectivity, the greater the need for the auditor to apply professional skepticism
  • When a class of transactions, account balance or disclosure is susceptible to misstatement because of complexity, subjectivity, change or uncertainty, these inherent risk factors may create opportunity for management bias, whether unintentional or intentional, and affect susceptibility to misstatement due to management bias
  • The auditor's identification of risks of material misstatement, and assessment of inherent risk at the assertion level, are also affected by the interrelationships among inherent risk factors
  • Events or conditions that may affect susceptibility to misstatement due to management bias may also affect susceptibility to misstatement due to other fraud risk factors
  • This may be relevant information for use, which requires the auditor to evaluate whether the information obtained from the other risk assessment procedures and related activities indicates that one or more fraud risk factors are present