Steps in Planning

Accept client and

perform initial Identify significant risks due to
audit planning fraud or error
Finalize
overall audit
Understand the
strategy and
client’s business
Assess inherent risks audit plan
and industry

Perform preliminary
analytical procedures Understand internal control
and assess control risk
Set preliminary judgment of
materiality and performance
materiality
CHAPTER

Assessing The Risk of Material

9
Learning Objectives
Misstatement

After studying this chapter, you should be able to:

1. Define risk in auditing;
2. Distinguish the different types of risk assessment procedures;
3. Understand important auditor considerations related to the risk of material
misstatement due to fraud;
4. Describe the auditor’s responsibility to identify significant risks;
5. Describe the audit risk model and its components.
6. Assess acceptable audit risk.
7. Consider the impact of several factors on the assessment of inherent risks.
8. Discuss the relationship of risks to audit evidence.
9. Discuss how materiality and risk are related and integrated into the audit process.
 Learning Objective 1

Define risk in auditing.

 Learning Objective 1
Standar Audit Define risk in auditing.

SA 200: Tujuan Keseluruhan Auditor Independen dan

Pelaksanaan Audit Berdasarkan Standar Audit

 Risiko audit adalah risiko bahwa auditor menyatakan suatu

opini audit yang tidak tepat ketika laporan keuangan
mengandung kesalahan penyajian material.
 Risiko audit merupakan suatu fungsi risiko kesalahan
penyajian material dan risiko deteksi.

LO 1
 Learning Objective 1
Risk Define risk in auditing.

 Auditors accept some level of

risk in performing the audit.

 Risks exist, are difficult to

measure, and require careful
thought in response.

 Proper risk response is

critical to achieving a high-
quality audit.
LO 1
 Learning Objective 1
Risk of Material Misstatement Define risk in auditing.

 At the overall financial

statement level

 At the assertion level

LO 1
 Learning Objective 2

Distinguish the different types of

risk assessment procedures.
 Risk Assessment Learning Objective 2
Distinguish the different
Procedures types of risk assessment
procedures.

Risk assessment procedures include:

1. Inquiries of management and others within the entity

2. Analytical procedures
3. Observation and inspection
4. Discussion among engagement team members
5. Other risk assessment procedures.

LO 2
 Learning Objective 2
Role of Risk Assessment Distinguish the different
types of risk assessment
Procedures procedures.

Risk Assessment Procedures

1. Inquiries of management and

others
Provide input for
2. Analytical procedures Help auditor identify
understanding entity
Observation and inspection and asses the risk of
3. and its environment,
material
4. Discussion among engagement including internal
misstatement
team members control
5. Other risk assessment
procedures
Used to develop
audit strategy and
audit plan in
response to
assessed risk

LO 2
 Learning Objective 3

Identify significant
risks due to fraud or
error
Understand important
auditor considerations
Assess inherent risks
related to the risk of
material misstatement
Understand internal
control and assess due to fraud.
control risk

Finalize overall audit

strategy and audit plan
 Learning Objective 3
Considering Fraud Risk Fraud risk.

In the context of auditing financial statements, fraud is

defined as an intentional misstatement of financial
statements.

Fraudulent financial Misappropriation

reporting of assets

LO 3
 Learning Objective 4
Describe the auditor’s
Identification Significant Risks responsibility to identify
significant risks.

A significant risk represents an identified and

assessed risk of material misstatement that,
in the auditor’s professional judgment,
requires special audit consideration.

Non-routine Matters that Fraud Risk

transactions require
significant
judgment

LO 4
 Learning Objective 5
Audit Risk Model Describe the audit risk
model and its component.

 Auditors need to understand

the client’s business and
assess business risk

 The audit risk model helps

identify the potential and
likelihood of misstatements.

LO 5
 Learning Objective 5
Audit Risk Model Describe the audit risk
model and its component.

PDR = AAR ÷ (IR × CR)

where: PDR = Planned detection risk

AAR = Acceptable audit risk

IR = Inherent risk

CR = Control risk

LO 5
 Learning Objective 6

Assess acceptable audit risk.

Acceptable Audit Risk and Learning Objective 6
Assess acceptable audit
Engagement Risk risk.

Acceptable Audit Risk is a measure of how willing the

auditor is to accept that the financial statements may be
materially misstated after the audit is completed and
unqualified opinion has been issued.

Engagement Risk is the risk that the auditor or audit firm

will suffer harm after the audit is finished. In other
words, it is the risk of lawsuit or unfavorable publicity
resulting from being associated with this client.

LO 6
Impact of Engagement Risk on Learning Objective 6

Acceptable Audit Risk

Assess acceptable audit
risk.

Auditors decide engagement risk and use

that risk to modify acceptable audit risk.

Engagement risk closely relates to

client business risk.

LO 6
Factors Affecting Acceptable Learning Objective 6

Audit Risk
Assess acceptable audit
risk.

 The degree to which external users

rely on the statements

 The likelihood that a client will

have financial difficulties after the
audit report is issued

 The auditor’s evaluation of

management’s integrity

LO 6
 Learning Objective 7

Identify significant
risks due to fraud or
error
Consider the
Assess inherent risks
impact of several
factors on the
Understand internal assessment of
control and assess
control risk inherent risk.

Finalize overall audit

strategy and audit
plan
 Learning Objective 7
Inherent Risk Consider the impact of
several factors on the
assessment of inherent risk

Inherent Risk is a measure of the auditor’s assessment

of the likelihood that there are material misstatements in
an account balance before considering the effectiveness
of internal control.

LO 7
 Learning Objective 7
Factors Affecting Inherent Risk Consider the impact of
several factors on the
assessment of inherent risk

Nature of Client’s Audit Experience

Business
 Industry practices
 Non-routine transactions
 Makeup of the population
 Prior audit results
 Initial vs. repeat engagement
 Audit judgment required to
correctly record balances and
transactions

Culture
 Related parties
 Factors related to fraudulent
financial reporting
 Factors related to
misappropriation of assets
LO 7
 Steps in Planning

Accept client and

perform initial Identify significant risks due to
audit planning fraud or error
Finalize
overall audit
Understand the
strategy and
client’s business
audit plan
and industry Assess inherent risks

Perform preliminary
analytical procedures
Understand internal control
and assess control risk
Set preliminary judgment
of materiality and
performance materiality
CHAPTER
Internal Control and
11
Learning Objectives
COSO Framework
After studying this chapter, you should be able to:
1. Describe the three primary objectives of effective internal control;
2. Contrast management’s responsibilities for maintaining internal control with the
auditor’s responsibilities for evaluating and reporting on internal control;
3. Explain the five components of the COSO internal control framework;
4. Explain how general controls and application controls reduce information technology
risks.
5. Identify types of information technology systems and their impact on internal controls.
 Nature of Auditing

Auditing is the accumulation and evaluation

of evidence about information to determine
and report on the degree of correspondence
between the information and established criteria.

Auditing should be done by a competent,

independent person.

LO 1
 Four Phases of an Audit

Perform analytical
Plan and design procedures and
Phase I Phase III
an audit approach. tests of details
of balances.

Perform tests of
Complete the
controls and
Phase II Phase IV audit and issue
substantive tests
an audit report.
of transactions.

LO 1
 Steps in Planning

Accept client and

perform initial Identify significant risks due
audit planning to fraud or error
Finalize
overall
audit
Understand the
strategy
client’s business
and audit
and industry Assess inherent risks plan

Perform preliminary
analytical procedures Understand internal
control and assess control
Set preliminary risk
judgment of materiality
and performance
materiality
 Learning Objective 1

Describe the three primary

objectives of effective internal
control.
 Learning Objective 1
Standar Audit Describe the three primary
objectives of effective
internal control.

SA 315: Pengidentifikasian dan Penilaian Risiko

Kesalahan Penyajian Material Melalui Pemahaman
atas Entitas dan Lingkungannya

Pengendalian internal adalah proses yang dirancang,

diimplementasikan dan dipelihara oleh pihak yang
bertanggung jawab atas tata kelola, manajemen, dan
personel lain untuk menyediakan keyakinan memadai
tentang pencapaian tujuan suatu entitas yang berkaitan
dengan:
• keandalan pelaporan keuangan,
• efisiensi dan efektivitas operasi, dan
• kepatuhan terhadap peraturan perundang-undangan.
LO 1
 Learning Objective 1
Internal Control Objectives Describe the three primary
objectives of effective
internal control.

Management has three broad objectives in

designing an effective internal control system

Reliability of
financial
reporting Efficiency/
Compliance
with laws and effectiveness
regulations of operations

LO 1
 Learning Objective 2

Contrast management’s responsibilities

for maintaining and reporting on internal
controls with the auditor’s
responsibilities for understanding,
testing, and reporting on internal
controls.
Management’s Responsibilities for Learning Objective 2
Management and auditor
Establishing Internal Control responsibilities.

 Management must establish and maintain

the entity’s internal controls
 Management’s design and implementation
of internal controls is based on two key
underlying concepts:

Reasonable Inherent
assurance limitations

LO 2
Management’s Assessment Learning Objective 2
Management and auditor
of Internal Controls responsibilities.

 Management must first test the design of

internal controls over financial reporting.

 Management must also test the operating

effectiveness of those controls.

LO 2
Auditor Responsibilities for Learning Objective 2
Management and auditor
Understanding Internal Control responsibilities.

 SA 315 paragraf 12

 Must assess control risk in every audit

 Primarily concerned about controls over:

 reliability of financial reporting
 classes of transactions

LO 2
Auditor Responsibilities for Learning Objective 2
Management and auditor
Testing Internal Control responsibilities.

 Obtains understanding of controls

 Performs tests of controls:

 significant account balances
 classes of transactions
 disclosures and related financial
statement assertions

LO 2
 Learning Objective 3

Explain the five components of

the COSO internal control
framework.
 Learning Objective 3
Five Components of Internal Explain the five

Control
components of the COSO
internal control framework.

Control Environment

Risk Control Information and

Monitoring
Assessment Activities Communication

LO 3
 Learning Objective 3

The Control Environment Explain the five

components of the COSO
internal control framework.

Integrity and ethical values Organizational structure

Commitment to competence Assignment of authority

and responsibility

Board of directors or audit

committee participation Human resources
policies and practices

Management’s philosophy
and operating style
LO 3
 Learning Objective 3

Risk Assessment Explain the five

components of the COSO
internal control framework.

Identify factors that may increase risk.

Estimate the significance of risks
Assess the likelihood of the risk occurring

Determine actions necessary

to manage risk.

LO 3
 Learning Objective 3

Control Activities Explain the five

components of the COSO
internal control framework.

1. Adequate separation of duties

2. Proper authorization of transactions and activities
3. Adequate documents and records
4. Physical control over assets and records
5. Independent checks on performance

LO 3
 Learning Objective 3
Information and Explain the five

Communication
components of the COSO
internal control framework.

The purpose of an accounting information

and communication system

Initiate
Report Maintain
Record transactions Accountability
for Related Assets
Process

LO 3
 Learning Objective 3

Monitoring Explain the five

components of the COSO
internal control framework.

Monitoring activities deal with management’s

ongoing and periodic assessment of the
quality of internal control performance…

to determine whether controls are operating

as intended and modified when needed.

LO 3
 Learning Objective 4

Obtain and document an

understanding of internal control.
 Learning Objective 4
Process for Understanding Internal Obtain and document an
Control and Assessing Control Risk understanding of internal
control.

Obtain and Document Understanding of

Internal Control: Design and Operation

Assess Control Risk Test Controls

Decide Planned Detection Risk

and Substantive Tests

LO 4
Obtain and Document Learning Objective 4
Understanding of Internal Obtain and document an
understanding of internal
Control control.

Auditing standards require auditors to

obtain an understanding of internal control
for every audit.

Procedures to obtain an understanding:

 Design of internal controls
 Whether placed in operation
 Uses this information as a basis for the
integrated audit

LO 4
 Learning Objective 4
Method Used Obtain and document an
understanding of internal
control.

Narrative

Flowchart
Internal
control
questionnaire

LO 4
 Learning Objective 5

Assess control risk by linking

key controls, significant
deficiencies, and material
weaknesses to transaction-
related audit objectives.
 Learning Objective 5
Assess Control Risk Assess control risk.

Assess whether the financial statements

are auditable.

Determine assessed control risk supported

by the understanding obtained assuming
the controls are being followed.

Use a control risk matrix to assess

control risk.

LO 5
 Learning Objective 5
Control Risk Matrix Assess control risk.

 Identify audit objectives

 Identify existing controls

 Associate controls with related audit objectives

 Identify and evaluate control deficiencies,

significant deficiencies, and material weaknesses

LO 5
 Identify Deficiencies and Learning Objective 5
Assess control risk.
Material Weaknesses

 Identify existing controls

 Identify the absence of key controls
 Consider the possibility of compensating controls
 Decide whether there is a significant deficiency or
material weakness
 Determine potential misstatements that could
result

LO 5
Communications to Those Learning Objective 5

Charged with Governance

Assess control risk.

 Auditor must communicate in writing

significant deficiencies and material
weaknesses to the audit committee

 Management letters from the auditor

 less significant control weaknesses
 ideas for operational improvements

LO 5
 Learning Objective 7

Discuss how materiality and risk

are related and integrated into
the audit process.
 Learning Objective 7
Tolerable Misstatements, Discuss how materiality
and risk are related and
Risk, and Planned Evidence integrated into the audit
process.

Acceptable
audit risk D D I

Inherent Planned I Planned

risk I detection risk audit evidence
I D I
Control
risk

Tolerable
misstatement
D = Direct relationship; I = Inverse relationship
LO 7
Pertanyaan?

SELESAI