RISK ASSESSMENT IN AUDITPresented by:Amna EjazAshha MirzaFaraz AyubMaria ZakirMohsin Riaz Zahra Javaid MirzaZara Iftikhar*

ContentsAudit risk

Identifying the risks of material misstatement (ISA 315)

Auditors response to assessed risks (ISA 330)

*

Audit risk*

Definition of Audit risk

Audit risk is the risk that an auditor expresses an inappropriate opinion on the financial statements.

*

Model

Audit Risk = Inherent Risk x Control Risk x Detection Risk *

Inherent riskError or omission as a result of factors other than the failure of controls .

High degree of judgment and estimation High risk Highly complex transactions High risk

Example: Newly formed financial institution Vs well established manufacturing company. *

Control riskAbsence or failure in the operation of relevant controls of the entity.

Adequate internal controls needed.

Internal control not sufficient High risk

Example: Small sized entity*

Detection riskAuditors fail to detect a material misstatement in the financial statements.

Audit procedures needed.

Misapplication or omission procedures Undetected material misstatement.

Increase number of sampled transactions for detailed testing Detection risk reduced.*

Application of modelTo manage the overall risk of an audit engagement.

Detection risk forms the residual risk.

Inherent and control risk (high) low detection risk set.

Inherent and control risk (low) relatively high detection risk set. *

ExampleABC is an audit and assurance firm which has recently accepted the audit of XYZ. During the planning of the audit, engagement manager has noted the following information regarding XYZ for consideration in the risk assessment of the assignment:XYZ is a listed company operating in the financial services sectorXYZ has a large network of subsidiaries, associates and foreign branchesThe company does not have an internal audit department and its audit committee does not include any members with a background in finance as suggested in the corporate governance guidelines

It is the firm's policy to keep the overall audit risk below 10%Audit Risk = Inherent Risk x Control Risk x Detection Risk0.10 = 0.60 x 0.60 x Detection Risk0.10 = Detection Risk = 0.278 = 27.8% 0.36*

Identifying the risks of material misstatement (ISA 315)

*

AuditFollowing are the steps involved in performing an audit:Obtaining an understanding of the audit clientIdentifying and assessing the risks of material misstatement (RoMM) in the financial statements based on our understanding Designing and performing audit procedures in response to the identified RoMMForming an opinion on the financial statements based on the result of the procedures performed

*

International Standards (ISA 315)It deals with the auditors responsibility to:Understand the entity and its environment including its internal controls; and Identify and assess the risk of material misstatements in the financial statements based on the understandingThe guidance provided in this ISA serves to provide a bases for designing and implementing responses to the assessed risks RoMM

*

Obtaining understanding of the entity and its environmentThe auditor has to obtain understanding of the following:Relevant industry regulatory and other external factorsThe nature of the entity(its operations, ownership and governance structure etc.)Entity selection and application of accounting policiesThe entitys objective and strategies and the related business risks that may result in RoMMThe measurement and review of the entitys financial performance*

Identifying and Assessing the RoMMThe auditor shall identify and assess the RoMM at:The financial statement level; andThe assertion level for classes of transactions, account balances and disclosureThis procedure involvesIdentifying risks throughout the process of obtaining an understanding of the entity and its environmentAssessing the identified risks, and evaluating whether they relate more pervasively to the financial statements as a wholeRelating the identified risks to what can go wrong at the assertion levelConsidering the likelihood and magnitude of misstatement

*

Risk Assessment procedure and related activitiesInquiries of management and other appropriate individuals within the entity Analytical proceduresObservations and inspectionEvaluation of information obtained through auditors client Evaluation of information obtained from auditors previous experience*

Internal Control and componentsUnderstanding of Internal control assists the auditor in identifying the likely occurrence of potential misstatements and factors that affect the RoMMThe components of internal controls include:Control environmentEntitys risk assessment processControl activitiesMonitoring of controls

*

Significant RisksThere are certain risks that, in the auditors judgment, require special audit consideration, these risks are referred to as significant risksIn exercising judgment as to which risks are significant risks, the auditor shall consider the following:Fraud riskEconomic, accounting and other development riskComplexity of transactionsTransaction with related partiesMeasurement uncertainty

*

Auditors response to assessed risks (ISA 330)

*

ISA 330Objective of ISA 330:Obtain sufficient appropriate audit evidence regarding the assessed RoMMDesigning and implementing appropriate responses to those risks*

Types of response to assessed risksThe responses to assessed risks of RoMM comprise of the following 2 categories:Test of controls (procedures designed to evaluate the operating effectiveness of controls)Substantive procedure (audit procedure designed to detect material misstatements)Substantive procedures comprise:Test of detailsStandard Analytical procedures*

Audit Procedures Responsive to the Assessed Risks of Material MisstatementThe auditor must design and perform further audit procedures whose nature, timing and extent are based on, and are responsive to, the assessed risksThe nature of an audit procedureTiming of an audit procedureExtent of an audit procedure*

Responses to Assessed Risks at Overall Financial Statement LevelEmphasizing to the engagement team the need to maintain professional skepticism.Assigning more experienced staff or those with special skills or using experts.Providing more supervision.Incorporating additional elements of unpredictability in audit procedures.Making general changes to the nature, timing or extent of audit procedures.*

Test of ControlsDesigned to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion levelThe greater the reliance -> the more persuasive the audit evidence the auditor must obtain.The auditor must design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating effectiveness of relevant controls if:The auditors assessment of risks of material misstatement at the assertion level includes an expectation that the controls are operating effectivelySubstantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level.

*

Substantive proceduresA Substantive procedure is an audit procedure designed to detect material misstatements at the assertion level.Substantive procedures are of two types:

Tests of details of classes of transactions, account balances, and disclosures; and

Substantive analytical procedures*

Nature of Substantive proceduresTests of details of transactions are audit procedures related to detailed examination of the processing of particular classes of transactions and account balances through the accounting systems.Analytical procedures consist of evaluations of financial information through analysis of credible relationships among both financial and non-financial data.

*

Other ConsiderationsInterim Testing using substantive proceduresImpact of ineffective internal controls on the auditors proceduresDocumentation requirements

*

Interim Testing using substantive proceduresIn some instances, substantive procedures may be performed at an interim date. Only using interim testing procedures will increase the risk that misstatements existing at the period end will not be detectedPerforming audit procedures at an interim date may assist the auditor in identifying and resolving issues at an early stage of the audit.

*

Impact of ineffective internal controls on the auditors proceduresRespond to an ineffective internal control environment by:

Conducting more audit procedures as of the period end rather than at an interim dateObtaining more extensive audit evidence from substantive procedures.Increasing the scope of testing *

Documentation requirementsThe overall responses to address the assessed risks of material misstatement The nature, timing and extent of the further audit procedures performed.The linkage of the procedures performed with the assessed risks at the assertion level; The results of the audit procedures, including the conclusions reached.*

Assertions in the Audit of Financial Statementsclaims by the management regarding the appropriateness of financial statementsPurpose & Importanceassist auditors in considering issues that are relevant to the authenticityreduce theaudit risk*

Assertions for classes of transactions*

Assertions for account balancesExistenceRights and obligations (entity holds or controls the rights to assets and liabilities are the obligations of the entity)CompletenessValuation and Allocation (any resulting valuation adjustments are appropriately recorded)*

Final AssessmentBased on the substantive procedures, the auditor considers the assessment of control riskInherent and control risk are interrelatedMake a combined assessmentReevaluation

*

Thank you!*

Risk assessments makes up the base of an Audit engagement*