an introduction to risk based auditing

Copyright FocusROI 2014

An Introduction to Risk Based Auditing

STUART HARTLEY FCA

FOCUSROI INC

SHARTLEY@FOCUSROI.COM

The Audit Objective (ISA/CAS 200)

To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error,

thereby enabling

the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework;

The Audit Process - in 3 steps

Risk assessment – What can go wrong? ◦ Perform risk assessment procedures to identify and assess the risks

of material misstatement in the financial statements.

Risk Response – Did it go wrong? ◦ Perform further procedures to respond to the assessed risks

and determine if material misstatements have occurred.

Reporting. – Opinion◦ What is the appropriate wording of the audit opinion

based on the work performed?

Basic Audit Requirements ISA/CAS 200

1. Comply with relevant ethical requirements,

2. Plan and perform an audit with professional skepticism

3. Exercise professional judgment in planning and performing an audit

4. Obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level

5. Comply with all CASs relevant to the audit

An audit in 14 Steps

Risk Assessm ent

1 . Perform preliminary activities

4-6. Perform s:RAP

Entity-Specific

Transactional

Pervasive

7. Conclude:

Assessed risksat F/S level

Assessed risks atassertion level

W hat are the in the F /S ?R M M

Risks

Risks

Risks

Controls

Controls

Controls

Risk Response

8. Design appropriate audit responses:

9 . Finalize audit plans

Did m ateria l m issta tem ents occur?

Reporting

12. Communicate (fi ndings, misst at ement s and signifi cant cont ro l defi ciencies)

13. Complete the audit fi le (fi le and F / S review s, fi nal An Rev, subsequent event s and approval s)  

14. Form an opinion (appr opr iate ly w or d and dat e audi tor ’s r epor t )

Evaluating/com m unicating ?ndings, and form ing an op in ion

Assessed risksat F/S level

Assessed risks atassertion level

Further audit procedures Communicate audit plan to

management/TCW G

Scope of Risk/Control Assessment

Entity Objective: Financial Statements

that are not materiallymisstated

Governance

Leadership/ management

RevenueProcesses

OtherProcesses

Transactions

PurchasingProcesses

PayrollProcesses

Perv

asiv

e Pervasive (entity level)

Tran

sact

iona

l Transactional

Information Systems

Inher

ent

Ris

ks Con

trols

Pervasive vs Transactional

Gov

erna

nce

Co

mpe

tenc

e

Tone

at T

op

Ris

k M

ana

gem

ent

Info

rmat

ion

PervasiveRisks/Controls

TransactionalRisks/Controls

The foundation

Scope of Risk/Control Assessment – Consider using the 3 risk/control Categories

EntitySpecific

Pervasive Transactional

C-PEM Form520/522

C-PEM Form530

C-PEM Form540 - 560

Identifying and Assessing Risk

Copyright FocusROI 2013 9

Doc

umen

t Res

ults

2. Identify Financial Reporting Risks

1. Understand Entity and project Requirements

3. Assess Control Design Inquire what controls address each risk

4. Assess Control ImplementationDo the identified controls actually exist

5. Test Control EffectivenessIdentify the key controls to test and

material/significant control deficiencies

Pervasive

Pervasive

Pervasive

Pervasive

Transactional

Transactional

Transactional

Transactional

Entity Specific

Entity Specific

Entity Specific

Entity Specific

Action Step Scope

Assess RMM

F/S Level Assertion Level

Pervasive risks/controls

Transactional(account balance)

risks/controls

TransactionsPervasive

EntitySpecific

Use of Professional Judgment to assess RMM

Risk Assessments

Categories of Risk and Control

Risk Response

At Financial Statement Level

At Assertion Level

Assessed Risks...

Design/implement appropriate responses to risks

OverallResponses

Further AuditProcedures

Substantiveprocedures

Tests ofdetail

Substantiveanalytical

Tests ofcontrol

Address:- Professional skepticism- Level of staff assigned- Extent of staff supervision- Accounting policies used- Unpredictable procedures- More further procedures

Sufficient appropriate audit evidence to reduce audit risk

to an acceptably low level

Result

Reporting

1 2 . Communicate (fi ndings, misst at ement s and signifi cant cont ro l defi ciencies)

13. Complete the audit fi le (fi le and F / S review s, fi nal An Rev, subsequent event s and approval s)  

14. Form an opinion (appr opr iate ly w or d and dat e audi tor ’s r epor t )

CPEM 2014A practical approach to auditing

The Canadian Professional Engagement Manual

◦ Published by CPA Canada ◦ http://www.castore.ca/product/canadian-professional-engagement-manual-mem

bers/5

FocusROI Services

In house and web based Training

Quality Control Monitoring

Small group Coaching

www.focusroi.com

416 594 0005

info@focusroi.com

Please contact us for further information

info@focusROI.com416 594 0005