RYAN T.

FERNANDEZ, CPA MMBM

 Audit risk is the risk of expressing an inappropriate audit opinion on
financial statements that are materially misstated.
 The objective of the audit is to reduce this audit risk to an acceptably
low level.
Audit approach that begins with an assessment of the types and
likelihood of misstatements in account balance and then adjusts the
amount of type of audit work, to the likelihood of material
misstatements occurring in account balances.
 In risk-based audit, the audit team views all activities in the
organization first in terms or risks to strategies and objectives, and
then in terms of management’s plans and processes to mitigate (or
prevent) the risk.
Under this approach, the auditor performs the following:
 Identification of the client’s strategy and the process for developing
that strategy.
 Examination of the core business process and resource management.
 Identification for each of the key processes (as well as sub-
processes) the objectives, inputs, activities, outputs, systems and
transactions.
 Assessments of the risks that the processes will not meet the goals
and controls related to those risks.
 Traditional Approach Risk-Based Approach

• Focus on identifying errors. • Focus on identifying risks.

• Small number of transactions. • Voluminous transactions.
100% testing. Sample testing.
• Transaction based audits. • Process based audits.
• Emphasis on financial controls • Emphasis on controls in all
only. business processes.
• Voluminous manual records. • Soft data from systems.
• Audit viewed as external • Audit viewed as collaborative
function. function.
• Single discipline. • Multidisciplinary discipline.
Subject matter experts.
 ACTIVITY PURPOSE DOCUMENTATION
RISK ASSESSMENT

Decide
Decide whether
whether toto Listing of risk factors
Perform preliminary
accept or reject an
accept or reject an Independence
engagement activities
engagement
engagement Engagement letter

Develop
Develop and
and overall
overall Materiality
Plan the audit audit
audit strategy
strategy and
and Audit team discussions
audit plan
audit plan Overall audit strategy

Business and fraud risk

Identify/assess
Design/implementation of
Identify/assess RMM
RMM
Perform risk through
through understanding
understanding
relevant controls
assessment procedures the
the entity
entity Assessed RMM (FS and
assertion level)

Adapted from Guide to Using International Standards on Auditing in the Audits of Small and Medium Sized Entities Volume 1 – Core Concepts
by the International Federation of Accountants (IFAC).
 ACTIVITY PURPOSE DOCUMENTATION

Design overall Decide whether

Develop to
appropriate Update of overall strategy
RISK RESPONSE

responses and further accept or reject

responses to thean • Overall responses
audit procedures engagement
assessed RMM • Audit plan that links
assessed RMM to further
audit procedures.

Implement
Reduce audit risk to an Work performed; audit
responses to acceptably low level findings
assesses RMM

Adapted from Guide to Using International Standards on Auditing in the Audits of Small and Medium Sized Entities Volume 1 – Core Concepts
by the International Federation of Accountants (IFAC).
 ACTIVITY PURPOSE DOCUMENTATION

• New/revised risk factors

RISK REPORTING

Decide whether
Determine whatto
Evaluate the audit and audit procedures
accept or reject an
additional audit work
evidence obtained • Changes in materiality
(if engagement
any) is required
• Communications on
audit findings
Yes • Conclusions on audit
Is
procedures performed
additional
work
required?

No

Prepare the Auditor’s Form and opinion • Significant decisions

report based on audit findings • Signed audit opinion

Adapted from Guide to Using International Standards on Auditing in the Audits of Small and Medium Sized Entities Volume 1 – Core Concepts
by the International Federation of Accountants (IFAC).
1. High-risk activities
2. Existence of large transactions
3. Matters requiring judgment or management intervention
1. High-risk activities: includes operations or events where a material
misstatement could easily occur.

Inventory of high-value items. Complex information e.g. accounting system.

2. Existence of large non-routine transactions

UnionBank acquired Citibank’s retail business BDO is a subsidiary of SM Investments. BDO

portfolio in the Philippines. leases office spaces in SM Malls while SM
Malls borrows Money from BDO.
3. Matters requiring judgement or management intervention

Assumptions and Complex

calculations in calculations or
developing major accounting
estimates. principles.

Management
Revenue recognition
intervention is
that is subject to
required to specify
differing
accounting treatment
interpretation.
to be used.
4. Potential for fraud

 The risk of not detecting a material misstatement resulting from

fraud is higher than the risk of not detecting one resulting from error.
 Consider different factors in evaluating whether significant risk
could result form the identified fraud risk factors.
 Significant fraud risks may be identified at any stage in the audit as a
result of new information being obtained.
 Inherent risk is difficult to formally assess.
 The model treats each risk component as separate and independent
when in fact the components are not independent.
 Audit risk is judgmentally determined.
 Audit technology is not so fully developed that each component of
the model can be accurately assessed.
 Audit Risk The risk that the auditor may give an unqualified opinion on
financial statements that are materially misstated.

Engagement Risk The economic risk that a CPA Firm is exposed to simply because it
is associated with a particular client.

Financial Risks directly related to the recording of transactions and the

presentation of financial data in an organization’s financial
Reporting Risk statements.

Business Risk Risks that affect the operations and potential outcomes of
organizational activities.
How can an auditor control audit risk?
1. Avoid audit risk by not accepting certain
companies as client.
2. Set audit risk at a level that the auditor
believes will mitigate the likelihood that the
auditor will fail to identify material
misstatements.
 AUDIT RISK

ENGAGEMENT
RISK
FINANCIAL
BUSINESS RISK REPORTING RISK

Factors Affecting Financial

Factors Affecting Business
Reporting Risk
Risk
• Competence and integrity of
• Economic Climate
management
• Technological Change
• Incentive to management to
• Competition
misstated FS
• Business volatility
• Complexity of transactions
• Geographical location
• Internal control
 Risky areas of a business must be identified by the auditors.
 Auditors need to develop approaches and methodologies to allocate
overall assessments of materiality to individual account balances,
 Audits involve testing or sampling,
 Not all clients are worth accepting.
 Competition for clients among audit firms is high.
 Auditors should understand the society’s expectations of financial
reporting to reduce audit risk to an acceptably low level and
therefore minimize lawsuits that the user may possibly bring forth.
 Engagement Risk

High Moderate Low

Set within professional

standards but can be
Audit Risk Do not accept client. Set very low (1%) higher than companies
with higher engagement
risk (5%)