Risk Based Audit

Ade Irma Hidayah

Source: Book 2, DBSD&A Audit Approach
  INTRODUCTION

Audit approach and methodology consists of the following sections :

A. Section one (Audit Approach and Methodology), which consists of:

1. Introduction
2. Manage the Audit Engagement
3. Audit Diagram

B. Section two (Policy and Documentation), which consists of:

2 1. Audit Planning :
2. Perform Audit Plan
3. Conclude and Report
4. Perform Post-Engagement Activities
 1. Introduction

 GENERAL

The audit approach is risk based with a focus on understanding each

entity and its environment and identifying risks associated with the entity,
the audit engagement, and the financial statements as a whole. The
audit approach requires the development of an audit plan that responds
to these risks and to the entity’s specific circumstances

 INTERNATIONAL STANDARDS ON AUDITING

3 The policies and guidance policies comply with the International

Standards on Auditing (“ISAs”) issued by the International Federation of
Accountants up to and including November 2011 and in many instances
incorporate the ISA wording. Member Firms following the policies and
guidance in the policies will comply with the ISAs as of that date.
 1. Introduction

 PURPOSE

1. The purpose of this policy is to provide an overview of the audit

approach and methodology as well as provide introductions to
some of the major concepts of the audit approach.

2. The objective of an audit of financial statements is to enable us to

express an opinion as to whether the financial statements are fairly
presented, in all material respects, in accordance with an
applicable financial reporting framework.

4 3. It is firm’s responsibility to design the audit to obtain reasonable

assurance that the financial statements are fairly stated in all
material respects. Reasonable assurance is derived from a
combination of inherent, control, and substantive assurance.
 1. Introduction
 AUDIT RISK AND ASSURANCE

1. The audit assurance risk model sets out how the firm obtain overall assurance for the
potential errors for each significant account balance or disclosure.

a. The firm obtains inherent assurance by assessing risk at the potential-error level for
account balances or disclosures for the potential errors for which the firm do not
identify specific risks. Ordinarily, these are potential errors relating to transactions,
account balances, or disclosures that are not associated with one of the risk
factors highlighted.

b. The firm obtain control assurance by performing the following procedures:

i. Identifying the existence of controls, for the relevant control objectives,

evaluating their design, and determining whether they have been
implemented
5 ii. If appropriate, testing the operating effectiveness of those controls

c. The firm obtains substantive assurance by performing substantive analytical

procedures, tests of details, or a combination of the two. For each potential error,
substantive assurance should constitute a portion of firm’s overall assurance.

2. Based on the reasonable conclusions drawn from the audit evidence obtained, the
firm express or decline to express in firm’s audit report an opinion on the fair
presentation of the financial statements.
 1. Introduction

 AUDIT PROCEDURES AND RISK ASSESSMENT PROCEDURES

1. The firm obtain audit evidence to draw reasonable conclusions on which to base firm’s audit opinion
by performing audit procedures to:

a. Obtain an understanding of the entity and its environment, including its internal control, to assess
the risks of material misstatement at the financial statement and account balance levels
b. When necessary or if the firm have planned to do so, test the operating effectiveness of controls in
preventing or detecting and correcting material misstatements at account balance level
c. Detect material misstatements at the account balance error level; audit procedures performed
for this purpose are referred to as “substantive procedures” and include tests of details,
substantive analytical procedures, or a combination of the two.

2. Audit procedures to obtain an understanding of the entity and its environment, including its internal
control, to assess the risks of material misstatement at the financial statement and potential-error
levels are referred to as “risk assessment procedures” because some of the information obtained by
performing such procedures may be used as audit evidence to support assessments of the risks of
material misstatement. Risk assessment procedures are a subset of audit procedures.
6
3. In performing risk assessment procedures, the firm may obtain audit evidence about classes of
transactions, the potential errors for account balances or disclosures, and about the operating
effectiveness of controls, even though such audit procedures were not specifically planned as
substantive procedures or as tests of the operating effectiveness of controls. The firm may also
choose to perform substantive procedures or tests of the operating effectiveness of controls
concurrently with risk assessment procedures because it is efficient to do so.
 1. Introduction

 AUDIT EVIDENCE

1. The information used in arriving at the conclusions on which the audit opinion is based
is audit evidence. Audit evidence includes the information contained in the
accounting records underlying the financial statements and other information.

2. The firm should obtain sufficient appropriate audit evidence to be able to draw
reasonable conclusions on which to base the audit opinion.

3. Other information that the firm may use as audit evidence includes minutes of
meetings; confirmations from third parties; analysts’ reports; comparable data about
competitors (benchmarking); controls manuals; information obtained by us from such
audit procedures as inquiry, observation, and inspection; and other information
developed by or available to us that permits us to reach conclusions through valid
reasoning.
7
4. Sufficiency is the measure of the quantity of audit evidence. Appropriateness is the
measure of the quality of audit evidence; that is, its relevance and its reliability in
providing support for the potential errors related to account balances or disclosures or
detecting misstatements in account balances or disclosures.
 1. Introduction

 BENEFITS

1. The audit approach has been developed to enable us to:

a.Plan and perform audit engagements that will provide an appropriate

basis for the expression of an opinion on an entity’s financial statements
taken as a whole
b.Identify and appropriately address risks relevant to the audit
engagement that are associated with the entity, the audit engagement,
and the potential errors for the significant account balances or
disclosures
c.Perform an effective and efficient audit
d.Determine the entity’s needs, expectations, concerns, and professional
service requirements and prepare and execute an appropriate audit
8
plan
e.Provide clients and management with meaningful audit insights
f. Perform multilocation audits in a consistent manner
g.Clearly communicate the manner in which audit engagements are
performed to professional staff, clients, prospective clients, management,
and others
 1. Introduction

 POLICY

1. The firm should comply with the ethical standards applicable to the audit
engagement as required by ISA

2. The firm should plan and perform the audit to reduce audit risk to an
acceptably level using reliance factor.

3. The firm should obtain sufficient appropriate audit evidence to be able to

draw reasonable conclusions on which to base the audit opinion.

4. The firm should maintain an attitude of professional skepticism throughout

the audit, recognizing the possibility that a material misstatement due to
9 fraud could exist, irrespective of firm’s experience with the entity about the
honesty and integrity of management and those charged with
governance.
 1. Introduction

 ACTIVITIES

OVERVIEW OF THE AUDIT APPROACH

1. The core of the audit approach consists of six principal activities:

a. Perform Pre-engagement Activities

b. Perform Preliminary Planning
c. Develop the Audit Plan
d. Perform the Audit Plan
e. Conclude and Report
10 f. Perform Post-engagement Activities.
 1. Introduction

 ACTIVITIES

OVERVIEW OF THE AUDIT APPROACH

2. Risk assessment and management of the audit engagement are pervasive

activities at all stages of the audit engagement. The activities are led by
the engagement management whose key responsibilities include
managing the effectiveness and efficiency of the audit engagement as
well as communicating within the engagement team and to management
and those charged with governance. These activities are a continuous
process and an integral part of the audit approach.

3. Planning is a continual and iterative process that often begins shortly after
11 (or in connection with) the completion of the previous audit and continues
until the completion of the current audit engagement. However, in
planning an audit, The firm consider the timing of certain planning activities
and audit procedures that need to be completed prior to the performance
of further audit procedures.
 1. Introduction

 RISK-BASED APPROACH

1. The firm should plan and perform the audit to reduce audit risk to an
acceptably low level that is consistent with the objective of an audit. The
firm reduce audit risk by designing and performing audit procedures to
obtain sufficient appropriate audit evidence to be able to draw
reasonable conclusions on which to base an audit opinion.

Reasonable assurance is obtained when the firm have reduced audit risk to
an acceptably low level. The audit assurance model sets out how the firm
obtain overall assurance for the potential errors for each significant
account balance or disclosure and assists us in planning and performing
the audit engagement to reduce audit risk to an acceptably low level.

12 2. The audit approach enables us to develop an effective and efficient audit

plan that focuses firm’s audit procedures on high-risk areas.
 1. Introduction

 RISK-BASED APPROACH

3. As part of firm’s pre-engagement activities, the firm assesses engagement risk. Firm’s
assessment of engagement risk is based on a combination of firm’s assessment of the
risk resulting from (1) firm’s association with the client or prospective client, (2) the audit
engagement, and (3) the financial statements as a whole.

4. 4Firm’s audit approach involves obtaining a detailed understanding of the nature of

the entity’s business and its environment. Firm’s ability to effectively assess risk is
enhanced by this understanding as well as firm’s (1) understanding of the entity’s
internal control and accounting process and (2) performance of firm’s preliminary
analytical review. The value of this accumulation of understanding increases with
experience and years of service to the entity.

5. When the firm assesses risk at the potential-error level for an account balance or
disclosure, the firm seek to specifically identify the potential errors for significant
13 account balances or disclosures that have an increased risk of material misstatement.
For the potential errors for account balances or disclosures for which the firm have
identified a specific risk, the firm assess inherent risk as high and take no inherent
assurance when planning the scope of firm’s work.
 1. Introduction

 RISK-BASED APPROACH

6. The audit plan for a potential error for an account balance or disclosure for
which the firm have identified a specific risk will involve one of the following:

a. Performing a focused level of substantive procedures if the firm obtain

no control assurance
b. Performing a directed level of substantive procedures if the firm obtain a
basic level of control assurance
c. Performing a moderate level of substantive procedures if the firm obtains
a maximum level of control assurance.

14
 1. Introduction

 FOCUS ON QUALITY

1. When performing an audit of financial statements, firm’s professional

responsibilities are established by applicable professional standards and
regulatory and legal requirements.

2. The firm requires an uncompromising commitment to high professional and

technical quality. Applying the audit approach will assist us in achieving
this goal.
15
3. The firm strives to consistently provide quality professional service. This
involves maintaining ongoing contact and effective communication with
the firm clients at all stages of the audit engagement.
 1. Introduction

 MANAGEMENT OF THE AUDIT ENGAGEMENT

i. The audit Engagement Partner is responsible for establishing the overall

scope of the audit and assumes overall responsibility for the audit
engagement. This individual is responsible for ensuring that the audit
complies with firm’s policies, applicable professional standards and
regulatory and legal requirements and responds to client needs,
expectations, and concerns.

16 ii. In managing risk and developing and executing the audit plan, the audit
Engagement Partner and other engagement management are the key
decision makers and main influences on the firm approach. Timely
involvement of engagement management in the key stages of the audit
engagement is essential to optimizing the effectiveness and efficiency of
planning and performance of the audit engagement.
 1. Introduction

 CONSIDERATION OF FRAUD AND ERROR

1. The firm should maintain an attitude of professional skepticism throughout

the audit, recognizing the possibility that a material misstatement due to
fraud could exist, irrespective of firm’s experience with the entity about the
honesty and integrity of management and those charged with
governance.

2. The firm considers the potential for management override of controls and
recognizes the fact that audit procedures that are effective for detecting
error may not be appropriate in the context of an identified risk of material
misstatement due to fraud. The distinguishing factor between fraud and
error is whether the underlying action that results in the misstatement of the
17 financial statements is intentional or unintentional.

3. The term “fraud” refers to an intentional act by one or more individuals

among management, those charged with governance, employees, or third
parties, involving the use of deception to obtain an unjust or illegal
advantage. Although fraud is a broad legal concept, for the purposes of
firm’s audit, the firm is concerned with fraud that causes a material
misstatement in the financial statements. The firm does not make legal
determinations of whether fraud has actually occurred.
 1. Introduction

 CONSIDERATION OF FRAUD AND ERROR

4. Owing to the inherent limitations of an audit and internal control, there is a possibility
that material misstatements resulting from fraud and, to a lesser extent, error may not
be detected. Because fraud usually involves acts designed to conceal it, the risk of
not detecting a material misstatement resulting from fraud is greater than one resulting
from error. Furthermore, the risk of not detecting a material misstatement resulting
from management fraud is greater than for employee fraud, because management is
frequently in a position to directly or indirectly manipulate accounting records and
present fraudulent financial information.

5. Fraudulent acts include deliberate failure to record transactions, forgery of records

and documents, and intentional misrepresentations to the engagement team. Fraud
may include intentional acts by management or employees acting on behalf of the
entity, as well as employee fraud if management or employees are involved in actions
defrauding the entity.
18
6. Two types of intentional misstatements are relevant to us:

a. Misstatements resulting from fraudulent financial reporting

b. Misstatements resulting from misappropriation of assets.
c. Concealing, or not disclosing, facts that could affect the amounts recorded in the
financial statements
d. Engaging in complex transactions that are structured to misrepresent the financial
position or financial performance of the entity
e. Altering records and terms related to significant and unusual transactions.
 1. Introduction

 DOCUMENTATION

1. The audit working papers are the property of the Member Firm performing the audit
and support the firm audit report. They are not part of, nor a substitute for, the entity’s
accounting records. Although the amount of documentation required varies, the
working papers need to provide evidence that the work has been performed in
accordance with firm policies.

2. The audit documentation should be used in planning and performing audit

engagements performed in accordance this the policies and guidance.

3. The common audit documentation contains the following:

a. Standard index
b. Forms that support the following:

(i) The audit planning process

19 (ii) The understanding of the entity’s internal control, including evaluation of the
design of controls and determining whether they have been implemented
(iii) Testing of the operating effectiveness of controls
(iv)Performing substantive procedures

c. Audit’s documents and templates format.

 2. Manage the Audit Engagement
 PURPOSE

1. Every audit engagement should be under the control and supervision of an audit
Engagement Partner to whom responsibility for the conduct of the audit
engagement in accordance with the policies in the Manual, the applicable
professional standards and regulatory and legal requirements is assigned.

2. Allocation of responsibilities is a matter for the audit Engagement Partner to address.

Matters such as maintaining continuity and an appropriate level of experience within
the engagement team significantly affect the effectiveness of the engagement
team.

3. The effectiveness with which the audit engagement is managed will be improved if
each person involved has a clear understanding of the respective roles and
responsibilities of each member of the engagement team. The division of
responsibilities discussed in this policy needs to be regarded as a guide only. Roles
will vary in practice depending on the nature, size, and complexity of the entity’s
20 operations.

4. The engagement management responsible for an audit engagement includes,

depending on the size, nature, and complexity of the entity’s operations, some or all
of the following:

a. Audit Engagement Partner

b. Audit Manager
c. The Accountant-in-Charge or Field Senior.
 2. Manage the Audit Engagement
 AUDIT ENGAGEMENT PARTNER

1. Achieving quality throughout planning, supervision, and management of an audit

engagement is significantly more effective than efforts to achieve quality during the
review process alone.

 TEAMWORK

1. Teamwork is key to successful management of an audit engagement. The high

quality of firms professional service is maintained by engagement teams that build on
individual strengths, knowledge, and expertise.

2. On-the-job training, in the form of supervision, accelerates learning and enhances

effectiveness of individuals on the engagement team. Supervision continues until the
conclusion of the audit engagement. Each member of the engagement team has
a responsibility to ensure that there are no unresolved issues.
3. After the audit engagement is complete, the engagement team meets to review
21 the performance of the audit engagement and decide what needs to be changed
for the following period’s audit engagement. A debriefing of the engagement team
helps us build on the successes of the current audit engagement and continue to
improve the overall quality of firm’s audit.

4. The firm also considers which processes need to be established to effectively

manage relationships with the client and among members of the engagement team
in the period between the completion of the current audit engagement and the
beginning of work on the following period’s audit engagement.
 2. Manage the Audit Engagement
 CONSULTATION

1. Consultation RMQC and Quality Control or internal specialists should be

performed in accordance with the firm’s policies of the Professional
Practice Manual.

2. The audit Engagement Partner should consult, as deemed necessary, with

individuals with the appropriate capabilities and competence on (1)
technical accounting and auditing questions regarding the application
and interpretation of applicable standards and reporting issues or (2) any
other matter pertaining to an audit engagement that, under the
circumstances, requires specialized knowledge.

3. The audit Engagement Partner should determine that significant matters

22 subjected to consultation and the conclusions reached are appropriately

a. Documented in the audit working papers

b. Agreed with those consulted
c. Implemented.
 2. Manage the Audit Engagement

 POLICY

1. Every audit engagement should be under the control and supervision of

an audit Engagement Partner to whom responsibility for the conduct of
the audit engagement in accordance with the policies in the Manual, the
applicable professional standards and regulatory and legal requirements
is assigned.

2. The audit Engagement Partner should:

a. Determine that conflicts of interest identified are appropriately

addressed.
23 b. Form a conclusion on compliance with independence requirements
that apply to the audit engagement.

3. The audit Engagement Partner should consider whether members of the

engagement team have complied with applicable ethical requirements,
including independence, before beginning significant portions of
fieldwork and as the audit progresses.
 2. Manage the Audit Engagement

 DOCUMENTATION

i. In managing the audit engagement, the firm would normally document the
following:

a. Sufficient evidence to show that the audit procedures have been

adequately performed
b. Level of participation by entity personnel
c. Detailed budgets of time and cost for each significant account balance,
along with the allocation of the work to the respective members of the
24 engagement team. Updating of these budgets for actual hours/costs to
date and estimated hours/costs to completion and the review of
appropriate budget/actual comparisons are effective means of
monitoring the progress of the audit engagement.
 3. Audit Diagram

 INTRODUCTION

An explanation of the purpose and scope of the ISA, including how the ISA relates
to other ISAs, the subject matter of the ISA, specific expectations on the auditor
and others, and the context in which the ISA is set.

 OBJECTIVES

The objective to be achieved by the auditor as a result of complying with the

requirements of the ISA. To achieve the overall objectives of the auditor, the
auditor is required to use the objectives stated in relevant ISAs in planning and
performing the audit, keeping in mind the interrelationships among the ISAs. ISA
25 200.21 (a) requires the auditor to:

a. Determine whether any audit procedures in addition to those required by

the ISAs are necessary in pursuance of the objectives stated in the ISAs; and
b. Evaluate whether sufficient appropriate audit evidence has been
obtained.
 3. Audit Diagram

 DEFINITIONS

A description of the meanings attributed to certain terms for purposes of the ISAs. These are provided to assist
in the consistent application and interpretation of the ISAs. They are not intended to override definitions that
may be established for other purposes, such as those contained in laws or regulations. Unless otherwise
indicated, these terms carry the same meanings throughout the ISAs.

 REQUIREMENTS

This policy outlines the specific auditor requirements. Each requirement contains the word “shall.”

 APPLICATION AND OTHER EXPLANATORY MATERIAL

The application and other explanatory material provides further explanation of the requirements of an ISA,
and guidance for carrying them out. In particular, it may:

a. Explain more precisely what a requirement means or is intended to cover;

26 b. Where applicable, include considerations specific; and
c. Include examples of procedures that may be appropriate in the circumstances. However, the actual
procedures selected by the auditor require the use of professional judgment based on the particular
circumstances of the firm and the assessed risks of material misstatement.

While such guidance does not in itself impose a requirement, it is relevant to the proper application of the
requirements of an ISA. The application and other explanatory material may also provide background
information on matters addressed in an ISA.
 3. Audit Diagram

 ACTIVITIES

The firm should be of the audit approach consists of the following Activities :

1. Audit Planning ( ISA 220,240,250,315,330)

2. Perform Audit Plan ( ISA 315,330)
3. Conclude and Report (ISA 260)
4. Perform Post Engagement Activities (ISQC 1)

27
 3. Audit Diagram

 ACTIVITIES

The details such activities are as follows:

28

Chart 1: Audit Cycle

 3. Audit Diagram

 AUDIT PLANNING

Audit planning consists of several activities are as follows :

1. Perform Pre-Engagement Activities

2. Perform Preliminary Planning
3. Assess Risk and Establish Materiality
4. Develop Audit Plan

29
 3. Audit Diagram

 PERFORM PRE-ENGAGEMENT ACTIVITIES

1. Pre-engagement activities include assessing engagement risk, selecting the

team and establishing the terms of engagement. During the course of pre-
engagement activities specific matters to consider include:

a. Fraud risk factors

b. Conflicts of interest & background checks
c. Use of specialists
d. Independence of engagement team

2. Perform Pre-Engagement consist of the following activities :

30
a. Assess and respond to engagement risk
b. Select the engagement team
c. Establish terms of engagement and client service requirements
 3. Audit Diagram

 PERFORM PRE-ENGAGEMENT ACTIVITIES

3. The following ISA should be considered in pre-engagement activities:

a. ISA 220 (Quality Control For An Audit Of Financial Statements)

• ISA 220 runs in collaboration with ISQC 1 'Quality Control for Finns that Perform Audits and
Reviews of Financial Statements, and Other Assurance and Related Services Engagements’.
• ISA 220 requires the firm to establish and maintain a system of quality control to provide it
with reasonable assurance that:

(a) the firm and personnel comply with professional standards and applicable legal and
regulatory requirements; and
(b) the reports issued by the firm or engagement partners are appropriate in the
circumstances.

31 • The engagement partner takes full responsibility for the audit and overall quality control.
• Engagement partners must take appropriate action where there is evidence that members
of the engagement team have not been complying with applicable ethical requirements.
• In recurring audits, the engagement partner must consider any information that would have
caused the firm to decline the audit engagement had that information been available at
the time.
 3. Audit Diagram

 PERFORM PRE-ENGAGEMENT ACTIVITIES

3. The following ISA should be considered in pre-engagement activities:

b. ISA 240 (The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial

Statements)

• International Standard on Auditing 240: The Auditor’s Responsibilities Relating

to Fraud in an Audit of Financial Statements is probably one of those
standards that got highlighted and massively overhauled after the scandals in
business cosmos like Enron. This standard clarifies the responsibilities of
management auditors pertaining to fraud and its effects on financial
statements and due to this fact it considered one of the important guidelines
in auditing profession.

32 • ISA 240 clarifies that it is management who is responsible to manage fraud.

Auditor on the other hand is interested in those fraudulent activities that affect
the financial information and ultimately increase audit risk. Auditor is required
to carry out audit engagement with an attitude of professional skepticism. To
make audit engagement effective discussions among team members,
inquiries of personnel involved in the management of the entity and
communicating with those charged with governance is important. If fraud is
suspected or identified, auditor shall determine its effects on audit
engagement. Audit is also required to document fraud suspected or
identified and how it was dealt.
 3. Audit Diagram

 PERFORM PRE-ENGAGEMENT ACTIVITIES

4. Diagram of Perform Pre-Engagement Activities

33
 3. Audit Diagram

 PERFORM PRELIMINARY PLANNING

1. Preliminary planning starts with Engagement Partner to perform strategic

planning meeting with audit team member. To effectively plan the
engagement an understanding is required of the:

a. Understanding entity and environment, includes :

• External factors (e.g., industry matters, laws)

• Internal factors (e.g., business objectives)
• Accounting policies

b. Assessment of internal control components

34
Assess the design & implementation of entity level controls supporting:

• Control environment
• Risk assessment
• Information and communication
• Monitoring controls
• Control Activities
 3. Audit Diagram

 PERFORM PRELIMINARY PLANNING

1. Preliminary planning starts with Engagement Partner to perform strategic planning meeting with
audit team member. To effectively plan the engagement an understanding is required of the:

c. Understanding accounting process

The firm understanding of accounting process includes:

• Business cycles and significant classes of transactions

• Principle business activities
• Flow of transactions
• Policies and procedures
• Disclosures

d. Other planning considerations:

35 • Fraud risks factors

• The entity’s use of computers (e.g., significant or dominant and the impact on firm’s audit)
• Assessment of engagement risk
• Going concern assumption
• Internal audit
• Related party transactions
• Litigations and claims
• Noncompliance with laws and regulation
• Specific items (e.g., segment information)
 3. Audit Diagram

 PERFORM PRELIMINARY PLANNING

2. Preliminary Planning consist of the following activities :

a. Understand the client’s business

b. Understand the control environment
c. Understand the accounting process
d. Perform preliminary analytical procedures
e. Determine planning materiality
f. Prepare and communicate client service plan

36 3. The following ISA should be considered in preliminary planning activities:

a. ISA 220 (Quality Control For An Audit Of Financial Statements)

Please refer explain on to page 1 – 12

 3. Audit Diagram

 PERFORM PRELIMINARY PLANNING

3. The following ISA should be considered in preliminary planning activities:

a. ISA 220 (Quality Control For An Audit Of Financial Statements)

Please refer explain on to page 1 – 12

b. ISA 250 (Consideration of Laws and Regulations In An Audit of Financial Statements)

• Some laws and regulations have a direct effect on the financial statements. Others may
not have a direct effect on the financial statements but may directly affect the conduct of
the entity's business, for example Health and Safety at Work legislation.
• Laws and regulations need to be considered because a breach in such could result in fines
or other consequences which may have a material effect on the financial statements.
• Responsibility for compliance with laws and regulations rests with management and those
charged with governance.
• The auditor shall discuss with management and, where applicable, those charged with
governance any suspected acts of non-compliance with laws and regulations.
37 • Any acts of non-compliance between management and those charged with governance
must be notified to the next higher level of authority. Where no higher level of authority
exists legal advice must be sought.
• A qualified or adverse opinion is expressed if the act of non-compliance with laws and
regulations has a material effect on the financial statements which has not been reflected
within those financial statements.
• A qualified, or disclaimer of, opinion will be expressed by the auditor if the auditor is unable
to obtain sufficient and appropriate audit evidence to evaluate whether non-compliance
that may be material to the financial statement has occurred.
• If the auditor encounters situations giving rise to a limitation on the scope of the audit work,
the auditor shall evaluate the effect of such a scope limitation on the audit opinion
 3. Audit Diagram

 PERFORM PRELIMINARY PLANNING

3. The following ISA should be considered in preliminary planning activities:

c. ISA 315 (Assessing The Control Environment)

• The control environment is just one of five components of internal control

• ISA 315 says it must be assessed
• That assessment then has an effect on the assessment of the risk of material misstatements
and on audit procedures

d. ISA 330 (The Auditor’s Responses to Assessed Risks)

• Risk features heavily in auditing and one of the primary functions of audit is to reduce risk to
an acceptable level.
• Auditors can gather sufficient and appropriate audit evidence through substantive
procedures and control tests.
• All audit procedures must be responsive to the assessed levels of risk.
38 • Detailed tests of control in recurring audits should be undertaken at least every third audit,
but auditors shall consider other relevant factors when considering the time period that
should elapse before further detailed testing.
• Substantive procedures include analytical procedures and tests of detail.
• Audit procedures generate the audit evidence, audit procedures in themselves are not
audit evidence.
• The risk assessment must be modified if information comes to the auditor's attention which
the auditor was not previously aware of.
• Audit evidence must be evaluated for sufficiency and appropriateness to determine if the
evidence reduces the risk of material misstatement to an acceptably low level.
 3. Audit Diagram
 PERFORM PRELIMINARY PLANNING

4. Diagram of Perform Preliminary Planning

39
 3. Audit Diagram

 ASSESS RISK AND ESTABLISH MATERIALITY

1. The third phase in audit planning activities is related to Assess risk at

account balance in the company’s financial statement. The firm should
assess whether there is a potential error risk at account balance and
decide whether the audit team will rely on control (perform test of control)
or do not rely on control.

a. Have we identified any specific risks?

Yes: Increase control & substantive testing
No: Normal testing

b. Are we planning to rely on controls?

Yes: Test operating effectiveness
40 No: Test fully substantively

The purpose of Assess risk and establish materiality are as follow:

a. Estimate tolerable level of misstatement

b. Establish scope
c. Evaluate effect of known and likely misstatements
 3. Audit Diagram

 ASSESS RISK AND ESTABLISH MATERIALITY

The auditor’s responsibility is to determine whether financial statements are

materially misstated. If there is a material misstatement, the auditor will bring it
to the client’s attention so that a correction can be made.

The materiality calculation materiality can be divided into some factors

including the following:

41 a. Computation of Planning Materiality

b. Computation of Tolerable Error
 3. Audit Diagram
 ASSESS RISK AND ESTABLISH MATERIALITY

Computation of Planning Materiality

The computation of planning materiality consists of:

a. Identify the Materiality Critical Component

Select the most relevant critical component (check one):

Measurement
Percentage

Income from continuing operations (after tax) 5.0%

Normalized income from continuing operations (after tax) 5.0%
Total revenues 2.0%
Total assets 2.0%
Net assets or total equity 5.0%

Reasons of selected critical component

42 Indicate the critical component amount (monetary value).

b. Calculate Materiality

Measurement
Benchmark Amount Percentage Materiality
(from Step 1b) (from Step 1a) Amount

x =
 3. Audit Diagram

 ASSESS RISK AND ESTABLISH MATERIALITY

Computation of Tolerable Error

The computation of tolerable error consists of:

a. Determine the amount of Planning Materiality

b. Determine % to be used in computing for tolerable error

Risk Assessment Percentage

High 15%
Medium 30%
43 Normal 40%

c. Calculate Tolerable Error

Tolerable Error % Amount of Materiality Tolerable Error

Amount

X =
 3. Audit Diagram

 ASSESS RISK AND ESTABLISH MATERIALITY

2. The following ISA should be considered in assess risk and establish materiality activities:

a. ISA 25, “Audit Materiality,” par. 3

• Information is material if its omission or misstatement could influence the economic decisions
of users taken on the basis of the financial statements. Materiality depends on the size of the
item or error judged in the particular circumstances of its omission or misstatement. Thus
materiality provides a threshold or cut-off point rather than being a primary qualitative
characteristic which information must have if it is to be useful

3. Diagram of Assess risk

44
 3. Audit Diagram

 DEVELOP AUDIT PLAN

1. In developing audit plan, it is appropriate to consider the following matters:

a. Assess risk at the account balance level

b. Design of testing controls
c. Describe the levels of substantive assurance within the audit assurance model

Assessing Acceptable Audit Risk and Inherent Risk

In assessing acceptable audit risk the auditors may accept some level of risk in
performing the audit. An effective auditor recognizes that risks exist, are difficult to
measure, and require careful thought to respond. Consequently, responding to risks
45 properly is critical to achieving a high-quality audit.

Risk and Evidence

Auditors gain an understanding of the client’s business and industry and assess client
business risk. The auditors use the audit risk model to further identify the potential for
misstatements and where they are most likely to occur. Furthermore, auditor should
decide engagement risk and use that risk to modify acceptable audit risk. The
engagement risk closely relates to client business risk.
 3. Audit Diagram

 DEVELOP AUDIT PLAN

Factors Affecting Acceptable Audit Risk is:

• The degree to which external users rely on the statements

• The likelihood that a client will have financial difficulties after the audit report is issued
• The auditor’s evaluation of management’s integrity

Methods to Assess Acceptable Audit Risk

The method to assess acceptable audit risk can be describe in the following table :

Factors : Methods Used :

a. External users’ reliance on financial statements  Examine financial statements
 Read minutes of the board
46  Discuss financing plans with management

b. Likelihood of financial difficulties  Analyze financial statements for difficulties using

ratios
 Examine inflows and outflows of cash flow
statements

c. Management integrity  Client acceptance and continuance procedures

 3. Audit Diagram

 DEVELOP AUDIT PLAN

Factors Affecting Inherent Risk

The following factors will affect inherent risk are:

a.Nature of the client’s business

b.Results of previous audits
c.Initial versus repeat engagement
d.Related parties
47 e.Nonroutine transactions
f. Judgment required to correctly record account balances and
transactions
g.Makeup of the population
h.Factors related to fraudulent financial reporting
i. Factors related to misappropriation of assets
 3. Audit Diagram

 DEVELOP AUDIT PLAN

The audit responds to risk:

The auditors can change the audit to respond to risks by performing: (a) the
engagement may require more experienced staff, and (b) the
engagement will be reviewed more carefully than usual

Tolerable Misstatement, Risks, and Balance-related Audit Objectives:

It is common to assess inherent and control risk for each balance-related

48 audit objective. However, it is not common to allocate materiality to
objectives. The auditor also should consider Impact of information
technology on Audit Testing, by performing: (a) computer assisted audit
techniques may be used to test automated controls or data, and (b)
reports produced by IT may be used to test the effectiveness of IT general
controls, which consists of

i. Program change controls

ii. Access controls
 3. Audit Diagram

 DEVELOP AUDIT PLAN

Methodology for Designing Controls and Substantive Tests

The firm methodology for designing control and substantive testing are as follow:

49
 3. Audit Diagram

 DEVELOP AUDIT PLAN

Audit Risk Model

The audit risk model is used to determine plan detection risk (PDR) by using
audit risk model:

AR = DR x IR × CR

50 Where: AR = Audit risk

DR = Detection risk
IR = Inherent risk
CR = Control risk
 3. Audit Diagram

 DEVELOP AUDIT PLAN

Reliability Factors

The firm using Reliability Factor (R factor) to Plan Detection Risk (PDR). The tables of risk
factor are as follow:

51

Note:
LOA = Level of Assurance
CF = Confidence Factor
 3. Audit Diagram
 DEVELOP AUDIT PLAN

The example to use Reliance Factor is as follow:

Case 1

 If the Auditor believe that Inherent Risk (IR) is High and Control Risk (CR) is also High (Control Risk
at the maximum), but the Audit Risk (AR) determined by 5%. How much Reliance Factor should be
applied?

Answer:
AR 0,05
Plan Detection Risk (PDR) = = = 0, 05 (5%) R = 3 (see table Risk Factor)
IR x CR 1x 1
Case 2

 If the Auditor believe that Inherent Risk (IR) is High but Control Risk (CR) is Low (The Auditor believe
52 that the Control is effective or Control Risk below maximum), and Audit Risk (AR) determined by 5%.
How much Reliance Factor should be applied?

Answer:
AR 0,05
Plan Detection Risk (PDR) = = = 0, 11 (11%) R = 2,3 (see table Risk
Factor) IR x CR 1 x 0,45
 3. Audit Diagram

 DEVELOP AUDIT PLAN

The example to use Reliance Factor is as follow:
Case 3

 If the Auditor believe that Inherent Risk (IR) is Low, but the Control Risk (CR) is High (the Auditor
plan not to rely on control (Control Risk is at the Maximum), and Audit Risk (AR) determined by 5%.
How much Reliance Factor should be applied?

Answer:
AR 0,05
Plan Detection Risk (PDR) = = = 0, 16 (16%) R= 1,8 (see table Risk Factor)
IR x CR 0,31 x 1
Case 4
53
 If the Auditor believe that Inherent Risk (IR) and Control Risk (CR) is Low (the Auditor believe that
the control is effective or Control Risk below Maximum), and Audit Risk (AR) determined by 5%. How
much Reliance Factor should be applied?

Answer:
AR 0,05
Plan Detection Risk (PDR) = = = 0,5 (50%) R = 0,7 (see table Risk Factor)
IR x CR 0,31 x 0,31
 3. Audit Diagram

 DEVELOP AUDIT PLAN

2. The following ISA should be considered in develop audit plan activities:

a. ISA 220 (Quality Control For An Audit Of Financial Statements)

Please refer explain on to page 1 – 12

b. ISA 250 (Consideration of Laws and Regulations In An Audit of Financial

Statements)

Please refer explain on to page 1 – 14

c. ISA 315 (Assessing The Control Environment)

54
Please refer explain on to page 1 – 15

d. ISA 330 (The Auditor’s Responses to Assessed Risks)

Please refer explain on to page 1 – 15

 3. Audit Diagram

 DEVELOP AUDIT PLAN

3. Diagram

55
 3. Audit Diagram

 PERFORM AUDIT PLAN

Perform audit plan consists of several activities are as follows:

1. Perform tests of controls and evaluate results

2. Perform substantive tests and evaluate results
3. Perform financial statement review

 PERFORM TESTS OF CONTROLS AND EVALUATE RESULTS

1. In order to achieve a maximum level of control assurance, the firm should

perform tests of controls to obtain sufficient appropriate audit evidence
that the controls which provide reasonable assurance of achieving all of
56 the relevant control objectives for a potential error were operating
effectively at relevant times during the period under audit

2. If firms test the operating effectiveness of a control, the firm should obtain
audit evidence about the accuracy and completeness of any information
produced by the entity that we use in performing audit procedures.
 3. Audit Diagram
 PERFORM AUDIT PLAN
Perform audit plan consists of several activities are as follows:

1. Perform tests of controls and evaluate results

2. Perform substantive tests and evaluate results
3. Perform financial statement review

 PERFORM SUBSTANTIVE TESTS AND EVALUATE RESULTS

1. Perform tailored substantive procedures based on the assessment of

inherent and control risk by performing : (i) test of details and (ii) analytical
procedures.

2. The Analytical Procedures will be performed at an assertion level (includes

57 the use of ACL / STAR where possible) and Perform profiling where possible.
The Roll-forward interim procedures should be taken for the rest of Audit
procedures.

3. During the course of Audit , the auditor should consider specific fraud
procedures such as : (i) In response to the risk of management override, (ii)
Appropriateness of journals, (iii) Review of estimates for bias, and (iv)
Significant and unusual transactions
 3. Audit Diagram

 PERFORM AUDIT PLAN

Perform audit plan consists of several activities are as follows:

1. Perform tests of controls and evaluate results

2. Perform substantive tests and evaluate results
3. Perform financial statement review

 PERFORM FINANCIAL STATEMENT REVIEW

1. In conduct of Audit, the Auditor should Perform Financial Statement Review for

a. Perform Analytical Procedures

b. Going Concern Consideration
58 c. Fair Value Consideration
d. Other Consideration

2. The following ISA should be considered in perform audit plan activities :

a. ISA 315 (Assessing The Control Environment)

Please refer explain on to page 1 – 15
b. ISA 330 (The Auditor’s Responses to Assessed Risks)
Please refer explain on to page 1 – 15
 3. Audit Diagram

 CONCLUDE AND REPORT

Conclude and report consists of several activities are as follows:

1. Perform subsequent events review

2. Obtain management representations
3. Prepare audit summary memorandum
4. Engagement reporting

 PERFORM SUBSEQUENT EVENTS REVIEW

1. In performing the subsequent events review, we normally document the following:

a. The determination of the period to be covered by the review

b. The audit procedures performed and the results thereof
59 c. Any material subsequent events that we identified
d. How we satisfied ourselves that the identified subsequent events were properly treated in the
financial statements.

2. If, after the date of our audit report but before the financial statements are issued, we become
aware of a fact that may materially affect the financial statements, we normally document the
following:

a. Our consideration of whether the financial statements need to be amended

b. Our discussions of this matter with management
c. Our actions taken, including, if appropriate, any modifications of our audit report.
 3. Audit Diagram

 CONCLUDE AND REPORT

Conclude and report consists of several activities are as follows:

1. Perform subsequent events review

2. Obtain management representations
3. Prepare audit summary memorandum
4. Engagement reporting

 OBTAIN MANAGEMENT REPRESENTATIONS

1. The firm should obtain audit evidence that management (1) acknowledges its responsibility for the
fair presentation of the financial statements in accordance with the applicable financial reporting
framework and (2) has approved the financial statements. These representations are normally
made and dated on the same date as our audit report on the financial statements.

2. The firm should obtain a written representation from management regarding the completeness of
information provided regarding the identification of related parties and the adequacy of related
party disclosures in the financial statements.
60
3. The firm should review the response of each of the entity’s legal counsel to whom our inquiry letters
were sent to determine if:

a. The response is restricted in any fashion

b. A claim or other matter referred to in the inquiry letter has been omitted from the response
c. The legal counsel disagrees with the entity’s evaluation of a claim.

4. The firm should attempt to resolve them or, failing to do so, should consider the effect on our audit
report.
 3. Audit Diagram
 CONCLUDE AND REPORT

Conclude and report consists of several activities are as follows:

1. Perform subsequent events review

2. Obtain management representations
3. Prepare audit summary memorandum
4. Engagement reporting

 PREPARE AUDIT SUMMARY MEMORANDUM

1. An audit summary memorandum should be prepared, as part of our concluding audit

procedures, for each audit engagement to document our major findings and
conclusions on important auditing, accounting, and reporting issues, including
significant judgments made by the engagement team. The audit Engagement
Partner should determine the form and content of the audit summary memorandum,
61 which will vary according to the size and circumstances of the audit engagement. The
audit summary memorandum should be approved by the audit Engagement Partner.

2. In preparing our audit summary memorandum, the firm normally also document the
following:

a. Important information derived from our financial statement review

b. Our conclusions on important accounting, auditing, and reporting issues, including
any changes in accounting policies or the adoption of new policies
c. Our findings about possible improvements of the entity and its environment.
 3. Audit Diagram
 CONCLUDE AND REPORT

Conclude and report consists of several activities are as follows:

1. Perform subsequent events review

2. Obtain management representations
3. Prepare audit summary memorandum
4. Engagement reporting

 ENGAGEMENT REPORTING

1. The firm should document communications about fraud made to management, those charged with
governance, regulators, and others.

2. Our documentation of engagement reporting would normally also include, as relevant:

a. Audit report on the financial statements

b. Instances of noncompliance with applicable laws and regulations.
c. Our audit evidence that the comparative information included in financial statements on which
62 we are reporting complies in all material respects with the applicable financial reporting
framework.
d. Report(s) to those charged with governance.
e. Report(s) to management.
f. Other reports and written communications to management and, if applicable, those charged
with governance.
g. Details of the facts supporting the conclusions and recommendations contained in the report to
management and, if applicable, those charged with governance and notes indicating the
person with whom the firm discussed each matter and when it was discussed. The
development of individual points may be summarized on an insight collection sheet, which is
contained in the common documentation.
 3. Audit Diagram

 CONCLUDE AND REPORT

Conclude and report consists of several activities are as follows:

1. Perform subsequent events review

2. Obtain management representations
3. Prepare audit summary memorandum
4. Engagement reporting

 ENGAGEMENT REPORTING

1. The firm should document communications about fraud made to management, those
charged with governance, regulators, and others.

2. Our documentation of engagement reporting would normally also include, as

63 relevant:

e. Notes concerning matters communicated orally to management and, if

applicable, those charged with governance, describing our observations and
recommendations and when and to whom they were communicated.
f. Communications about fraud made to those charged with governance,
management, regulatory and enforcement authorities, and others.
g. Records controlling the processing and distribution of our reports and the financial
statements.
h. Evidence of the Engagement Quality Assurance Review.
 3. Audit Diagram

 CONCLUDE AND REPORT

 ENGAGEMENT REPORTING

The following ISA should be considered in Conclude and Report activities:

a. ISA 260 (Communication With Those Charged With Governance)

• The auditor must consider whether the two-way communication process has been adequate to
enable an efficient audit.
• Laws and regulations may prevent communication of specific matters by the auditor. In such
cases the auditor may consider legal advice.
• The auditor shall communicate their responsibilities in relation to the audit of the financial
statements. The auditor shall communicate the planned scope and timing of the audit.
• Significant findings from the audit must be communicated to those charged with governance,
64 including any significant difficulties or any other significant matters.
• Additional matters are required to be communicated to those charged with governance in
respect of listed clients.
• Communication can be made orally or in writing, but must be made on a timely basis. The
auditor shall communicate to those charged with governance:
a) Qualitative aspects of the entity's accounting practices and financial reporting.
b) Significant difficulties, if any, encountered during the audit.
c) Significant matters, if any, discussed, or subject to correspondence with management.
d) Written representations the auditor is requesting.
e) Other significant matters
 3. Audit Diagram
 CONCLUDE AND REPORT

 ENGAGEMENT REPORTING

Diagram of Conclude and Report

65
 3. Audit Diagram

 ASSESS ENGAGEMENT QUALITY

The objective of this policy is to provide guidance on how to:

a. Reassess engagement risk and respond to any changes in engagement risk

b. Seek and respond to the client’s perceptions of the quality of our service.
c. Learn from and build upon the successes of the audit engagement
d. Learn from and build upon the knowledge and experience gained by the
members of the engagement team.
66
Thank You