Risk Based Audit

Ade Irma Hidayah

Source: Book 2, DBSD&A Audit Approach
 INTRODUCTION

Audit approach and methodology consists of the following sections :

A. Section one (Audit Approach and Methodology), which consists of:

1. Introduction
2. Manage the Audit Engagement
3. Audit Diagram

B. Section two (Policy and Documentation), which consists of:

1. Audit Planning :
2. Perform Audit Plan
3. Conclude and Report
4. Perform Post-Engagement Activities

3
1. Introduction

 GENERAL

The audit approach is risk based with a focus on understanding each entity and its
environment and identifying risks associated with the entity, the audit engagement, and
the financial statements as a whole. The audit approach requires the development of
an audit plan that responds to these risks and to the entity’s specific circumstances

 INTERNATIONAL STANDARDS ON AUDITING

The policies and guidance policies comply with the International Standards on Auditing
(“ISAs”) issued by the International Federation of Accountants up to and including
November 2011 and in many instances incorporate the ISA wording. Member Firms
following the policies and guidance in the policies will comply with the ISAs as of that
date.

4
1. Introduction

 PURPOSE

1. The purpose of this policy is to provide an overview of the audit approach and
methodology as well as provide introductions to some of the major concepts of
the audit approach.

2. The objective of an audit of financial statements is to enable us to express an

opinion as to whether the financial statements are fairly presented, in all
material respects, in accordance with an applicable financial reporting
framework.

3. It is firm’s responsibility to design the audit to obtain reasonable assurance that

the financial statements are fairly stated in all material respects. Reasonable
assurance is derived from a combination of inherent, control, and substantive
assurance.

5
1. Introduction
 AUDIT RISK AND ASSURANCE

1. The audit assurance risk model sets out how the firm obtain overall assurance for the potential errors
for each significant account balance or disclosure.

a. The firm obtains inherent assurance by assessing risk at the potential-error level for account
balances or disclosures for the potential errors for which the firm do not identify specific risks.
Ordinarily, these are potential errors relating to transactions, account balances, or disclosures that
are not associated with one of the risk factors highlighted.

b. The firm obtain control assurance by performing the following procedures:

i. Identifying the existence of controls, for the relevant control objectives, evaluating their
design, and determining whether they have been implemented
ii. If appropriate, testing the operating effectiveness of those controls

c. The firm obtains substantive assurance by performing substantive analytical procedures, tests of
details, or a combination of the two. For each potential error, substantive assurance should
constitute a portion of firm’s overall assurance.

2. Based on the reasonable conclusions drawn from the audit evidence obtained, the firm express or
decline to express in firm’s audit report an opinion on the fair presentation of the financial statements.

6
1. Introduction

 AUDIT PROCEDURES AND RISK ASSESSMENT PROCEDURES

1. The firm obtain audit evidence to draw reasonable conclusions on which to base firm’s audit opinion by performing
audit procedures to:

a. Obtain an understanding of the entity and its environment, including its internal control, to assess the risks of
material misstatement at the financial statement and account balance levels
b. When necessary or if the firm have planned to do so, test the operating effectiveness of controls in preventing or
detecting and correcting material misstatements at account balance level
c. Detect material misstatements at the account balance error level; audit procedures performed for this purpose are
referred to as “substantive procedures” and include tests of details, substantive analytical procedures, or a
combination of the two.

2. Audit procedures to obtain an understanding of the entity and its environment, including its internal control, to assess
the risks of material misstatement at the financial statement and potential-error levels are referred to as “risk
assessment procedures” because some of the information obtained by performing such procedures may be used as
audit evidence to support assessments of the risks of material misstatement. Risk assessment procedures are a subset
of audit procedures.

3. In performing risk assessment procedures, the firm may obtain audit evidence about classes of transactions, the
potential errors for account balances or disclosures, and about the operating effectiveness of controls, even though such
audit procedures were not specifically planned as substantive procedures or as tests of the operating effectiveness of
controls. The firm may also choose to perform substantive procedures or tests of the operating effectiveness of controls
concurrently with risk assessment procedures because it is efficient to do so.

7
1. Introduction

 AUDIT EVIDENCE

1. The information used in arriving at the conclusions on which the audit opinion is based is audit
evidence. Audit evidence includes the information contained in the accounting records underlying the
financial statements and other information.

2. The firm should obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions
on which to base the audit opinion.

3. Other information that the firm may use as audit evidence includes minutes of meetings; confirmations
from third parties; analysts’ reports; comparable data about competitors (benchmarking); controls
manuals; information obtained by us from such audit procedures as inquiry, observation, and
inspection; and other information developed by or available to us that permits us to reach conclusions
through valid reasoning.

4. Sufficiency is the measure of the quantity of audit evidence. Appropriateness is the measure of the
quality of audit evidence; that is, its relevance and its reliability in providing support for the potential
errors related to account balances or disclosures or detecting misstatements in account balances or
disclosures.

8
1. Introduction

 BENEFITS

1. The audit approach has been developed to enable us to:

a. Plan and perform audit engagements that will provide an appropriate basis for the
expression of an opinion on an entity’s financial statements taken as a whole
b. Identify and appropriately address risks relevant to the audit engagement that are
associated with the entity, the audit engagement, and the potential errors for the
significant account balances or disclosures
c. Perform an effective and efficient audit
d. Determine the entity’s needs, expectations, concerns, and professional service
requirements and prepare and execute an appropriate audit plan
e. Provide clients and management with meaningful audit insights
f. Perform multilocation audits in a consistent manner
g. Clearly communicate the manner in which audit engagements are performed to
professional staff, clients, prospective clients, management, and others

9
 1. Introduction

 POLICY

1. The firm should comply with the ethical standards applicable to the audit engagement as
required by ISA

2. The firm should plan and perform the audit to reduce audit risk to an acceptably level
using reliance factor.

3. The firm should obtain sufficient appropriate audit evidence to be able to draw reasonable
conclusions on which to base the audit opinion.

4. The firm should maintain an attitude of professional skepticism throughout the audit,
recognizing the possibility that a material misstatement due to fraud could exist,
irrespective of firm’s experience with the entity about the honesty and integrity of
management and those charged with governance.

10
1. Introduction

 ACTIVITIES

OVERVIEW OF THE AUDIT APPROACH

1. The core of the audit approach consists of six principal activities:

a. Perform Pre-engagement Activities

b. Perform Preliminary Planning
c. Develop the Audit Plan
d. Perform the Audit Plan
e. Conclude and Report
f. Perform Post-engagement Activities.

11
1. Introduction

 ACTIVITIES

OVERVIEW OF THE AUDIT APPROACH

2. Risk assessment and management of the audit engagement are pervasive activities at all
stages of the audit engagement. The activities are led by the engagement management
whose key responsibilities include managing the effectiveness and efficiency of the audit
engagement as well as communicating within the engagement team and to management
and those charged with governance. These activities are a continuous process and an
integral part of the audit approach.

3. Planning is a continual and iterative process that often begins shortly after (or in
connection with) the completion of the previous audit and continues until the completion
of the current audit engagement. However, in planning an audit, The firm consider the
timing of certain planning activities and audit procedures that need to be completed prior
to the performance of further audit procedures.

12
1. Introduction

 RISK-BASED APPROACH

1. The firm should plan and perform the audit to reduce audit risk to an acceptably low level
that is consistent with the objective of an audit. The firm reduce audit risk by designing
and performing audit procedures to obtain sufficient appropriate audit evidence to be
able to draw reasonable conclusions on which to base an audit opinion.

Reasonable assurance is obtained when the firm have reduced audit risk to an acceptably
low level. The audit assurance model sets out how the firm obtain overall assurance for
the potential errors for each significant account balance or disclosure and assists us in
planning and performing the audit engagement to reduce audit risk to an acceptably low
level.

2. The audit approach enables us to develop an effective and efficient audit plan that focuses
firm’s audit procedures on high-risk areas.

13
1. Introduction

 RISK-BASED APPROACH

3. As part of firm’s pre-engagement activities, the firm assesses engagement risk. Firm’s assessment of
engagement risk is based on a combination of firm’s assessment of the risk resulting from (1) firm’s
association with the client or prospective client, (2) the audit engagement, and (3) the financial
statements as a whole.

4. 4Firm’s audit approach involves obtaining a detailed understanding of the nature of the entity’s
business and its environment. Firm’s ability to effectively assess risk is enhanced by this understanding
as well as firm’s (1) understanding of the entity’s internal control and accounting process and (2)
performance of firm’s preliminary analytical review. The value of this accumulation of understanding
increases with experience and years of service to the entity.

5. When the firm assesses risk at the potential-error level for an account balance or disclosure, the firm
seek to specifically identify the potential errors for significant account balances or disclosures that have
an increased risk of material misstatement. For the potential errors for account balances or disclosures
for which the firm have identified a specific risk, the firm assess inherent risk as high and take no
inherent assurance when planning the scope of firm’s work.

14
1. Introduction

 RISK-BASED APPROACH

6. The audit plan for a potential error for an account balance or disclosure for which the firm
have identified a specific risk will involve one of the following:

a. Performing a focused level of substantive procedures if the firm obtain no control

assurance
b. Performing a directed level of substantive procedures if the firm obtain a basic level of
control assurance
c. Performing a moderate level of substantive procedures if the firm obtains a maximum
level of control assurance.

15
1. Introduction

 FOCUS ON QUALITY

1. When performing an audit of financial statements, firm’s professional responsibilities are

established by applicable professional standards and regulatory and legal requirements.

2. The firm requires an uncompromising commitment to high professional and technical

quality. Applying the audit approach will assist us in achieving this goal.

3. The firm strives to consistently provide quality professional service. This involves
maintaining ongoing contact and effective communication with the firm clients at all
stages of the audit engagement.

16
1. Introduction

 MANAGEMENT OF THE AUDIT ENGAGEMENT

i. The audit Engagement Partner is responsible for establishing the overall scope of the audit
and assumes overall responsibility for the audit engagement. This individual is responsible
for ensuring that the audit complies with firm’s policies, applicable professional standards
and regulatory and legal requirements and responds to client needs, expectations, and
concerns.

ii. In managing risk and developing and executing the audit plan, the audit Engagement
Partner and other engagement management are the key decision makers and main
influences on the firm approach. Timely involvement of engagement management in the
key stages of the audit engagement is essential to optimizing the effectiveness and
efficiency of planning and performance of the audit engagement.

17
 1. Introduction

 CONSIDERATION OF FRAUD AND ERROR

1. The firm should maintain an attitude of professional skepticism throughout the audit,
recognizing the possibility that a material misstatement due to fraud could exist,
irrespective of firm’s experience with the entity about the honesty and integrity of
management and those charged with governance.

2. The firm considers the potential for management override of controls and recognizes the
fact that audit procedures that are effective for detecting error may not be appropriate in
the context of an identified risk of material misstatement due to fraud. The distinguishing
factor between fraud and error is whether the underlying action that results in the
misstatement of the financial statements is intentional or unintentional.

3. The term “fraud” refers to an intentional act by one or more individuals among
management, those charged with governance, employees, or third parties, involving the
use of deception to obtain an unjust or illegal advantage. Although fraud is a broad legal
concept, for the purposes of firm’s audit, the firm is concerned with fraud that causes a
material misstatement in the financial statements. The firm does not make legal
determinations of whether fraud has actually occurred.

18
1. Introduction

 CONSIDERATION OF FRAUD AND ERROR

4. Owing to the inherent limitations of an audit and internal control, there is a possibility that material
misstatements resulting from fraud and, to a lesser extent, error may not be detected. Because fraud
usually involves acts designed to conceal it, the risk of not detecting a material misstatement resulting
from fraud is greater than one resulting from error. Furthermore, the risk of not detecting a material
misstatement resulting from management fraud is greater than for employee fraud, because
management is frequently in a position to directly or indirectly manipulate accounting records and
present fraudulent financial information.

5. Fraudulent acts include deliberate failure to record transactions, forgery of records and documents, and
intentional misrepresentations to the engagement team. Fraud may include intentional acts by
management or employees acting on behalf of the entity, as well as employee fraud if management or
employees are involved in actions defrauding the entity.

6. Two types of intentional misstatements are relevant to us:

a. Misstatements resulting from fraudulent financial reporting

b. Misstatements resulting from misappropriation of assets.
c. Concealing, or not disclosing, facts that could affect the amounts recorded in the financial
statements
d. Engaging in complex transactions that are structured to misrepresent the financial position or
financial performance of the entity
e. Altering records and terms related to significant and unusual transactions.

19
1. Introduction

 DOCUMENTATION

1. The audit working papers are the property of the Member Firm performing the audit and support the
firm audit report. They are not part of, nor a substitute for, the entity’s accounting records. Although
the amount of documentation required varies, the working papers need to provide evidence that the
work has been performed in accordance with firm policies.

2. The audit documentation should be used in planning and performing audit engagements performed in
accordance this the policies and guidance.

3. The common audit documentation contains the following:

a. Standard index
b. Forms that support the following:

(i) The audit planning process

(ii) The understanding of the entity’s internal control, including evaluation of the design of controls
and determining whether they have been implemented
(iii) Testing of the operating effectiveness of controls
(iv) Performing substantive procedures

c. Audit’s documents and templates format.

20
2. Manage the Audit Engagement
 PURPOSE

1. Every audit engagement should be under the control and supervision of an audit Engagement Partner
to whom responsibility for the conduct of the audit engagement in accordance with the policies in
the Manual, the applicable professional standards and regulatory and legal requirements is assigned.

2. Allocation of responsibilities is a matter for the audit Engagement Partner to address. Matters such
as maintaining continuity and an appropriate level of experience within the engagement team
significantly affect the effectiveness of the engagement team.

3. The effectiveness with which the audit engagement is managed will be improved if each person
involved has a clear understanding of the respective roles and responsibilities of each member of the
engagement team. The division of responsibilities discussed in this policy needs to be regarded as a
guide only. Roles will vary in practice depending on the nature, size, and complexity of the entity’s
operations.

4. The engagement management responsible for an audit engagement includes, depending on the size,
nature, and complexity of the entity’s operations, some or all of the following:

a. Audit Engagement Partner

b. Audit Manager
c. The Accountant-in-Charge or Field Senior.

21
2. Manage the Audit Engagement
 AUDIT ENGAGEMENT PARTNER

1. Achieving quality throughout planning, supervision, and management of an audit engagement is

significantly more effective than efforts to achieve quality during the review process alone.

 TEAMWORK

1. Teamwork is key to successful management of an audit engagement. The high quality of firms
professional service is maintained by engagement teams that build on individual strengths,
knowledge, and expertise.

2. On-the-job training, in the form of supervision, accelerates learning and enhances effectiveness of
individuals on the engagement team. Supervision continues until the conclusion of the audit
engagement. Each member of the engagement team has a responsibility to ensure that there are no
unresolved issues.
3. After the audit engagement is complete, the engagement team meets to review the performance of
the audit engagement and decide what needs to be changed for the following period’s audit
engagement. A debriefing of the engagement team helps us build on the successes of the current
audit engagement and continue to improve the overall quality of firm’s audit.

4. The firm also considers which processes need to be established to effectively manage relationships
with the client and among members of the engagement team in the period between the completion
of the current audit engagement and the beginning of work on the following period’s audit
engagement.

22
2. Manage the Audit Engagement
 CONSULTATION

1. Consultation RMQC and Quality Control or internal specialists should be performed in

accordance with the firm’s policies of the Professional Practice Manual.

2. The audit Engagement Partner should consult, as deemed necessary, with individuals
with the appropriate capabilities and competence on (1) technical accounting and
auditing questions regarding the application and interpretation of applicable standards
and reporting issues or (2) any other matter pertaining to an audit engagement that,
under the circumstances, requires specialized knowledge.

3. The audit Engagement Partner should determine that significant matters subjected to
consultation and the conclusions reached are appropriately

a. Documented in the audit working papers

b. Agreed with those consulted
c. Implemented.

23
2. Manage the Audit Engagement

 POLICY

1. Every audit engagement should be under the control and supervision of an audit
Engagement Partner to whom responsibility for the conduct of the audit engagement in
accordance with the policies in the Manual, the applicable professional standards and
regulatory and legal requirements is assigned.

2. The audit Engagement Partner should:

a. Determine that conflicts of interest identified are appropriately addressed.

b. Form a conclusion on compliance with independence requirements that apply to the
audit engagement.

3. The audit Engagement Partner should consider whether members of the engagement
team have complied with applicable ethical requirements, including independence,
before beginning significant portions of fieldwork and as the audit progresses.

24
2. Manage the Audit Engagement

 DOCUMENTATION

i. In managing the audit engagement, the firm would normally document the following:

a. Sufficient evidence to show that the audit procedures have been adequately performed
b. Level of participation by entity personnel
c. Detailed budgets of time and cost for each significant account balance, along with the
allocation of the work to the respective members of the engagement team. Updating of
these budgets for actual hours/costs to date and estimated hours/costs to completion
and the review of appropriate budget/actual comparisons are effective means of
monitoring the progress of the audit engagement.

25
3. Audit Diagram

 INTRODUCTION

An explanation of the purpose and scope of the ISA, including how the ISA relates to other ISAs, the
subject matter of the ISA, specific expectations on the auditor and others, and the context in which
the ISA is set.

 OBJECTIVES

The objective to be achieved by the auditor as a result of complying with the requirements of the
ISA. To achieve the overall objectives of the auditor, the auditor is required to use the objectives
stated in relevant ISAs in planning and performing the audit, keeping in mind the interrelationships
among the ISAs. ISA 200.21 (a) requires the auditor to:

a. Determine whether any audit procedures in addition to those required by the ISAs are
necessary in pursuance of the objectives stated in the ISAs; and
b. Evaluate whether sufficient appropriate audit evidence has been obtained.

26
3. Audit Diagram

 DEFINITIONS

A description of the meanings attributed to certain terms for purposes of the ISAs. These are provided to assist in the consistent
application and interpretation of the ISAs. They are not intended to override definitions that may be established for other purposes,
such as those contained in laws or regulations. Unless otherwise indicated, these terms carry the same meanings throughout the
ISAs.

 REQUIREMENTS

This policy outlines the specific auditor requirements. Each requirement contains the word “shall.”

 APPLICATION AND OTHER EXPLANATORY MATERIAL

The application and other explanatory material provides further explanation of the requirements of an ISA, and guidance for
carrying them out. In particular, it may:

a. Explain more precisely what a requirement means or is intended to cover;

b. Where applicable, include considerations specific; and
c. Include examples of procedures that may be appropriate in the circumstances. However, the actual procedures selected
by the auditor require the use of professional judgment based on the particular circumstances of the firm and the
assessed risks of material misstatement.

While such guidance does not in itself impose a requirement, it is relevant to the proper application of the requirements of an ISA.
The application and other explanatory material may also provide background information on matters addressed in an ISA.

27
3. Audit Diagram

 ACTIVITIES

The firm should be of the audit approach consists of the following Activities :

1. Audit Planning ( ISA 220,240,250,315,330)

2. Perform Audit Plan ( ISA 315,330)
3. Conclude and Report (ISA 260)
4. Perform Post Engagement Activities (ISQC 1)

28
 3. Audit Diagram
 ACTIVITIES

The details such activities are as follows:

Chart 1: Audit Cycle

29
3. Audit Diagram

 AUDIT PLANNING

Audit planning consists of several activities are as follows :

1. Perform Pre-Engagement Activities

2. Perform Preliminary Planning
3. Assess Risk and Establish Materiality
4. Develop Audit Plan

30
 3. Audit Diagram

 PERFORM PRE-ENGAGEMENT ACTIVITIES

1. Pre-engagement activities include assessing engagement risk, selecting the team and
establishing the terms of engagement. During the course of pre-engagement activities
specific matters to consider include:

a. Fraud risk factors

b. Conflicts of interest & background checks
c. Use of specialists
d. Independence of engagement team

2. Perform Pre-Engagement consist of the following activities :

a. Assess and respond to engagement risk

b. Select the engagement team
c. Establish terms of engagement and client service requirements

31
3. Audit Diagram

 PERFORM PRE-ENGAGEMENT ACTIVITIES

3. The following ISA should be considered in pre-engagement activities:

a. ISA 220 (Quality Control For An Audit Of Financial Statements)

• ISA 220 runs in collaboration with ISQC 1 'Quality Control for Finns that Perform Audits and Reviews of
Financial Statements, and Other Assurance and Related Services Engagements’.
• ISA 220 requires the firm to establish and maintain a system of quality control to provide it with reasonable
assurance that:

(a) the firm and personnel comply with professional standards and applicable legal and regulatory
requirements; and
(b) the reports issued by the firm or engagement partners are appropriate in the circumstances.

• The engagement partner takes full responsibility for the audit and overall quality control.
• Engagement partners must take appropriate action where there is evidence that members of the engagement
team have not been complying with applicable ethical requirements.
• In recurring audits, the engagement partner must consider any information that would have caused the firm
to decline the audit engagement had that information been available at the time.

32
3. Audit Diagram

 PERFORM PRE-ENGAGEMENT ACTIVITIES

3. The following ISA should be considered in pre-engagement activities:

b. ISA 240 (The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements)

• International Standard on Auditing 240: The Auditor’s Responsibilities Relating to Fraud in an

Audit of Financial Statements is probably one of those standards that got highlighted and
massively overhauled after the scandals in business cosmos like Enron. This standard clarifies
the responsibilities of management auditors pertaining to fraud and its effects on financial
statements and due to this fact it considered one of the important guidelines in auditing
profession.

• ISA 240 clarifies that it is management who is responsible to manage fraud. Auditor on the
other hand is interested in those fraudulent activities that affect the financial information and
ultimately increase audit risk. Auditor is required to carry out audit engagement with an
attitude of professional skepticism. To make audit engagement effective discussions among
team members, inquiries of personnel involved in the management of the entity and
communicating with those charged with governance is important. If fraud is suspected or
identified, auditor shall determine its effects on audit engagement. Audit is also required to
document fraud suspected or identified and how it was dealt.

33
3. Audit Diagram

 PERFORM PRE-ENGAGEMENT ACTIVITIES

4. Diagram of Perform Pre-Engagement Activities

34
3. Audit Diagram

 PERFORM PRELIMINARY PLANNING

1. Preliminary planning starts with Engagement Partner to perform strategic planning

meeting with audit team member. To effectively plan the engagement an understanding is
required of the:

a. Understanding entity and environment, includes :

• External factors (e.g., industry matters, laws)

• Internal factors (e.g., business objectives)
• Accounting policies

b. Assessment of internal control components

Assess the design & implementation of entity level controls supporting:

• Control environment
• Risk assessment
• Information and communication
• Monitoring controls
• Control Activities 35
3. Audit Diagram

 PERFORM PRELIMINARY PLANNING

1. Preliminary planning starts with Engagement Partner to perform strategic planning meeting with audit team member. To
effectively plan the engagement an understanding is required of the:

c. Understanding accounting process

The firm understanding of accounting process includes:

• Business cycles and significant classes of transactions

• Principle business activities
• Flow of transactions
• Policies and procedures
• Disclosures

d. Other planning considerations:

• Fraud risks factors

• The entity’s use of computers (e.g., significant or dominant and the impact on firm’s audit)
• Assessment of engagement risk
• Going concern assumption
• Internal audit
• Related party transactions
• Litigations and claims
• Noncompliance with laws and regulation
• Specific items (e.g., segment information)

36
3. Audit Diagram

 PERFORM PRELIMINARY PLANNING

2. Preliminary Planning consist of the following activities :

a. Understand the client’s business

b. Understand the control environment
c. Understand the accounting process
d. Perform preliminary analytical procedures
e. Determine planning materiality
f. Prepare and communicate client service plan

3. The following ISA should be considered in preliminary planning activities:

a. ISA 220 (Quality Control For An Audit Of Financial Statements)

Please refer explain on to page 1 – 12

37
3. Audit Diagram
 PERFORM PRELIMINARY PLANNING

3. The following ISA should be considered in preliminary planning activities:

a. ISA 220 (Quality Control For An Audit Of Financial Statements)

Please refer explain on to page 1 – 12

b. <iframe width="853" height="480" src="https://www.youtube.com/embed/HPda9CqZAGQ" title="YouTube video

player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-
in-picture" allowfullscreen></iframe>

• Some laws and regulations have a direct effect on the financial statements. Others may not have a direct
effect on the financial statements but may directly affect the conduct of the entity's business, for example
Health and Safety at Work legislation.
• Laws and regulations need to be considered because a breach in such could result in fines or other
consequences which may have a material effect on the financial statements.
• Responsibility for compliance with laws and regulations rests with management and those charged with
governance.
• The auditor shall discuss with management and, where applicable, those charged with governance any
suspected acts of non-compliance with laws and regulations.
• Any acts of non-compliance between management and those charged with governance must be notified to
the next higher level of authority. Where no higher level of authority exists legal advice must be sought.
• A qualified or adverse opinion is expressed if the act of non-compliance with laws and regulations has a
material effect on the financial statements which has not been reflected within those financial statements.
• A qualified, or disclaimer of, opinion will be expressed by the auditor if the auditor is unable to obtain
sufficient and appropriate audit evidence to evaluate whether non-compliance that may be material to the
financial statement has occurred.
• If the auditor encounters situations giving rise to a limitation on the scope of the audit work, the auditor
38
shall evaluate the effect of such a scope limitation on the audit opinion
3. Audit Diagram

 PERFORM PRELIMINARY PLANNING

3. The following ISA should be considered in preliminary planning activities:

c. ISA 315 (Assessing The Control Environment)

• The control environment is just one of five components of internal control

• ISA 315 says it must be assessed
• That assessment then has an effect on the assessment of the risk of material misstatements and on audit
procedures

d. ISA 330 (The Auditor’s Responses to Assessed Risks)

• Risk features heavily in auditing and one of the primary functions of audit is to reduce risk to an acceptable
level.
• Auditors can gather sufficient and appropriate audit evidence through substantive procedures and control
tests.
• All audit procedures must be responsive to the assessed levels of risk.
• Detailed tests of control in recurring audits should be undertaken at least every third audit, but auditors
shall consider other relevant factors when considering the time period that should elapse before further
detailed testing.
• Substantive procedures include analytical procedures and tests of detail.
• Audit procedures generate the audit evidence, audit procedures in themselves are not audit evidence.
• The risk assessment must be modified if information comes to the auditor's attention which the auditor was
not previously aware of.
• Audit evidence must be evaluated for sufficiency and appropriateness to determine if the evidence reduces
the risk of material misstatement to an acceptably low level.
39
3. Audit Diagram
 PERFORM PRELIMINARY PLANNING

4. Diagram of Perform Preliminary Planning

40
 3. Audit Diagram

 ASSESS RISK AND ESTABLISH MATERIALITY

1. The third phase in audit planning activities is related to Assess risk at account balance in
the company’s financial statement. The firm should assess whether there is a potential
error risk at account balance and decide whether the audit team will rely on control
(perform test of control) or do not rely on control.

a. Have we identified any specific risks?

Yes: Increase control & substantive testing
No: Normal testing

b. Are we planning to rely on controls?

Yes: Test operating effectiveness
No: Test fully substantively

The purpose of Assess risk and establish materiality are as follow:

a. Estimate tolerable level of misstatement

b. Establish scope
c. Evaluate effect of known and likely misstatements

41
3. Audit Diagram

 ASSESS RISK AND ESTABLISH MATERIALITY

The auditor’s responsibility is to determine whether financial statements are materially

misstated. If there is a material misstatement, the auditor will bring it to the client’s attention
so that a correction can be made.

The materiality calculation materiality can be divided into some factors including the following:

a. Computation of Planning Materiality

b. Computation of Tolerable Error

42
3. Audit Diagram
 ASSESS RISK AND ESTABLISH MATERIALITY

Computati on of Planning Materi ality

The computation of planning materiality consists of:

a. Identify the Materiality Critical Component

Select the most relevant critical component (check one):

Measurement
Percentage

Income from continuing operations (after tax) 5.0%

Normalized income from continuing operations (after tax) 5.0%
Total revenues 2.0%
Total assets 2.0%
Net assets or total equity 5.0%

Reasons of selected critical component

Indicate the critical component amount (monetary value).

b. Calculate Materiality

Measurement
Benchmark Amount Percentage Materiality
(from Step 1b) (from Step 1a) Amount

x =
43
3. Audit Diagram
 ASSESS RISK AND ESTABLISH MATERIALITY
Computation of Tolerable Error

The computation of tolerable error consists of:

a. Determine the amount of Planning Materiality

b. Determine % to be used in computing for tolerable error

Risk Assessment Percentage

High 15%
Medium 30%
Normal 40%

c. Calculate Tolerable Error

Tolerable Error % Amount of Materiality Tolerable Error

Amount

X =
44
3. Audit Diagram

 ASSESS RISK AND ESTABLISH MATERIALITY

2. The following ISA should be considered in assess risk and establish materiality activities:

a. ISA 25, “Audit Materiality,” par. 3

• Information is material if its omission or misstatement could influence the economic decisions of users taken on
the basis of the financial statements. Materiality depends on the size of the item or error judged in the
particular circumstances of its omission or misstatement. Thus materiality provides a threshold or cut-off point
rather than being a primary qualitative characteristic which information must have if it is to be useful

3. Diagram of Assess risk

45
3. Audit Diagram

 DEVELOP AUDIT PLAN

1. In developing audit plan, it is appropriate to consider the following matters:

a. Assess risk at the account balance level

b. Design of testing controls
c. Describe the levels of substantive assurance within the audit assurance model

Assessing Acceptable Audit Risk and Inherent Risk

In assessing acceptable audit risk the auditors may accept some level of risk in performing the audit. An
effective auditor recognizes that risks exist, are difficult to measure, and require careful thought to
respond. Consequently, responding to risks properly is critical to achieving a high-quality audit.

Risk and Evidence

Auditors gain an understanding of the client’s business and industry and assess client business risk. The
auditors use the audit risk model to further identify the potential for misstatements and where they
are most likely to occur. Furthermore, auditor should decide engagement risk and use that risk to
modify acceptable audit risk. The engagement risk closely relates to client business risk.

46
 3. Audit Diagram

 DEVELOP AUDIT PLAN

Factors Affecting Acceptable Audit Risk is:

• The degree to which external users rely on the statements

• The likelihood that a client will have financial difficulties after the audit report is issued
• The auditor’s evaluation of management’s integrity

Methods to Assess Acceptable Audit Risk

The method to assess acceptable audit risk can be describe in the following table :

Factors : Methods Used :

a. External users’ reliance on financial statements  Examine financial statements
 Read minutes of the board
 Discuss financing plans with management

b. Likelihood of financial difficulties  Analyze financial statements for difficulties using

ratios
 Examine inflows and outflows of cash flow
statements

c. Management integrity  Client acceptance and continuance procedures

47
3. Audit Diagram

 DEVELOP AUDIT PLAN

Factors Affecting Inherent Risk

The following factors will affect inherent risk are:

a. Nature of the client’s business

b. Results of previous audits
c. Initial versus repeat engagement
d. Related parties
e. Nonroutine transactions
f. Judgment required to correctly record account balances and transactions
g. Makeup of the population
h. Factors related to fraudulent financial reporting
i. Factors related to misappropriation of assets

48
 3. Audit Diagram

 DEVELOP AUDIT PLAN

The audit responds to risk:

The auditors can change the audit to respond to risks by performing: (a) the engagement
may require more experienced staff, and (b) the engagement will be reviewed more
carefully than usual

Tolerable Misstatement, Risks, and Balance-related Audit Objectives:

It is common to assess inherent and control risk for each balance-related audit objective.
However, it is not common to allocate materiality to objectives. The auditor also should
consider Impact of information technology on Audit Testing, by performing: (a) computer
assisted audit techniques may be used to test automated controls or data, and (b) reports
produced by IT may be used to test the effectiveness of IT general controls, which consists
of

i. Program change controls

ii. Access controls
49
3. Audit Diagram

 DEVELOP AUDIT PLAN

Methodology for Designing Controls and Substantive Tests

The firm methodology for designing control and substantive testing are as follow:

50
3. Audit Diagram

 DEVELOP AUDIT PLAN

Audit Risk Model

The audit risk model is used to determine plan detection risk (PDR) by using audit risk
model:

AR = DR x IR × CR

Where: AR = Audit risk

DR = Detection risk
IR = Inherent risk
CR = Control risk

51
3. Audit Diagram
 DEVELOP AUDIT PLAN

Reliability Factors

The firm using Reliability Factor (R factor) to Plan Detection Risk (PDR). The tables of risk factor are as
follow:

Note:
LOA = Level of Assurance
CF = Confidence Factor

52
3. Audit Diagram
 DEVELOP AUDIT PLAN

The example to use Reliance Factor is as follow:

Case 1

 If the Auditor believe that Inherent Risk (IR) is High and Control Risk (CR) is also High (Control Risk
at the maximum), but the Audit Risk (AR) determined by 5%. How much Reliance Factor should be
applied?

Answer:
AR 0,05
Plan Detection Risk (PDR) = = = 0, 05 (5%) R = 3 (see table Risk Factor)
IR x CR 1x 1
Case 2

 If the Auditor believe that Inherent Risk (IR) is High but Control Risk (CR) is Low (The Auditor believe
that the Control is effective or Control Risk below maximum), and Audit Risk (AR) determined by 5%.
How much Reliance Factor should be applied?

Answer:
AR 0,05
Plan Detection Risk (PDR) = =
IR x CR 1 x 0,45 = 0, 11 (11%) R = 2,3 (see table Risk
Factor)

53
3. Audit Diagram

 DEVELOP AUDIT PLAN

The example to use Reliance Factor is as follow:
Case 3

 If the Auditor believe that Inherent Risk (IR) is Low, but the Control Risk (CR) is High (the Auditor
plan not to rely on control (Control Risk is at the Maximum), and Audit Risk (AR) determined by 5%.
How much Reliance Factor should be applied?

Answer:
AR 0,05
Plan Detection Risk (PDR) = = = 0, 16 (16%) R= 1,8 (see table Risk Factor)
IR x CR 0,31 x 1
Case 4

 If the Auditor believe that Inherent Risk (IR) and Control Risk (CR) is Low (the Auditor believe that
the control is effective or Control Risk below Maximum), and Audit Risk (AR) determined by 5%. How
much Reliance Factor should be applied?

Answer:
AR 0,05
Plan Detection Risk (PDR) = = = 0,5 (50%) R = 0,7 (see table Risk Factor)
IR x CR 0,31 x 0,31 54
3. Audit Diagram

 DEVELOP AUDIT PLAN

2. The following ISA should be considered in develop audit plan activities:

a. ISA 220 (Quality Control For An Audit Of Financial Statements)

Please refer explain on to page 1 – 12

b. ISA 250 (Consideration of Laws and Regulations In An Audit of Financial Statements)

Please refer explain on to page 1 – 14

c. ISA 315 (Assessing The Control Environment)

Please refer explain on to page 1 – 15

d. ISA 330 (The Auditor’s Responses to Assessed Risks)

Please refer explain on to page 1 – 15

55
3. Audit Diagram
 DEVELOP AUDIT PLAN

3. Diagram

56
 3. Audit Diagram

 PERFORM AUDIT PLAN

Perform audit plan consists of several activities are as follows:

1. Perform tests of controls and evaluate results

2. Perform substantive tests and evaluate results
3. Perform financial statement review

 PERFORM TESTS OF CONTROLS AND EVALUATE RESULTS

1. In order to achieve a maximum level of control assurance, the firm should perform tests of
controls to obtain sufficient appropriate audit evidence that the controls which provide
reasonable assurance of achieving all of the relevant control objectives for a potential
error were operating effectively at relevant times during the period under audit

2. If firms test the operating effectiveness of a control, the firm should obtain audit evidence
about the accuracy and completeness of any information produced by the entity that we
use in performing audit procedures.

57
3. Audit Diagram
 PERFORM AUDIT PLAN
Perform audit plan consists of several activities are as follows:

1. Perform tests of controls and evaluate results

2. Perform substantive tests and evaluate results
3. Perform financial statement review

 PERFORM SUBSTANTIVE TESTS AND EVALUATE RESULTS

1. Perform tailored substantive procedures based on the assessment of inherent and control
risk by performing : (i) test of details and (ii) analytical procedures.

2. The Analytical Procedures will be performed at an assertion level (includes the use of
ACL / STAR where possible) and Perform profiling where possible. The Roll-forward interim
procedures should be taken for the rest of Audit procedures.

3. During the course of Audit , the auditor should consider specific fraud procedures such as :
(i) In response to the risk of management override, (ii) Appropriateness of journals, (iii)
Review of estimates for bias, and (iv) Significant and unusual transactions

58
3. Audit Diagram

 PERFORM AUDIT PLAN

Perform audit plan consists of several activities are as follows:

1. Perform tests of controls and evaluate results

2. Perform substantive tests and evaluate results
3. Perform financial statement review

 PERFORM FINANCIAL STATEMENT REVIEW

1. In conduct of Audit, the Auditor should Perform Financial Statement Review for

a. Perform Analytical Procedures

b. Going Concern Consideration
c. Fair Value Consideration
d. Other Consideration

2. The following ISA should be considered in perform audit plan activities :

a. ISA 315 (Assessing The Control Environment)

Please refer explain on to page 1 – 15
b. ISA 330 (The Auditor’s Responses to Assessed Risks)
Please refer explain on to page 1 – 15
59
3. Audit Diagram

 CONCLUDE AND REPORT

Conclude and report consists of several activities are as follows:

1. Perform subsequent events review

2. Obtain management representations
3. Prepare audit summary memorandum
4. Engagement reporting

 PERFORM SUBSEQUENT EVENTS REVIEW

1. In performing the subsequent events review, we normally document the following:

a. The determination of the period to be covered by the review

b. The audit procedures performed and the results thereof
c. Any material subsequent events that we identified
d. How we satisfied ourselves that the identified subsequent events were properly treated in the financial
statements.

2. If, after the date of our audit report but before the financial statements are issued, we become aware of a fact that may
materially affect the financial statements, we normally document the following:

a. Our consideration of whether the financial statements need to be amended

b. Our discussions of this matter with management
c. Our actions taken, including, if appropriate, any modifications of our audit report.
60
3. Audit Diagram
 CONCLUDE AND REPORT

Conclude and report consists of several activities are as follows:

1. Perform subsequent events review

2. Obtain management representations
3. Prepare audit summary memorandum
4. Engagement reporting

 OBTAIN MANAGEMENT REPRESENTATIONS

1. The firm should obtain audit evidence that management (1) acknowledges its responsibility for the fair presentation of
the financial statements in accordance with the applicable financial reporting framework and (2) has approved the
financial statements. These representations are normally made and dated on the same date as our audit report on the
financial statements.

2. The firm should obtain a written representation from management regarding the completeness of information provided
regarding the identification of related parties and the adequacy of related party disclosures in the financial statements.

3. The firm should review the response of each of the entity’s legal counsel to whom our inquiry letters were sent to
determine if:

a. The response is restricted in any fashion

b. A claim or other matter referred to in the inquiry letter has been omitted from the response
c. The legal counsel disagrees with the entity’s evaluation of a claim.

4. The firm should attempt to resolve them or, failing to do so, should consider the effect on our audit report.

61
3. Audit Diagram
 CONCLUDE AND REPORT

Conclude and report consists of several activities are as follows:

1. Perform subsequent events review

2. Obtain management representations
3. Prepare audit summary memorandum
4. Engagement reporting

 PREPARE AUDIT SUMMARY MEMORANDUM

1. An audit summary memorandum should be prepared, as part of our concluding audit procedures, for
each audit engagement to document our major findings and conclusions on important auditing,
accounting, and reporting issues, including significant judgments made by the engagement team. The
audit Engagement Partner should determine the form and content of the audit summary
memorandum, which will vary according to the size and circumstances of the audit engagement. The
audit summary memorandum should be approved by the audit Engagement Partner.

2. In preparing our audit summary memorandum, the firm normally also document the following:

a. Important information derived from our financial statement review

b. Our conclusions on important accounting, auditing, and reporting issues, including any changes in
accounting policies or the adoption of new policies
c. Our findings about possible improvements of the entity and its environment.

62
3. Audit Diagram
 CONCLUDE AND REPORT

Conclude and report consists of several activities are as follows:

1. Perform subsequent events review

2. Obtain management representations
3. Prepare audit summary memorandum
4. Engagement reporting

 ENGAGEMENT REPORTING

1. The firm should document communications about fraud made to management, those charged with governance,
regulators, and others.

2. Our documentation of engagement reporting would normally also include, as relevant:

a. Audit report on the financial statements

b. Instances of noncompliance with applicable laws and regulations.
c. Our audit evidence that the comparative information included in financial statements on which we are reporting
complies in all material respects with the applicable financial reporting framework.
d. Report(s) to those charged with governance.
e. Report(s) to management.
f. Other reports and written communications to management and, if applicable, those charged with governance.
g. Details of the facts supporting the conclusions and recommendations contained in the report to management
and, if applicable, those charged with governance and notes indicating the person with whom the firm discussed
each matter and when it was discussed. The development of individual points may be summarized on an insight
collection sheet, which is contained in the common documentation.

63
3. Audit Diagram

 CONCLUDE AND REPORT

Conclude and report consists of several activities are as follows:

1. Perform subsequent events review

2. Obtain management representations
3. Prepare audit summary memorandum
4. Engagement reporting

 ENGAGEMENT REPORTING

1. The firm should document communications about fraud made to management, those charged with
governance, regulators, and others.

2. Our documentation of engagement reporting would normally also include, as relevant:

e. Notes concerning matters communicated orally to management and, if applicable, those charged
with governance, describing our observations and recommendations and when and to whom they
were communicated.
f. Communications about fraud made to those charged with governance, management, regulatory
and enforcement authorities, and others.
g. Records controlling the processing and distribution of our reports and the financial statements.
h. Evidence of the Engagement Quality Assurance Review.
64
3. Audit Diagram

 CONCLUDE AND REPORT

 ENGAGEMENT REPORTING

The following ISA should be considered in Conclude and Report activities:

a. ISA 260 (Communication With Those Charged With Governance)

• The auditor must consider whether the two-way communication process has been adequate to enable an efficient
audit.
• Laws and regulations may prevent communication of specific matters by the auditor. In such cases the auditor may
consider legal advice.
• The auditor shall communicate their responsibilities in relation to the audit of the financial statements. The
auditor shall communicate the planned scope and timing of the audit.
• Significant findings from the audit must be communicated to those charged with governance, including any
significant difficulties or any other significant matters.
• Additional matters are required to be communicated to those charged with governance in respect of listed clients.
• Communication can be made orally or in writing, but must be made on a timely basis. The auditor shall
communicate to those charged with governance:
a) Qualitative aspects of the entity's accounting practices and financial reporting.
b) Significant difficulties, if any, encountered during the audit.
c) Significant matters, if any, discussed, or subject to correspondence with management.
d) Written representations the auditor is requesting.
e) Other significant matters

65
3. Audit Diagram
 CONCLUDE AND REPORT

 ENGAGEMENT REPORTING

Diagram of Conclude and Report

66
3. Audit Diagram

 ASSESS ENGAGEMENT QUALITY

The objective of this policy is to provide guidance on how to:

a. Reassess engagement risk and respond to any changes in engagement risk

b. Seek and respond to the client’s perceptions of the quality of our service.
c. Learn from and build upon the successes of the audit engagement
d. Learn from and build upon the knowledge and experience gained by the members of the
engagement team.

67
Thank You