Risk-Based

AUDITS
under the PSAs
Objectives:
• Overview of F/S auditing

• Conceptual underpinnings of a
risk-based audit

• Risk assessment procedures

Overview of
F/S Auditing

3
Audit & assurance services
Objective of F/S Audit
• Opinion expression as to the
fair presentation of the F/S

In my opinion, the F/S present fairly the

financial position, performance and cash
flows...

, CPA
Objective of F/S Audit
•Obtain a reasonable assurance
that the F/S do not contain
material misstatements, whether
caused by fraud or error.
Objective of F/S audits...

7
General steps in F/S audit
1. Understand the client and its environment, including internal control.

2. Assess the risks of material misstatements.

3. Design and perform “further” audit procedures (TOC &/or ST).

4. Wrap-up the audit.

5. Issue the audit opinion.

8
Phases of F/S auditing

9
Relevant PSAs
• PSA 210, “Agreeing the Terms of
Audit Engagements

• PSA240, “The Auditor’s

Responsibilities Relating to Fraud
in an Audit of Financial
Statements”

• PSA 250, “Consideration of Laws

and Regulations in an Audit of
Financial Statements”
Relevant PSAs
• PSA 300, “Planning an Audit of
Financial Statements”

• PSA 315 (Revised 2019),

“Identifying and Assessing the
Risks of Material Misstatement”
Relevant PSAs
•PSA 330, “The Auditor’s Responses to Assessed Risks”
Query:

• Why risk-based audit

13
Risk assessment:
heart & soul of modern auditing
• It is where the battle is won or
lost.

• Our mission is to detect

material misstatements in the
F/S. But how?

• Where are the material

misstatements in the FS? Risk
assessment gives us that
ability.
The basis of audit programs
• If auditors do not assess their
clients' risks, they will have no
basis for designing audit
programs that respond to those
risks.

• Regardless of the amount and type

of substantive testing they perform,
the auditors will have no way of
knowing whether their audit
procedures have reduced audit
risk to an acceptably low level.
If risk assessments are ignored...

• Performing substantive procedures

without linking them to a risk
assessment is like “throwing darts
while blindfolded.”

• The auditor might occasionally hit the

bull's-eye and properly respond to a
client's specific risks, but more often, he
would miss the board entirely.
Link risk assessments &
audit procedures

•Even if auditors use standardized practice aids, they

are still required to perform a risk assessment and
show the linkage between that assessment and the
audit programs.

•Auditors should not assume that the audit

procedures indicated in their standardized audit
templates will always address a particular client's
risks, without performing actual risk assessments.
Overview of
Risk-based
Auditing

18
Risk-based Audit

• Further audit procedures are Tests of Controls (TOC) and Substantive

Procedures.
• Why did the auditors perform those procedures? Because that’s they did last
year (SALY procedures).
 Risk-based auditing
Design and perform audit
procedures that respond to
Assess FS risks of material assessed risks and reduce to Issue a suitably worded audit
misstatement acceptably low level report

What events Did the events What audit opinion,

could occur that would identified occur and based on the evidence
cause a material result in a material obtained, is appropriate
misstatement in the misstatement in the on the financial
financial statements? financial statements? statements?
20
 Risk assessment
• Objective: To identify and assess the risks of material misstatement, whether due to
fraud or error, at the F/S and assertion levels...
• Through understanding the entity and its environment, providing a basis for designing
and implementing responses to the assessed risks of material misstatement.
Risk assessment
 Audit risk & components
• The risk of material misstatement consists of two components: inherent risk &
control risk.

• The previous PSA 315 did not explicitly require separate assessments of inherent
risk and control risks, but rather to a combined assessment of the “risks of material
misstatement.”

23
Pre-acceptance procedures
Risk assessments

Understanding The Entity and Its Environment

Steps: Risk-based audit
1. Obtain an understanding of the entity and its environment,
including internal control.
2. Assess the risks of material misstatements.
3. Develop the audit programme to address the assessed risks.
4. Perform the audit programme.
5. Issue an opinion.
Risk assessment

PSA 315
 External and Internal
Environment of the entity

What accounts might be

affected by the factors in
the external and internal
environment

Identify the risks of

material misstatements in
the identified account

What procedures are you

going to perform to
address the risk/s
identified?
 Industry, regulatory factors
Understand the client’s
Other external factors
business and industry
Nature of the entity
Measurement of performance

Identify business risks

Assess the RoMM

 Business
Risks
Key Risk

Key Risk
Key Risk

Key Risk
Audit
risks
identified
 Business
Risks

Key Risk

Key Risk

Key Risk
Key Risk

Key Risk
Audit
risks
identified
Risk of material misstatement

Business risk Risk of material misstatement

The business may lose sales as a Uncertainties over going concern

result of the the entry of more may not be fully disclosed in the
competititors in the industry. notes to FS.
 Risk of material misstatement

Business risk Risk of material misstatement

Substandard products requiring Omission of adjustments in related

product recalls and/or increase in accounts (e.g. sales allowances,
warranty services provided to product warranty liabilities).
customers.
Fraud risk factors – Events or conditions that
indicate an incentive or pressure to commit fraud or
provide an opportunity to commit fraud. (PSA
240)
 Linkage of assessed risks
& audit procedures
Class of Assess Further Audit
Transaction, Risk of Is This a Procedures to Be
Account Relevant Material Signif- PerformedAudit Response Reference to
Balance, or Assertion Inheren Control Misstate- icant incl. Special Consideration Audit Program
Disclosure Risk Description Affected t Risk Risk ment Risk? for significant risks Steps

Select Enter text Select Assertion Select Select Select Select Enter text Enter text
Level Level Level

Select Enter text Select Assertion Select Select Select Select Enter text Enter text
Level Level Level

Select Enter text Select Assertion Select Select Select Select Enter text Enter text
Level Level Level

Select Enter text Select Assertion Select Select Select Select Enter text Enter text
Level Level Level
 AUDIT PLANNING DOCUMENT

Name of Client: Prepared by: Date:

Closing Date: Reviewed by: Date:

1 Audit Scope, Acceptance/Continuance & Independence

1.1 Audit Scope Describe the scope
of the audit
1.2 Results from Client Example We have completed our client acceptance/continuance procedures and have not identified
Acceptance/Continuance any issues, which would indicate that we should not accept the audit/continue as the auditors to the
Procedures and Independence company. We are satisfied that there are no issues connected to the owners/managers or matters
Review Describe the results from the related to the business which would indicate that the company would not be a suitable client. We
client acceptance and continuance have also completed our independence review and are satisfied that there are no relationships either
procedures and the independence personal or professional in nature, which would affect our objectivity and independence while
review. completing our duties as auditor.

2 Understanding the business

2.1 Understand the Nature of the Entity Identify key factors underlying the nature of the entity. Indicate how they influence management’s
actions and consider potential business and financial statement risks that may arise from them.

Inherent Risk Factors Accounts & Assertions affected

Examples of factors to consider: Legal Form of the Business & OwnershipPrincipal Activities, Main Products and ServicesLocations,
facilities, plant & equipmentManufacturing process and sales/distribution methodsEmployees and unionization
2.2 Understand Key Market Forces and Other Key Environmental Factors Identify key market forces and other key environmental factors. Indicate how they influence management’s
actions and consider potential business and financial statement risks that may arise from them.

Inherent Risk Factors Accounts & Assertions affected

Examples of factors to consider: General Economic Trends/Regional and Local Economic ConditionsSignificant Trends in the Industry/Key Competitors and Competitive IssuesKey
Suppliers/Vendor RelationshipsKey Customers/Market PositionSources of Financing/Credit AvailabilityLegal and Regulatory Requirements Affecting the BusinessAccounting Practices and
Reporting Obligations Affecting the BusinessTaxation Matters Affecting the BusinessTechnological Advances Affecting the BusinessSocial, Economic and Political Factors Affecting the
Business

2.3 Understand How the Expectations of Key Stakeholders Influence Management’s Actions Identify key stakeholder expectations. Indicate how they influence management’s actions
and consider potential business and financial statement risks that may arise from them.

Inherent Risk Factors Accounts & Assertions affected

Examples of factors to consider: Key client PersonnelEquity Based Arrangements/ Bonus or Profit Sharing Plans

2.4 Understand the Business Strategies and Objectives Identify key business strategies and objectives. Indicate how they influence management’s actions and consider potential business
and financial statement risks that may arise from them.

Inherent Risk Factors Accounts & Assertions affected

3 Observations from Preliminary Analytical Review
Populate the table below with the client’s draft accounts, describe the causes of any significant variances and indicate which matters require an
audit response. Insert additional account balances when appropriate.

Account balance Current year Prior year Net change Net change
PhP PhP PhP %

Fixed assets
Inventory
Trade receivables
Prepayments
Cash and cash equivalents
Trade payables
Accruals
Long term debt
Share capital
Retained earnings
Sales
Cost of sales
Gross profit
Wages and salaries
Administrative costs
Finance costs
Profit/loss for year
For each significant movement provide detail of the causes of the movement. Indicate any matters requiring follow up during the audit.
Risk assessment procedures
Analytical Procedures, defined
• Analytical procedures - evaluation of financial information
through analysis of plausible relationships among both
financial and non-financial data.

• Analytical procedures also encompass such investigation as

is necessary of identified fluctuations or relationships that are
inconsistent with other relevant information or that differ
from expected values by a significant amount.
Analyticals in different audit stages
• Audit planning stage – To identify risks
of material misstatements (e.g, unusual
fluctuations in certain accounts,
unreasonable relationships between
accounts)

• Audit wrap-up stage –

• Determine whether unanswered
questions still exist.
• The auditor wants to know if the
questions raised in the beginning are
now answered.
Illustration:
End of End of Increase Explanation
current year previous Year
Accounts
receivable P 50,000,000 P 10,000,000 P 40,000,000

Current Year Previous Year Increase Explanation

(audited)

Sales P 51,000,000 P 50,000,000 P 1,000,000

Possible Issue Audit Procedure

1) Existence of receivables Confirmation of
receivables
Illustration:

Current Previous Decrease Explanation

Year Year
Significant decrease in
sales during the year,
Sales P40,000,000 P100,000,000 P60,000,000 when there is no change
in the economic
environment and industry
conditions.

Possible Issue Audit Procedure

1) Completeness of • Sales cut-off
recorded sales
2) .... ...
Illustration:
Current Year Previous Year Explanation
Inventory
turnover 5x 10x Difficulty in
selling products.
Average age of 72 days 36 days
inventory

Possible Issue Audit Procedures

Valuation of inventories Conduct ocular inspection of the
inventory items (identify slow-moving,
obsolete items
Potential non-recognition of Inquire client’s treatment of obsolete
impairment loss on merchandise.
inventory. Determine net realizable values of
inventories
Analytical Procedures
Statement of Comprehensive Income
Company Name:
Reporting Period:

20 20
2021 Change % C h an g e
[C u r re n t Y e a r ] [P r e v io u s (A - B = C ) (C/B*100=D)
Year]
(A) (C ) (D)
(B )
Revenue
Cost of Sales
Gross Profit
Gross Profit %
25
Selling and Distribution Costs

Administrative Expenses

Other Operating Income

Other Expenses

Profit Before Tax

Tax Expenses

Profit After Tax

Comments for significant variances noted:

Analytical Procedures
Key Financial Ratios
2021 2020

Key Ratios Formula [Current Year] [Previous Year]

Trade receivable Days

Inventory Days 27

Trade payable Days

Return on capital employed

Return on total assets

Current Ratio

Solvency test ratio -

concern considerations)
[Other]

Comments

Prepared by: D a te :

Reviewed by: D a te :
Business risks & fraud risks

49
 Identify the risks...
The objectives of the auditor are:

•To identify and assess the risks of material misstatement of the financial statements due
to fraud or error;
•To obtain sufficient appropriate audit evidence regarding the assessed risks of material
misstatement due to fraud or error, through designing and implementing appropriate
responses

50
What do we need to get an
understanding of?
• The scope of the understanding
required by the auditor for identifying
risks is contained in six key areas, as
follows:

51
How do we get this
“understanding”?
• Gathering (or updating) relevant information provides an important frame of reference for
identifying and assessing possible risk factors.

52
 Sources of risks
• Errors and fraud in financial statements arise from risk factors that have their origin in one
or more of the six required areas of understanding the entity.

53
Map the risks to FS assertions

54
Map the risks to FS assertions

55
Assess inherent fraud risks
 Assess the risks
• Assessment in terms of
likelihood and impact.

57
 Significant risks
• After the business and fraud risks have been identified and assessed, consideration can be given to the existence of
significant risks.

• Significant risk - is where the assessed risk of material misstatement is so high that, in the auditor’s judgment, it will
require special audit consideration.

Examples:

• High risk activities

• Large non-routine transactions (size or nature)
• Matters requiring judgment or management
intervention
• Potential for fraud

58
Documentation

59
 Understand internal controls
• The auditor shall obtain an understanding of internal control relevant to
the audit.

60
 Risk and control
• Inherent business and fraud risks are identified during the risk identification and risk
assessment phase.
• Management mitigates such risks by designing and implementing internal controls and
procedures that will reduce such risks to an acceptably low level.
• The amount of risk left over, after internal controls have been designed and implemented, is
the risk of material misstatement (sometimes referred to as residual risk).

61
Internal control
• Control risk – the risk that internal control may not be able to
prevent or detect material misstatements due to fraud or error on a
timely basis.

• Transaction walkthrough

• Determine if key controls are existing, suitably designed and have

been implemented.

• Test specific controls that appear to prevent or detect material

misstatement.
Consideration of internal control
Based on the
result of the
walkthrough

Are we going Perform

to rely on the Detailed
internal Substantive
Controls? Testing

Perform test
of controls
Internal control

• Tests of controls are performed in order to assess Control Risk on a

relevant assertion (e.g. completeness, occurence, valuation)

• The assessed inherent and control risks on a given assertion for a

material account balance or transaction class are then combined to
determined the RoMM.
CLIENT: ABC Company TESTS OF CONTROL PROCEDURES - REVENUE CYCLE
YEAR: 2021
Contribution to financial Automated or Preventive
statement assertions Manual or

Control control
*1 Detective
Test of controls to
Process Sub-process Control Activities
Objectives A C CO E/O PD RO V A M P D
perform

Revenue & Orders are recorded The order entry system automatically validates sales Confirm by observation of sales entry process
Receivables completely and order data input (e.g. customer name and number, prices, that customer details, product details, prices,
accurately. terms, and credit limits) against master file data. Entries
with invalid, missing or incomplete information are
sales taxes and sales order total values are
rejected for re-entry or stored in a suspense file for automatically determined by the system.
Order Processing A C V A P
follow-up. Test system data validation by entering
erroneous data (test data) and verifying that the
system rejects incorrect data.

Revenue & Orders are recorded A one-for-one check between the sales order source
Receivables completely and documents (i.e. customer initiated purchase order, signed
accurately. contract etc.) and the sales order occurs. Any
Order Processing discrepancies are identified and re-entered. The check A E/O RO V M D
occurs again for re-entered data.
 Conclusions in the
assessment of risks
• Conclude the risk assessment phase of the audit by documenting the assessed risks at the
financial statement and assertion levels.

66
 Determining risk of
material misstatement

The summary of assessed risks can be documented

in a number of ways.
•A stand alone document.
•Include with the overall audit strategy and audit
plan.
•Incorporate risk assessments as part of the auditor’s
documentation of further procedures.
67
Assessing RMM at the assertion level
 Audit Strategy Matrix
Effect of risk scores on audit scope:
• Low risk – preliminary and final analytical procedures sufficient (Limited
Approach)
• Moderate risk – primarily analytical (Moderate Approach)
• High risk – procedures for additional assurance (Extensive Approach)

Risk score Type of substantive procedure

Inherent Risk Control Risk ABC
Balance Sheet Income Statement
Assessment Low High Approach
Low A B A Analytical Analytical
Medium A C B Test of details Analytical
High B C C Test of details Test of details

70
SUBSTANTIVE ANALYTICAL Client: ABC Co.
PROCEDURE
RENT EXPENSE
Period: Prepared by: Reviewed by:
December 31, 2021 jdelacruz, 01/06/2022
Objective:
To test the reasonableness of the rent expense in the client’s income
statement.
Procedures & Results:
Monthly Rental Payment (per Lease Contract)* P 10,000
No. of Months covered 12
Rent Expense per Audit P 120,000
Rent Expense per Books P 120,000
Difference -0-

*See permanent file for the lease contract (attached a copy).

Conclusion:
Accounts Assertions Planned Procedures
     
1)Revenue/Receivables Valuation •Assess collectability of
– the increase in the   the receivables
company’s receivables   •Review ageing schedule
is a result of the slow-   prepared by client.
down in the company’s    
collections.
 
2) There is possibility   •Perform sales cut-off
of pre-mature Completeness
recognition of revenue.
 

  •Perform vouching
procedures on recorded
Occurrence sales
•Confirm receivables
 
 
     
2) Inventories – The Existence •Perform inventory
Company has opened   observation during
20 new branches in   inventory count.
various locations as    
part of its expansion.    
   
Completeness •Perform cut-off
  procedures for
purchases and sales
 

3) Because of the Going concern • Assessment of

pandemic, recurring appropriateness of the
losses which resulted use of Going concern
in capital deficiency of assumption.
P1,000,000  
• Request for business
recovery plan.
 
Sample audit program
Audit 1) To ascertain existence of trade and other receivables.
Objectives: 2) To ascertain completeness of trade and other receivables
3) To ensure that trade and other receivables are properly valued
4) To ensure that proper disclosure is done in the NFS

1) Obtain aging analysis of trade WP Ref. Performed by Reviewed by

and other receivables

2) Confirmation:
Select samples from the aging
analysis.

3) For accounts with differences,

request client to reconcile. Validate
reconciliation .
Sample audit program
WP Ref. Performed Reviewed by
by
Perform alternative
procedures:
1)Examine sales invoices
2) Examine official receipts
issued subsequent to audit
date

Test of adequacy of
allowance for doubtful
accounts

1) Inquire with management

the reason for non-collection
of long-outstanding accounts.

2) Determine the need to

provide additional doubtful
accounts expense.
 Summary
• The auditor shall identify and assess
the risks of material misstatement,
whether due to fraud or error, at the
financial statement and assertion
levels...

• Through understanding the entity and

its environment, including the entity’s
internal control,

• Thereby providing a basis for

designing and implementing responses
(substantive procedures, tests of
controls) to the assessed risks of
material misstatement.

76
77
 Sources:
• PSA 210, “Agreeing the Terms of the Engagement”, Auditing and Assurance Standards Council
(AASC), lifted from International Standards on Auditing 210 of the International Auditing and
Assurance Standards Board (IAASB).
• PSA 300, “Planning and Audit of the Financial Statements”, Auditing and Assurance Standards
Council (AASC), lifted from International Standards on Auditing 300 of the International Auditing
and Assurance Standards Board (IAASB).
• PSA 315, “Identifying and Assessing the Risks of Material Misstatement”, uditing and Assurance
Standards Council (AASC), lifted from International Standards on Auditing 315 of the International
Auditing and Assurance Standards Board (IAASB).
• PSA 320, “Materiality in Planning and Performing an Audit”, uditing and Assurance Standards
Council (AASC), lifted from International Standards on Auditing 320 of the International Auditing
and Assurance Standards Board (IAASB).
• PSA 330, “The Auditor’s Responses to Assessed Risks”, uditing and Assurance Standards Council
(AASC), lifted from International Standards on Auditing 330 of the International Auditing and
Assurance Standards Board (IAASB).
• Implementation guide to using ISAs in the audits of small and medium sized entities, International
Federation of Accountants (IFAC).