8/10/2019 S11_RiskBasedAuditApproach
1/16
S11: Risk Based Audit
Approach
8/10/2019 S11_RiskBasedAuditApproach
2/16
Session Objectives
To define audit risks and establish the relationship
between materiality and audit risk
To discuss the Audit Risk Model
To explain different kinds of audit risks and the
factors that determine them
8/10/2019 S11_RiskBasedAuditApproach
3/16
Audit Risk
Audit accepts the risk that the audit conclusion may
be wrong and that Audit may have allowed material
error to remain undetected in the account. Only a very small degree of audit risk would be
acceptable as otherwise the audit process may lose
its purpose.
A very high level of assurance (or confidence) is
required when expressing the audit opinion.
8/10/2019 S11_RiskBasedAuditApproach
4/16
Relationship between materiality and
audit risk Higher the materiality level, lower the audit risk
and vice versa.
To calculate the level of assurance (or
confidence) required from substantive audit
tests, risk model is employed.
8/10/2019 S11_RiskBasedAuditApproach
5/16
Risk Model
Analytical tool for planning and execution.
Detects high-risk areas for concentrated audit
efforts.
Audit can thus focus on areas which are likely to
generate better assurance instead of sampling and
testing of larger but low risk areas. Structures the audit procedures and reorganizes the
audit work in terms of risk perception
8/10/2019 S11_RiskBasedAuditApproach
6/16
Risk Model
Audit Risk
Inherent Risk Control risk Detection Risk
8/10/2019 S11_RiskBasedAuditApproach
7/16
Inherent Risk
The risk that an error will occur in the first
place.
Determined by the susceptibility of the
classes of transactions to be audited to
material misstatement, irrespective of the
related internal controls in the organization.
8/10/2019 S11_RiskBasedAuditApproach
8/16
Control Risk
The risk that internal controls will fail to
detect the error
Determined by the efficacy of internalcontrol environment in the auditee
organization
8/10/2019 S11_RiskBasedAuditApproach
9/16
Detection Risk
Risk that the audit procedures will fail to
detect the error.
Risk that auditors substantive tests do not
detect a material misstatement in the
transactions audited by him.
8/10/2019 S11_RiskBasedAuditApproach
10/16
Overall Audit Risk
All the three risks are independent of each
other.
Overall Audit Risk (AR) is defined as:
OAR=CR x IR x DR
The overall audit risk is defined by the audit
institution and hence is a constant pre-
determined quantity.
8/10/2019 S11_RiskBasedAuditApproach
11/16
Objective for the Auditor
To assess inherent and control risks in the
entity
To design and perform appropriate
compliance and substantive procedures that
provide sufficient assurance that the product
of the risks identified is less than or equal tothe overall audit risk that the auditor is willing
to accept.
8/10/2019 S11_RiskBasedAuditApproach
12/16
Determinants of Inherent Risk
The number and significance of audit adjustments anddifference waived during the audits of previous years.
Complexity of underlying calculations of accountingprinciples
The susceptibility of the asset to material fraud ormisappropriation
Experience and competence of accounting personnelresponsible for the component
Judgment involved in determining amount
Mix and size of items subject to the audit test The degree to which the financial circumstances of the entity
may motivate its management to misstate the component inregard to this assertion
Integrity and behaviour of the management.
Management turnover and reputation
8/10/2019 S11_RiskBasedAuditApproach
13/16
Assessment of Control Risk
Evaluate the control environment
Evaluate the control systems
8/10/2019 S11_RiskBasedAuditApproach
14/16
Determinants of control environment Management philosophy and operating style
The functioning of the board of directors and itscommittees, particularly the audit committee
Organizational structure Methods of assigning authority and responsibility.
Systems development methods
Systems development methodology
Personnel policies and practices
Management reaction to external influences
Internal audit
8/10/2019 S11_RiskBasedAuditApproach
15/16
Determinants of control
environment (Contd.)
Segregation of incompatible functions
Controls to ensure completeness of transactions being
recorded Controls to ensure that transactions are authorized
Third party controls (e.g. confirmation of events)
Control over accounting systems
Controls over computer processing
Restricted access to assets (only allow access toauthorized personnel)
8/10/2019 S11_RiskBasedAuditApproach
16/16
Case Study
http://localhost/var/www/apps/conversion/tmp/scratch_1/CS5_Inherent%20Risk%20Assessment.dochttp://localhost/var/www/apps/conversion/tmp/scratch_1/CS5_Inherent%20Risk%20Assessment.doc