CHAPTER 10: UNDERSTANDING THE PSA 300 par 8

ENTITY AND ITS ENVIRONMENT The auditor shall develop an Audit

Plan that shall include a description
ISA 315 - UNDERSTANDING THE of:
ENTITY AND ITS ENVIRONMNET AND
The Nature, Timing and Extent of
ASSESSING THE RISKS OF MATERIAL
Planned Risk Assessment
MISSTATEMENT Procedures, as determined under
PSA 315, "Identifying and Assessing
THE RISK-BASED AUDIT PROESS the Risks of Material Misstatements
PHASE 1 - RISK ASSESMENT Through Understanding the Entity
Preliminary engagement activities and its Environment"
to decide whether to accept or
continue an audit engagement PSA 315 (Redrafted)
IDENTIFYING AND ASSESSING THE RISKS
Planning the audit for overall OF MATERIAL MISSTATEMENT THROUGH
strategy and audit plan UNDERSTANDING THE ENTITY AND ITS
development ENVIRONMENT

Risk assessment procedures to (effective for audits of financial

identify and assess risk of material statements for periods beginning
misstatement through on or after December 15, 2009)
understanding the entity
PSA 315 (Redrafted)
PHASE 1 - C Deals with the Auditor's
PERFORMANCE OF RISK ASSESMENT Responsibility to Identify and
PROCEDURES TO IDENTIFY/ASSESS RISK OF Assess the Risks of Material
MATERIAL MISSTATEMENT THROUGH Misstatements in the Financial
UNDERSTANDING THE ENTITY Statements through understanding
of the Entity and its Environment,
PSA 315 Overview of Activities including its Internal Control.
● Risk Assessment Procedures
and Sources of Information PSA 315 par 4
About the Entity and its Definitions:
Environment, Including its Assertions: Representations by
Internal Control management, explicit or otherwise,
● Understanding the Entity that are embodied in the financial
and its Environment, statements, as used by the auditor
including its Internal Control to consider the different types of
● Identifying and Assessing potential misstatements that may
the Risks of Material occur.
Misstatement
● Material Weaknesses in Business risk: A risk resulting
Internal Control from significant conditions, events,
● Documentation circumstances, actions or inactions,
that could adversely affect an
entity's ability to achieve its risks of Material Misstatement,
objectives and execute its whether due to Fraud or Error at
strategies, or from the setting of the Financial Statement and
inappropriate objectives and Assertion Levels
strategies.
Performing risk assessment
Significant risks: an identified procedures enable the auditor to
and assessed risk of material gather evidences about classes of
misstatement that in the auditor's transactions, account balances or
judgment, requires special audit disclosures which may not be a
consideration. part of initial audit procedures as
planned.
PSA 315 par 4
Internal Control: The process Reason for Risk Assessment
designed, implemented and Procedure
maintained by those charged with To provide a basis for the
governance, management, and Identification and Assessment of
other personnel to provide risks at the:
reasonable assurance about the ➢ Financial Statement
achievement of an entity's Level: Risk that relate to
objectives with regard to reliability the Financial Statement as
of financial reporting, effectiveness whole or outside of the
and efficiency of operations, and Financial Statement Itself
compliance with applicable laws arising out Management
and regulations. The term Decision or other external
"controls" refers to any aspects of factors and may lead to
one or more of the components of Material Misstatement on
Internal control. the assertion level.
➢ Assertion Level: Related
Risk Assessment Procedures: to the individual act
the audit procedures performed to balances, or classes of
obtain an understanding of the transactions within the
entity and its environment, Financial tem and
including the entity's Internal Disclosures.
control, to identify and assess the
risks of material misstatement, The auditor is not required to
whether due to fraud or error, at perform all the risk assessment
the financial statement and procedures described above for
assertion levels each aspect of the understanding
described in paragraph 20 of PSA
Risk Assessment Procedures 315
The Audit Procedures performed
to obtain an understanding of the Refers to understanding all the
Entity and its Environment, control activities related classes of
including the Entity's Internal transactions, account balances and
Control, to identify and assess the
disclosures in the financial In-house legal counsel - litigation,
statements compliance with laws and
regulations, knowledge of fraud or
However, all the risk assessment suspected fraud affecting the
procedures are performed by the entity, warranties, post sales
auditor in the course of obtaining obligations, arrangements with
the required understanding. business partners

The Risk Assessment Marketing and sales - marketing

Procedures include: strategies, sales trends, or
❖ Inquiries of management contractual
and of others within the
entity Service organizations -
❖ Analytical procedures arrangements contract,
❖ Observation and Inspection commitments, policies &
agreements
INQUIRIES
• Inquiry consists of seeking Analytical Procedures
information of knowledgeable ● Existence of unusual
persons, both financial and transactions or events
nonfinancial, within the entity or ● Amounts, ratios, and trends
outside the entity that might indicate matters
• Used extensively throughout the that have financial
audit in addition to other audit statement and audit
procedures implications
• Inquiries may range from formal ● Development of
when inquiries to informal oral expectations about plausible
inquiries (reasonable) relationships
• Corroboration of data that are reasonably
• External and internal inquiries expected to exist

Charged with Governance - Analytical procedures used in

Preparation of Financial statement; planning an audit
guidelines ● Simple comparisons
● Ratio analysis
Internal Auditors - Design & ● Common-size statements
effectiveness of the entity's internal ● Trend statements
control Management's response to ● Time series
any findings on Internal control ● Comparison of client ratio
vs. industry
Employees - involved in Initiating,
processing or recording, help the ● Involves analysis of
auditor evaluate the significant ratios and trends,
appropriateness and application of including the resulting
accounting policies investigation of fluctuations
and relationships that are
 inconsistent with other • Some material errors, unusual
relevant information or transactions, material deviations,
deviations from predicted vital activities can be viewed thru
amounts. the financial statements even prior
● Importance: It helps the to the actual audit engagements.
auditor in identifying • Auditors are strictly instructed to
unusual transactions and do this procedure.
events that may afect fair • Mastery of analytical process, just
presentations of the FS and a glimpse of the Assertions, errors
material misstatements. and management fraud is
suspected
PSA 520 "Analytical procedures"
requires the auditor to use Compare and Investigate:
analytical procedures in the ● Prior years' Financial
planning and overall review stages Statements
of the audit, ● Anticipated results such as
Substantive Analytical budget forecasts (income &
procedures: expense performance)
● Existence of unusual ● Industry averages
transactions or events ● Non-financial factors
● Amounts, ratios, and trends ● Typical relationships among
that might indicate matters Financial Statement
that have financial balances
statement and audit ● Analysis of significant ratios
implications and trends
● Development of ● Changes in the industry in
expectations about plausible which the entity operates
relationships that are ● Changes in key personnel
reasonably expected to ● Observation and inspection
exist
● Ratios and trends should be Observation and Inspection
compared with a certain Support inquiries of management
benchmark and others, and also provide
● Ratios and balance information about the entity and its
indications may contradict environment
each other
Includes the following:
Features: ● Observation of entity
• Analytical procedures consist of activities and operations
the analysis of significant ratios ● Inspection of documents,
and trends Including the resulting records, and internal control
Investigation of fluctuations and manuals
relationships that are inconsistent ● Reading reports prepared by
with other relevant information or management and those
deviate from predictable amount. charged with governance
 ● Visits to the entity's Understanding the Entity and its
premises and plant facilities Environment
● Tracing transactions through ➢ Relevant Industry,
the information system regulatory, and other
relevant to financial external factors Including
reporting (walk-throughs) applicable financial
reporting framework
Observe: ➢ The nature of the entity
● How the entity operates and ➢ Understanding the client's
is organized Internal Control
● Management's operating ➢ The entity's objectives and
style and attitude toward strategies, and those related
Internal control business risks
● Operation of various internal ➢ The measurement and
control procedures review of the entity's
● Compliance with certain financial performance
policies
Relevant Industry, Regulatory, and
Inspect:
Other External Factors
● Business plans and
strategies
● Industry conditions
● Accounting records of
● Technical development
policies
● Regulatory environment
● Internal control manuals
● Other external factors
● Reports prepared by
currently affecting the
management
entity's business
● Other reports such as
● Strength of competitors
minutes from meetings,
● Monopoly
reports from consultants
● Bargaining power of
customers
Tour of plant offices
● Understanding of the plant Suggested audit concerns:
layout, manufacturing ● Competition
process, principal products ● Product technology
and safeguards ● Supplies source and cost
● Signs of potential problems ● Applicable accounting
● Planning the scope and principles
extent of the audit ● Government policies
● Types of information affecting the industry
technology and internal ● Cyclical or seasonal activity
documentation to record ● Tariffs, trade restriction
activities
● Existence and effectiveness
The Nature of the Entity
of internal control system
The Auditor should obtain an
understanding of the entity's
accounting policies and consider
whether they are appropriate for ● Acquisitions, Mergers or
the business and consistent with Disposals of business
the applicable financing framework activities
and accounting policies relevant to ● Capital Investment activities
the industry ● Accounting for fair values
● Inventories
Refers to: ● Foreign Currency Assets,
● the entity's operations, Liabilities, Transactions
ownership and governance, ● Financial Statement
● the types of investments Presentation and
that is making and plans to Disclosures
make, ● Business operations
● the way that the entity is ● Customers and products
structured, and how it is ● Suppliers and raw materials
financed. ● Employees
● Locations
What the business concern is ● Alliances and affiliations
all about ● Investments
➢ Knowing this enables the ● Acquisitions
auditor to understand the ● People
classes of transactions, ● Research & Development
account balances, and ● New Products
disclosures to be expected ● Old & New operational
in the financial statements systems
➢ The auditor should obtain an ● Sources of Financing
understanding of the
entity's accounting policies The entity's selection and
and consider whether they application of accounting
are appropriate for the policies
business and consistent with • Financial reporting environment
the applicable financing • Source documents
framework and accounting • Books of accounts
policies relevant to the • Presentation
industry • Reports

Matters of importance to the Appropriateness of the

auditor: accounting policies for its
● Nature of business business
● Products or services • Proper chart of accounts used
markets • Compliant and relevant to
● Alliances, Joint ventures, industry's requirement
Outsourcing activities • Consistent in application of the
● Geographic dispersion and financial reporting framework
industry segmentation
● Key customers Objectives and Strategies, and
● Research and Developments Related Business Risks
Objectives: Overall plans of the Responsibilities of the
entity as defined by management Management
Management attempts to achieve • Identify Business Risks
these objectives by developing • Develop Approaches to address
strategies, or operational actions them

Strategies: Operational What the Auditor should

approaches of management to consider:
attain its s objective Existence of objectives:
• Industry developments
However, achieving management • New products and services
objectives is subject to business • Expansion of the business
risk • New accounting requirements
• Regulatory requirements
• Current and prospective financing
requirements
• Use of information technology

Effects resulting in the transition to

the new strategy

Measurement and Review of

Financial Performance

ON GOING ASSUMPTION Performance measures create

Objectives: pressures on Management and
• Vision-Mission statement Employees
• Operational
• Annual Resultant situations:
• Bridge • Motivation to improve
• Sustainability performance
• Misstate the financial statements
Strategies: • Engage in fraud
• Basic strategies
• Value discipline Auditor should review because:
• compensation and incentives are
Business risks: A risk resulting tied and resultant to these
from significant conditions, events, measures.
circumstances, actions, or inactions • Employment contract depends on
that could adversely affect an the review performances
entity's ability to achieve its • Inducement to misstate the
objectives and execute its financial statements to produce
strategies, or from the setting of favourable result
inappropriate objectives and
strategies. (PSA 315)
• Effective tool in designing an ❖ Relation of the risk to major
effective analytical procedure to factors that will require
check misstatements attention
❖ The complexity of the
Some suggested rating transaction
techniques: ❖ Significant transactions with
● Key ratios and operating related parties
statistics ❖ The degree of subjectivity
● Key performance indicators (authority, power) in the
● Employee performance measurement of financial
measures and incentive information
compensation ❖ Significant transactions
● Trends outside the normal course of
● Use of forecasts, budgets, the business or unusual
and variance analysis transactions
● Analyst reports and credit
rating reports Control Risk and Inherent Risk at
● Competitor analysis the Assertion Level
● Period-on-period financial • Auditors assess audit risk at the
performance assertion level and test validity of
assertions through specific
accounts or classes of transactions,
account balances, and disclosures.
• At assertion level, misstatement
is material if it exceeds the
IDENTIFYING AND ASSESSING THE Tolerable Misstatement specified to
RISK OF MATERIAL MISSTATEMENT an account
Related Activities • Risk of the assertion level: the
❖ Identification of risks risk that a financial statement
throughout the process of assertion is materially misstated
understanding the entity • Financial statement assertions
❖ Relates identified risks at are not equally exposed to
the assertion level misstatement
❖ Assess the magnitude of the • The risk of misstatement is higher
risk for possible material for some assertions than the others
misstatement
❖ Consider the Materiality of Significant Risks refer to:
the risk in the financial ❖ Non-routine transactions
statements ❖ Judgmental matters

Matters to be considered in Non-Routine Transactions

assessing the nature of the ❖ Management intervention to
risk: specify accounting
❖ Whether the risk is a risk of treatment
fraud ❖ Manual intervention for data
collection and processing
 ❖ Complex calculation or b. Control risk
accounting principles
❖ Nature of the transactions Detection Risk:
creating difficulty imposing Auditors do not detect the
control misstatement

Judgmental Matters
❖ Accounting principles for
accounting estimates or Audit Risk
revenue recognition subject Probable causes of Audit Risk:
to differing interpretation • A material misstatement in an
❖ Required judgment may be Assertion about the account has
subjective, or complex occurred due to:
Inherent risk
Auditors in designing audits, Control risk
considers the risk of material
misstatements through: • The auditor did not detect the
❖ Financial statement level misstatement: detection risk
- Test the validity of
assertions that relate to
classes of transactions,
account balances and
disclosures

❖ Assertion level
- The risk that a financial
statement assertion is
materially misstated

Since audit involves gathering of

evidence for each material financial
statement assertion, audit risk is
also examined at this level. Risk Relationships
Client:
For each financial statement a. Inherent risk
account, audit risk consists of the b. Control risk
possibility that
a. A material misstatement in an Auditor:
assertion has occurred a. Audit risk
b. The auditors do not detect the b. Detection risk
misstatement
Inherent Risk
Occurrence of material The susceptibility of an account
misstatement may be separated balance or class of transactions to
into two components: misstatement that could be
a. Inherent risk material, individually or when
aggregated with misstatements in or detected on a timely basis by
other balances or classes, the client's system of internal
assuming there are no related control.
internal controls
This concept recognizes that some This can never be zero because
account balances, by nature, are internal control systems cannot
more susceptible to misstatement provide complete assurance that all
than others. material errors will be prevented or
detected.
Factors that affect inherent risk
at the financial statement Assessment of Control Risk
level: • The client's internal control
• Integrity of management system may not detect or prevent a
• Experience knowledge and material misstatement
changes in management during the • Control risk is connected to the
period effectiveness of the internal control
• Industry characteristic • Well designed and consistently
• Nature of the entity's business applied procedures makes accurate
• Pressure on management financial statements
• Control risk exists independently
Factors that affect Inherent of the audit of Financial Statements
Risk At the Assertion Level: • It is assessed using the auditor's
• Susceptibility of the account to judgment
theft
• Complexity of calculations related Examples:
accounts ● Human failures due to
• The complexity of underlying carelessness or fatigue.
transactions and other events ● Collusion
• The degree of judgment involved
in determining account balances Detection Risk
• Accounts susceptible to The risk that the auditor will not
misstatements detect a misstatement that exists
• Transaction not subjected to in an assertion
ordinary processing
The only component that can be
Control Risk controlled or manipulated by the
Risk that a Material Misstatement auditor through the procedures he
that occurred In an account plans to use
balance or class of transactions will
not be prevented or detected and
corrected on a timely basis by Factors in detection risk
accounting and internal control • Consider that auditor will make
systems. an error
• Ever present because evidence is
This is the risk that a material error persuasive not conclusive
in an account will not be prevented • Restricted to substantive test
• Consider both the inherent and to run tests, what controls need to
control risk to reduce risk be tested themselves and what
• To determine the nature, timing, distribution of tests will provide the
and extent of the audit best results for the audit.
• Inverse relationship between
Detection Risk against Inherent Components of Audit Risk
Risk and Control Risk Model
● Audit Risk
Detection Risk: Definition ● Inherent Risk
versus concept ● Control Risk
Rules when studying relationship of ● Detection Risk
risk components in the Audit Risk
Model: Using the audit risk model to
• Detection risk should be determine the nature, timing and
understood in conceptual context extent of audit procedures
not in its definition alone
• Actually means -Ease of detection Purpose:
of misstatement • To determine the nature, timing
- Ability to detect and extent of the audit
misstatement • To determine the volume of
- Chance to detect the evidence to be gathered for an
misstatement effective engagement

Mathematically, the Auditing

Standards state the relations
between Audit Risk and its
components as:
Formulas
Audit Risk = Inherent Risk x Standard:
Control Risk x Detection Risk Audit Risk (AR) = Inherent Risk (IR)
x Control Risk (CR) x Detection Risk
(DR)

Audit Risk Model Ultimately:

• An audit risk model is a process
for determining risks and deciding
on the correct auditing procedures
for a particular business.
• The model concept itself is a
creation of auditors in the United
For ease of discussion
States, but the terms used in the
• Inherent risk and control risk are
model are all derived from GAAS,
viewed in combination as a single
Generally Accepted Auditing
component. Refers to material
Standards.
misstatements.
• Using this process, the auditor
• Called auditee's risk as they both
decides what controls can be used
relate to the entity
• Comparison of the detection risk ➢ Design audit at substantive
and control risk become clearer level at lesser degree
• If control risk is low, detection risk
is high
- Internal control is effective Auditor’s assessment of
control risk is
and functioning well
Auditor’s High Mediu Low
assessmen m
- Auditor will be able to detect t of High Lowest Lower Medium
inherent
misstatements easily risk
Mediu Lower Mediu Higher
• If control risk is high, detection m m
risk is low Low Medium Hgher Highest
- Internal control is ineffective
and functioning poorly
- No system for correct Alternative Application
balances presentation
- Auditor will have a hard
time detecting errors

Illustration:
Allowed Audit Risk: 5%
Inherent Risk: 80%
Control Risk: 40%

Detection risk = 0.5/.80 x .40

Planned detection risk = 16%

Action Plan
➢ Gather more evidence
➢ Design audit at substantive
to increase detection

Illustration:
Allowed Audit Risk: 5%
Inherent Risk: 20%
Control Risk: 30%

Detection risk = 0.5/.20 x .30

Planned detection risk = 83%

Action Plan
➢ Gather less evidence