Planning the Audit/Assessing Risks and
Response to Risks
Presented by
s
Mrs Marie Louise Teng Hing Voon, FCA
Partner BDO Mauritius
Member of Audit Practice Review Panel
at the
Financial Reporting Council
2222
Planning - ISA 300
Assessing Risks - ISA 315
Responses to Risks - ISA 330
2222
PLANNING
Overall audit
strategy &
develop an audit
plan
2.Preliminary
Engagement
Activities
3. Planning
Activities
1.Involvement of
Key Team
Members
4. Documentation
5. Considerations
- Initial
engagements
WELCOME AND INTRODUCTION
Page 3
2222
2.Perform
Continuance
Procedures – ISA
220
1. Engagement
Team Discussion
3.0 Establish
audit strategy
Ethical
requirements
compliance
Understanding
terms of
engagement
-Scope
-Reporting
objectives
-Results of
preliminary
activities
- Resources
3. Planning
Activities
3.1 Develop Audit
Plan
- Nature, timing
and extent of risk
assessment
procedures (ISA
315)
Further
procedures –
Assertion level
( ISA 330)
2222
IDENTIFYING & ASSESSING RISKS – ISA 315
2222
APPROACH
Identify and assess risk
• Risk Assessment Procedures
• Understand the entity and its environment,
including internal control
• Identify & Assess Risks of Material Mistatements
IDENTIFY RISK
Page 6
2222
AUDIT RISK MODEL
Risk of material
misstatement
Inherent risk
IDENTIFY RISK
Page 7
Audit risk
Control
risk
Detection risk
2222
THE AUDIT RISK MODEL
Inherent risk
Control
risk
Detection risk
Understand
the business
Understand
and assess
controls
Our
response
Page 8
222
RISK TERMINOLOGY
Potential RMM
Identify
Engagement level
Significant
RMM
RMM
Assess
Respond
IDENTIFY RISK
Page 9
Assertion level
Significant
RMM
RMM
RMM Level
Financial statement level
responses / actions
Significant
Normal
Audit
Response
Audit
Response
222
Engagement level AND ASSERTION LEVEL RISKS
Engagement level
• Pervasively to F/S as a whole
• Not confined to specific elements, accounts or items of F/S
• Make us to change our overall behaviours and testing
strategy relating to the audit as a whole
Assertion level
• Relate to classes of transactions, account balances or
disclosures
IDENTIFY RISK
Page 10
2222
RISK ASSESSMENT PROCEDURES
• Basis for identification and assessment of risks
• Shall include:
1. Inquiries from management and others
2. Analytical Procedures
3. Observation and Inspection
IDENTIFY RISK
Page 11
2222
UNDERSTAND THE ENTITY
• Regulatory factors
• Other external factors
• Business operations
• Investing activities
• Financing activities
• Financial reporting
• Fraud
IDENTIFY RISK
Page 12
Professional Judgement
• Industry factors
Potential RMMs?
2222
COMPONENTS OF INTERNAL CONTROL
Monitoring
Control
Environment
Internal
Control
Risk
Assessment
Control
Activities
Information
&
Communications
IDENTIFY RISK
Page 13
2222
UNDERSTAND INTERNAL CONTROL
• Risk assessment
• Information and
communications
- IT Environment
- IT General Controls
• Monitoring
IDENTIFY RISK
Page 14
Professional Judgement
• Control environment
Potential RMMs
2222
UNDERSTAND INTERNAL CONTROL
• Visits to the client's premises
• Discussions with management and staff
• Interviews with management’s expert
• Inspection of minutes
• Review of internal audit reports
• Observation
IDENTIFY RISK
Page 15
2222
UNDERSTAND INTERNAL CONTROL
• Corroborating inquiries of others within the entity
• Observing the application of specific controls
• Inspecting documents
• Reviewing reports
IDENTIFY RISK
Page 16
2222
UNDERSTAND THE INFORMATION SYSTEM
• Document information systems in use by the
entity for financial reporting
• Determines if the system is ‘complex’ or not
• Obtain understanding of IS, including related
business processes, relevant to financial
reporting.
IDENTIFY RISK
Page 17
2222
DOCUMENTATION
• ETD to susceptibility of entity’s F/S to material
misstatement
• Key elements of understanding obtained – entity
and control components
• Identified and assessed RMM – F/S & Assertion Level
• Risks identified and related controls
IDENTIFY RISK
Page 18
2222
RESPONSES TO ASSESSED RISKS – ISA 330
2222
RESPONSES TO ASSESSED RISKS
• Audit Procedures responsive to the Assessed RMM
@ F/S Level & @ Assertion Level
• Adequacy of Presentation and Disclosure
• Evaluate Sufficiency and Appropriateness of Audit
Evidence
• Documentation
DESIGN AUDIT RESPONSE
Page 20
2222
TESTS OF CONTROLS
• Design tests of controls
- Expectation that controls are operating effectively
- Substantive procedures alone not provide enough
assurance
• Timing of Tests
• Evidence obtained at interim and previous audits
• Test controls over significant risks
DESIGN AUDIT RESPONSE
Page 21
2222
SUBSTANTIVE PROCEDURES
• External confirmations?
• SAP – F/S Closure Process
- F/s to underlying records
- J/entries, Other adjustments
• SAPs specifically responsive to significant risk @
assertion level
• Timing of SAPs
DESIGN AUDIT RESPONSE
Page 22
2222
LEVELS OF SAP ASSURANCE
Limited
Enhanced
Detailed
DESIGN AUDIT RESPONSE
Page 23
• Low degree of assurance - majority of assurance
will be provided by other types of procedures
• FSA level ratios or comparison
• Likely to be internal client data
• High degree of assurance
• Degree of precision is less than detailed SAP
• Data used is not from an independent source
• Highest degree of assurance – no other work
required for Normal RMM Level
• Relationship between underlying data is extensive
and data is of high quality (independent source)
2222
GENERAL FINANCIAL STATEMENT AREAS
DESIGN AUDIT RESPONSE
Page 24
2222
RECAP – AUDIT RESPONSE
• Our audit strategy and tests should be responsive to our
risk assessment and tailored to reflect the facts and
circumstances of the engagement
• Audit strategy is determined by judgement and a mix of
ToCs, SAPs and/or OSPs
• Document - responses to address risks
-Nature, timing & extent of procedures
- results of procedures
- Effectiveness of controls
- F/S procedures
DESIGN AUDIT RESPONSE
Page 25
2222