CHAPTER 11

A RISK-BASED AUDIT APPROACH

I.

Review Questions
1.

Holding a belief that a potential conflict of interests always exists causes

auditors to perform procedures to search for errors or irregularities that would
have a material effect on financial statements. This tends to make audits more
extensive for the auditor and more expensive for the client. The situation is not
a desirable one in the vast majority of audits where no errors or irregularities
exist.

2.

Errors and irregularities: Auditors are required to plan the audit to detect errors
and irregularities that would have a material effect on the financial statements.
Clients illegal acts: Auditors are not required to search for illegal acts, but they
are warned to be alert to any that might be detected in the ordinary course of an
audit.

3.

Seven major assertions in financial statements:

a.

Existence assertion:
The practical objective is to establish with evidence that assets, liabilities
and equities actually exist and that sales and expense transactions actually
occurred. Cut-off can be considered an aspect of the existence assertion.

b.

Occurrence assertion:
The practical objective is to establish with evidence that recorded
transactions or events that occurred during a given accounting period
pertained to the entity.

c.

Completeness assertion:
The practical objective is to establish with evidence that all transactions of
the period are in the financial statements and all transactions that properly
belong in the preceding or following accounting periods are excluded.
Another term for these aspects of completeness is cut-off.
Completeness also refers to proper inclusion in financial statements of all
assets, liabilities, revenue, expense, and related disclosures.

11-2

Solutions Manual - Assurance Principles, Professional Ethics

d.

Rights and Obligations assertion:

The practical objectives related to rights and obligations are to establish
with evidence that assets are owned (or rights such as capitalized leases are
shown) and liabilities are owed.

e.

Measurement assertion:
The practical objective is to establish with evidence that a transaction or
event is recorded at the proper amount and revenue or expense is allocated
to the proper period.

f.

Valuation assertion:
The practical objective is to establish with evidence that proper values have
been assigned to things (assets, liabilities, equities and related disclosures)
and events (revenues, expenses and related disclosures).
Auditing
Standards refer to the practical objective of obtaining evidence about
valuations achieved by cost allocations such as depreciation and
inventory costing methods.

g.

Presentation and Disclosure assertion:

The practical objective is to establish with evidence that accounting
principles used by management are appropriate in the circumstances and are
applied properly, and that disclosures contain all information required by
generally accepted accounting principles.

4.

Benefits of preliminary assessment of materiality:

Fine-tune the audit for effectiveness and efficiency.
Help auditors avoid surprises related to:
Finding out too late about not auditing enough.
Finding out later about auditing too much.
Is P500,000 material? Maybe.
Absolute size. If you think so, its material just because its a large
number.
Relative size.
No. If P500,000 is less than 5% of a relevant base.
Maybe. If P500,000 is between 5% and 10% of a relevant base.
Yes. If P500,000 is 10% or more of a relevant base.
Nature of the item. Yes, P500,000 is material if it arises from an illegal
act.

5.

Yes, auditors have credited discovery of errors and irregularities to analytical

review procedures in 27.1% of the cases in a set of audits, and another 18.5%
discovery rate was attributed to prior expectations and discussions.

A Risk-based Audit Approach

6.

11-3

In assessing inherent risk and control risk, the auditor must consider the types of
errors or irregularities that might occur and their impact on the financial
statements (materiality.) In evaluating materiality, the auditor should consider
the impact of errors and irregularities both individually and in the aggregate.
Auditing Standards require that the auditor design the audit to provide
reasonable assurance of detecting errors and irregularities that are material to the
financial statements. Auditing Standards require that audit risk and materiality
be considered both in planning the audit and in evaluating audit results.
Control risk and inherent risk are also directly related to the setting of
materiality thresholds. If, for example, application of analytical procedures
(inherent risk analysis) leads the auditor to suspect earnings inflation, individual
item materiality thresholds should be reduced accordingly (i.e., either the
materiality percentage or the amount of unaudited income should be decreased.)
Similarly, if control risk analysis leads the auditor to suspect numerous errors,
aggregate materiality thresholds need to be lowered accordingly.
7.

An auditors reaction to an immaterial error may differ from his or her reaction
to an immaterial irregularity. Auditors generally accumulate the amount of
individual immaterial errors to be sure that the aggregate of all errors is not
material. In addition, the auditor is concerned about whether an error came from
a misunderstanding or other cause that would have resulted in yet more errors
during the period. An auditor is expected to report all irregularities to the audit
committee or the board of directors and senior management.

8.

Refer to pages 436 to 437 of the textbook.

9.

Refer to pages 440 to 441 of the textbook.

10. Refer to page 430 of the textbook.

11. Inventory is included in the acquisitions and payments, payroll and personnel
(for manufacturing concerns), and production and warehousing cycles.
12. Tolerable misstatement is the amount of materiality allocated to an account or
class of transactions. Tolerable misstatement is a portion of planning materiality
allocated to the audit of an account or class of transactions and is directly related
to materiality.
13. The factors that should be considered are the peso amount of the account, the
likelihood of error, and the cost of auditing the account.
14. In evaluating audit risk for an engagement, auditing standards indicate that an
auditor should consider (1) management characteristics, (2) operating and
industry characteristics, and (3) engagement characteristics.

11-4

Solutions Manual - Assurance Principles, Professional Ethics

15. Use the model AR = IR x CR x DR to solve for different values of Audit Risk
(AR) when internal control risk (CR) is given different values. In all cases IR =
0.90 and DR = 0.10, therefore, AR = 0.90 x CR x 0.10
When CR is
0.10
0.50
0.70
0.90
1.00

AR is
0.009 or 0.9 percent
0.045 or 4.5 percent
0.063 or 6.3 percent
0.081 or 8.1 percent
0.090 or 9.0 percent

16. a.

Risk of Assessing Control Risk Too Low or Overreliance is a matter of

judgment about the importance (key) characteristic of a particular client
control procedure. An auditor can take more risk of assessing control risk
too low on unimportant controls than on important (key) ones.
Alternatively, the risk of assessing control risk too low can be considered a
constant (say, 0.05) and the importance of a control can be measured in
terms of a smaller or larger tolerable rate. (The authors prefer the latter
approach.)

b.

Risk of Assessing Control Risk Too High or Underreliance is a matter of

judgment about the efficiency of an audit engagement. The risk can be
quite high when the audit team is willing to do extensive substantive work
anyway. If the work budget is tight, auditors need to find objective ways
(e.g., larger test of controls audit samples) to mitigate the risk.

c.

Tolerable Deviation Rate is a judgment about how many control deviations

can exist in the population, yet the control can still be considered effective.
Auditors need to be careful about brushing aside findings of deviations.

d.

Expected Deviation Rate in the Population is an estimate, usually based on

assumptions or sketchy information, of the imbedded incidence of control
deviations. The only use of this estimate in classical attribute sampling is to
figure a sample size in advance. The statistical evaluation (CUL
calculation) does not use it.

e.

Population Definition might be called a judgment about identification of the

population of control performances that correspond to an audit objective.
For example, an auditor would want to be sure he is sampling from a file of
recorded documents if his objective is to audit the controls over transaction
validity.

17. Assessing the control risk too low causes auditors to assign less control risk
(CR) in planning procedures than proper evaluation would cause them to assign.
The result could be (1) inadvertently conducting less audit work than properly

A Risk-based Audit Approach

11-5

necessary and taking more audit risk (AR) than originally contemplated, perhaps
to the unpleasant results of failing to detect material misstatements (damaging
the effectiveness of the audit) or (2) discovering in the course of the audit work
that control is not as good as first believed, causing an increase in the audit
work, perhaps at a time when doing so is very costly (damaging the efficiency of
the audit).
18. The important consideration involved in judging an acceptable risk of assessing
control risk too high is the efficiency of the audit. Assessing control risk too
high causes auditors to think they need to perform a level of substantive work
which is greater than a proper evaluation of control would suggest. Assessing
control risk too high leads to overauditing.
Some auditors may be willing to accept high risks of assessing the control risk
too high because they intend to overaudit anyway, and the audit budget can
support the work.
Other auditors want to minimize their work (within acceptable professional
bounds of audit risk) and thus want to minimize the risk (probability) of
overauditing by mistake.
Technically, the risk of assessing control risk too high in relation to an attribute
sample is the probability of finding in the sample (n) one deviation more than
the acceptable number for the sampling plan. For example, if the plan called
for a sample of 100 units and a tolerable rate of 3 percent at a 0.10 risk of
assessing control risk too low, the acceptable number is zero deviations.
The probability of finding 1 or more deviations when the population rate is
actually 2 percent is:
Probability (x > 0 : n = 100, r = 0.02)

=
=
=

1 (1 r) n
1 (1 0.02) 100
0.867 or 86.7 percent

19. All the elements of the risk model are products of auditors professional
judgments. Auditors must judge:
Inherent risk the probability that material errors or irregularities have entered
the accounting system used to develop financial statements.
Internal control risk the probability that clients system of internal control
policies and procedures will fail to detect material errors and irregularities,
provided any enter the data accounting system in the first place.
Analytical procedures risk the probability that auditors analytical procedures
will fail to produce evidence of material errors and irregularities, provided
any have entered the accounting system in the first place and have not been
detected and corrected by the clients internal control procedures.

11-6

Solutions Manual - Assurance Principles, Professional Ethics

Audit risk the probability that auditors will not discover by any means errors
and irregularities that cause an account balance to be materially misstated.
Test of detail risk appears at first glance to be the product of a formula and not a
professional judgment. However, everything in the risk model is a judgment, so
the test of detail derived from the model is no less a judgment.

20. An incorrect acceptance decision directly impairs the effectiveness of an audit.

Auditors wrap up the work and the material misstatement appears in the
financial statements.
An incorrect rejection decision impairs the efficiency of an audit. Further
investigation of the cause and amount of misstatement provides a chance to
reverse the initial decision error.
21. Detection risk is the component of audit risk that is controllable by the auditor.
It may be raised or lowered by reducing or increasing the amount of substantive
audit testing. It is determined by the auditors assessment of inherent risk and
control risk.
22. The auditor deals with both inherent risk and control risk during the planning
phase of the audit. Inquiry of client personnel, study of the business and
industry, application of analytical procedures, and documentation of the
auditors initial understanding of internal control are all performed during the
planning phase of the audit. Further study of internal control procedures may
occur after the planning phase if the auditor wishes to further reduce the
assessed level of control risk, and considers it economically feasible to do so.
23. An auditor would assess control risk to be at maximum when (1) effective
controls for the assertion have either not been designed or not put in place, or (2)
when the auditor believes performing substantive tests of the assertion is more
cost effective. When an auditor assesses control risk to be below the maximum,
the auditor should believe that effective controls are present to prevent or detect
misstatements in the financial statement assertions.
24. When the auditor assesses control risk at a level lower than maximum, the
auditor may generally perform fewer substantive tests.
25. The audit risk model is useful in managing audit risk for assertions. By
determining planned audit risk for an assertion, assessing inherent and control
risks, an auditor can determine the allowable detection risk (the amount of
detection risk an auditor can allow) for an assertion. Allowable detection risk is
used to determine the nature, timing, and extent of audit procedures for the
assertion.

A Risk-based Audit Approach

11-7

26. Detection risk exists because auditors (1) may use an inappropriate audit
procedure, (2) may misapply an audit procedure, (3) may misinterpret the
findings, or (4) do not examine 100 percent of an account balance or transaction
class.
27. The amount of audit evidence an auditor must gather varies inversely with
allowable detection risk. As allowable detection risk decreases, the amount of
evidence required increases, and vice versa. Chapter 12 introduces audit
procedures and discusses how auditors modify audit procedures to obtain
sufficient competent evidential matter by changing (1) the nature, (2) the timing,
or (3) the extent of procedures.
28. The audit risk model is
Audit risk (AR) = Inherent risk (IR) x Control risk (CR) x Detection risk (DR)
29. Risks identified at the financial statement level may have a substantial impact on
the assessment of inherent risk for specific assertions. For example, concern
about management integrity, identified as a risk at the financial statement level,
would cause an auditor to assess a higher level of inherent risk for existence of
sales.
II. Multiple Choice Questions
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.

d
c
c
b
d
a
c
d
c
d

11.
12.
13.
14.
15.
16.
17.
18.
19.
20.

d
a
c
c
a
a
a
d
b
d

21.
22.
23.
24.
25.
26.
27.
28.
29.
30.

b
d
d
c
d
a
b
a
a
b

31.
32.
33.
34.
35.
36.
37.
38.
39.
40.

b
a
d
a
d
d
c
b
a
a

41.
42.
43.
44.
45.
46.
47.
48.
49.
50.

b
d
a
c
c
d
d
c
b
d

51.
52.
53.
54.
55.
56.
57.
58.
59.
60.

a
a
b
a
c
d
b
d
d
c

61. a
62. c
63. d

III. Comprehensive Cases

Case 1. a.

Antonios activity is an irregularity (intentional distortion of financial

statements) rather than error (unintentional mistake). It is also an illegal act
on Antonios individual part.

b.

The problem does not describe the kind of related party transactions
discussed in PSA 550.

11-8

Solutions Manual - Assurance Principles, Professional Ethics

c.

Yes, a weakness in internal control exists. It may be considered a material

weakness because the compensating control (internal auditors work on
slow-moving inventory) did not operate in a timely enough manner to detect
the irregularity before it had gotten large.
If a material weakness in internal control exists, Brava & Campos are
obligated to report it to management and/or the board of directors.

d.

The problem description indicates that this element of the audit was
conducted in a negligent manner. Theres nothing wrong about auditing a
sample of the transactions, but Campos follow-up and explanation of the
missing receiving reports leaves much to be desired. At the very least he
could have reviewed the reports produced by Antonio at a later date, and he
could have traced the purchases to the inventory records and perhaps
noticed an over-stocking condition. The auditors had some evidence that an
irregularity might exist, but they failed to apply extended audit procedures
properly.

Case 2. a.

Yes. Nicolas was a party to the issuance of false financial statements and as
such is a joint tortfeasor. The elements necessary to establish an action for
common law fraud are present. There was a material misstatement of fact,
knowledge of falsity (scienter), intent that the plaintiff bank rely on the false
statement, actual reliance and damage to the bank as a result thereof. If
action is based upon fraud there is no requirement that the bank establish
privity of contract with the CPA. Moreover, if the action by the bank is
based upon ordinary negligence, which does not require a showing of
scienter, the bank may recover as a third-party beneficiary (an exception to
the strict privity requirement). Thus, the bank will be able to recover its
loss from Nicolas under either theory.

b.

No. The lessor was a party to the secret agreement. As such, the lessor
cannot claim reliance on the financial statements and cannot recover
uncollected rents. Even if he was damaged indirectly, his own fraudulent
actions led to his loss, and the equitable principle of unclean hands
precludes him from obtaining relief.

c.

Nicolas was not independent. His report is improper and he is probably

subject to disciplinary action by the professional organization or regulatory
body. According to the ethics interpretation on actual or threatened
litigation:
An expressed intention by the present management to commence litigation
against the auditor alleging deficiencies in audit work for the client is
considered to impair independence if the auditor concludes that there is a
strong possibility that such a claim will be filed.

A Risk-based Audit Approach

11-9

Case 3.
1.
2.
3.

h
k
g

4.
5.
6.

j
f
a

7.
8.
9.

Case 4. 1.

a.
b.

Sales and collections cycle

Presentation and disclosure

2.

a.
b.

Production and warehousing

Valuation

3.

a.
b.

Acquisitions and payments

Existence

4.

a.
b.

Investing and financing

Existence

5.

a.
b.

Acquisitions and payments

Existence

6.

a.
b.

Investing and financing

Valuation

7.

a.
b.

Investing and financing

Rights and obligations

o
l
c

10. b
11. n
12. p

Case 5. a.

Audit Risk = Inherent Risk x Control Risk x Detection Risk

Detection Risk = Audit Risk / (Inherent Risk x Control Risk)
Detection Risk = 3% / (100% x 50%)
Detection Risk = 6%

b.

Detection Risk = Audit Risk / (Inherent Risk x Control Risk)

Detection Risk = 5% / (100% x 50%)
Detection Risk = 10 %

13. i
14. d

Case 6. (1) Adjustment is not necessary for two reasons:

(a) The amount involved is not material.
(b) The present classification is an acceptable one.
(2) Reclassification of the credit balances is not warranted because the amounts
are not material.
(3) Making direct entries in the general ledger without use of journals is not an
acceptable practice. It prevents proper authorization, is conducive to errors,

11-10

Solutions Manual - Assurance Principles, Professional Ethics

and may be used to conceal fraud. Journal entries should be developed by
the client for the transactions in question regardless of the amounts
involved.
(4) Credit memoranda should be controlled by serial numbers and should bear
the approval signature of an executive in all cases. Any violation of these
rules is a virtual invitation to the concealment of irregular transactions. The
client should be so advised in the report on internal control.
(5) Explanations should be required for all general journal entries. A
transaction regarded as usual by one employee might be considered as
unusual by another, and the practice now in effect will surely lead to journal
entries not readily understandable. The client should be so advised.
(6) Missing posting references should be determined and inserted in the ledger
by the clients employees.
(7) No adjustment is required because the amount is not material. Even if the
amount were material, no adjustment would be required for the purpose of
calendar year financial statements.
(8) This insignificant shortage should be called to the attention of the petty cash
custodian and any paper work thereby avoided; the amount involved does
not warrant any action by the auditors.
(9) An adjusting entry should be proposed as follows:
Advertising Expense .......................
3,000
Miscellaneous Expense............
3,000
To correct erroneous classification for expenditures for
advertising.
(10) An adjusting entry is probably warranted in the case although the amount is
relatively small. As a means of assuring that all notes payable outstanding
are reflected in the accounts, it is helpful to compute each periods interest
expense exactly and to reconcile this amount with the notes shown as
outstanding.
Prepaid Interest................................
1,000
Interest Expense ......................
1,000
To defer interest expense applicable to the succeeding period.
(P12,000 x 10/120.)

Case 7. The purposes of obtaining the representation letter are to have management
acknowledge their primary responsibility for the financial statements, and to get
in writing the important oral representations that have been obtained from

A Risk-based Audit Approach

11-11

management during the course of the audit. PSA 500, Audit Evidence, requires
that the auditors obtain written representations from management on every audit
engagement. Failure to do so is a scope limitation, which precludes the
auditors from issuing an unqualified opinion. The representation letter should
be signed by members of management that are responsible for and
knowledgeable about the matters covered by the representations and that,
normally, they should be signed by the chief executive officer and the chief
financial officer. The auditors should consider the effects of managements
refusal to furnish written representations on their ability to rely on other of their
representations.
PSA 700, The Auditors Report on Financial Statements, states that when the
client imposes restrictions that significantly limit the scope of the audit, the
auditors generally should issue a disclaimer of opinion.
(a) The following are alternative courses of action that are available to you, and
supporting arguments.
(1) You could accept Angeles suggestion and issue an unqualified opinion.
Delos Santos is no longer part of management of the company.
Therefore, there is no reason to require his signature on the
representation letter. Your firm can still adhere to the letter of the
standard by having Gamboa sign the letter.
(2) You could issue a qualified opinion because of the scope limitation.
delos Santos was an important part of management during the period
under audit. He is knowledgeable of and responsible for many of the
matters covered by the representations. Failure to obtain his signature
would be a significant scope limitation. Since delos Santos is no longer
part of management, this is not a scope limitation imposed by the client
that would generally result in a disclaimer of opinion.
(3) You could issue a disclaimer of opinion, using the arguments from (2),
but concluding that the refusal to sign is a scope limitation imposed by
management.
The mysterious circumstances surrounding the
resignation of delos Santos might also support this conclusion.
(4) You could withdraw from the engagement. This course of action may
be justified if delos Santos refusal to sign the letter causes you to
question the integrity of management. The unanswered questions
regarding the reasons for delos Santos resignation also provide some
support for this course of action.

11-12

Solutions Manual - Assurance Principles, Professional Ethics

(b) Our opinion:
The mysterious circumstances surrounding the resignation of delos Santos
should be of as much concern as delos Santos failure to sign the
representation letter. Perhaps delos Santos was being forced by other
members of management to misstate the financial statements. Assuming
that the auditors could resolve their concerns about that matter, it probably
would not be necessary to obtain delos Santos signature on the letter, and
an unqualified opinion could be issued. Obtaining the signature of Gamboa
on the letter also is probably not important, because he is neither
knowledgeable of nor responsible for the matters contained in the
representation letter.

Case 8. Factors that will affect your evaluation of audit risk include

integrity of management Jimenezs reputation and lawsuit.

trend toward domination of operating and financial decisions by
Jimenez.
increased management compensation based on performance.
aggressive attitude toward financial reporting by new personnel.
profitability inconsistent with the industry.

Case 9. The factors that will affect Josefinas audit risk and business risk are (a) this is a
special audit, (b) the audit will be used to set the value of certain assets, (c) the
auditor is to evaluate any disputed amount (although this is a common provision
in purchase agreements, one might question whether auditors should agree to
such terms), and (d) the materiality level is set at P50,000, even though that is
considerably below an amount that might be determined using a percentage of
assets and/or income. These factors will increase the risk at the financial
statement level and potentially increase business risk.
Case 10. a.

The audit risk model gives the following results:

AR = IR x CR x DR (or) DR x AR / (IR x CR)
(1) 2.5%
(2) 0.67%
(3) 1

(4) 3.33%
(5) 2.5%

In the third situation, the auditor does not have to accumulate any evidence
because inherent risk and control risk give the appropriate level of planned
audit risk.
b.

(1) 3 (tied)
(2) 5
(3) 1

(4) 2
(5) 3 (tied)

A Risk-based Audit Approach

Case 11. a.

b.

Case 12. 1.

(1) Medium (4) Low

(2) Low
(5) Low
(3) Low
(1) Least
(2) 2 (tied)
(3) 2 (tied)

a.
b.

2.

a.

b.
3.

a.
b.

4.

a.

b.

5.

11-13

a.
b.

(4) 2 (tied)
(5) 2 (tied)

This will have an impact on audit risk for valuation of accounts

receivable.
Accumulation of additional evidence regarding collectability of
receivables will be necessary.
This situation may or may not affect overall audit risk, depending on
the impact of the financing needed and whether the company will
become so heavily leveraged that profitability becomes inadequate.
This situation might create increased business risk because of the
potential change in ownership. It would have an impact on audit risk
for valuation of stockholders equity.
Additional evidence will have to be accumulated relating to
stockholders equity, as well as any additional debt incurred.
The clients changing of its accounting system will affect control risk in
each cycle, primarily for existence, completeness, and valuation.
Additional information will have to be accumulated about the system in
each cycle.
This will affect risk at the financial statement level, which may also
have an impact on risk for assertions relating to earnings and valuation
of assets. For example, the volatility in the industry may indicate the
potential for inadequate industry earnings or for a clients earnings
being inconsistent with the industry.
Additional evidence will have to be accumulated about the financial
viability of the client and to provide evidence that management fraud
does not exist.
The increase in inventory will affect existence and valuation of
inventory.
Additional evidence will have to be accumulated about the existence
and valuation assertions.

11-14

Solutions Manual - Assurance Principles, Professional Ethics

Case 13. 1.

a.
b.
c.

Sales and collection

Primarily affects existence, completeness, and valuation assertions
Increase

2.

a.
b.
c.

Acquisitions and payments

Potential impact on all assertions
Increase

3.

a.
b.
c.

Sales and collections

Valuation, cutoff, and existence
No effect

4.

a.
b.
c.

Production and warehousing

Valuation
Increase