Risk Based Audit

www.pwc.
com/id
Risk Based Audit
Risk Assessment
Identifying Risks and Developing Strategy
Activities include:
Our understanding Identify internal Establish audit

of the entity controls to mitigate strategy
and its Identification the risks Determine
environment of risks materiality
Risk Assessment August 2016

PwC 2
Understanding the Entity and Its Environment
ISA 315 Objective:
The objective of the auditor is to identify and assess the risks of

material misstatement, whether due to fraud or error, at the
financial statement and assertion levels, through
understanding the entity and its environment,
including the entity’s internal control, thereby providing a
basis for designing and implementing responses to the assessed
risks of material misstatement.

PwC 3
Understanding the Entity and Its Environment
ISA 315
- Industry, regulatory and other external factors
- Nature of the entity
- Selection and application of accounting policies, including the reasons for
changes thereto
- Objectives and strategies and related business risks
- Measurement and review of the entity’s financial performance

PwC 4
Understanding the entity and its environment
How do I gain my understanding?
Inquiries of
management
Analytical
procedures
Observation and
inspection

PwC 5
Understanding the Entity’s Internal Control
The auditor shall obtain an understanding of internal control

relevant to the audit. Although most controls relevant to the
audit are likely to relate to financial reporting, not all controls
that relate to financial reporting are relevant to the audit. It is
a matter of the auditor’s professional judgment whether a
control, individually or in combination with others, is relevant
to the audit.

PwC 6
Definition
Control activities are policies and procedures that help ensure

than management directives are carried out
Control activities
occur throughout
the organisation, at
all levels and in all
functions

PwC 7
Control activities design
The design of controls can be described in many ways.
Three major attributes are:

Frequency
• Annual
• Quarterly
Time of error detection
• Monthly
• Detective IT dependence
• Weekly
• Preventive • Automated
• Daily
• IT dependent
• Manual

PwC 8
4 Techniques for testing the operating
effectiveness of controls
Inquiry Examination
e.g interview with credit e.g inspect the credit
controller about how references or notes made
customers are encouraged by the credit controller
to pay Test of
Control
Observation Reperformance
e.g observing the credit e.g recalculating the aged
controller at work receivable analysis

PwC 9
Identifying Risks

PwC 10
The three components of audit risk
Inherent risk
The susceptibility of an
account balance or class of Control risk
transactions or disclosure The risk that a material
to misstatement, before misstatement will not be
consideration of any prevented or detected Detection risk
related controls. and corrected by the The risk that our audit
client’s internal controls. procedures will not detect
a material misstatement
that exists in the financial
statements.

PwC 11
Brick analogy
Any material
Inherent
misstatement
Risk
at all?
Yes
Control Caught by
Risk Client controls?
No
Detection Caught
Risk by our audit?
No
Audit Wrong
Risk opinion

PwC 12
Case study: Identifying risks
Imagine your client is: What could go

• On line shop business wrong?
• 10,000 customers
• 200,000 orders each year via the Internet
• Payment are collected when the order is placed and processed
when the goods are delivered
Customer Order is Order Financial

places order processed delivered & statements
via Internet on IT systems payments produced
processed
PwC
Case study (continued)
Example scenario
1 1
3
Customer Order is Order shipped Gross
places order 4 processed & payments 4 Revenue
via Internet on IT systems processed
5 5
- Transactions are not recorded Assertion:

COMPLETENESS
PwC
Example scenario
Customer Order is Order shipped =100 Gross

places order processed & payments Revenue
via Internet on IT systems processed 105
Assertion:
ACCURACY
- Sale price is not correct
- Quantity is not correct
- Calculations are not correct
- Transactions are not recorded at the correct amount
PwC
Example scenario
Transaction date
Customer Order is Order shipped Gross

= 29 April 20xx
places order processed & payments Revenue
via Internet on IT systems processed
2 May 20xx
Assertion:
- Transactions are recorded in the wrong accounting CUT-OFF
period
PwC
Example scenario
1
1
2
2
3
3
Customer Order is Order shipped 4 Gross
places order 4 processed & payments Revenue
via Internet on IT systems processed 5
5
6
Assertion:
- Transactions did not occur OCCURENCE
- Transactions are recorded in duplicate
PwC
Client’s Controls
Transactions are Transactions are

Transactions are Inputs are not Transactions did
recorded in the recorded in
not recorded correct not occur
wrong accounts duplicated
Customer Order is Order shipped Financial

places order processed & payments statements
via Internet on IT systems processed produced
Transactions are Transactions are

Transactions do
Calculations are not recorded at recorded in the
not relate to the
not recorded the correct wrong accounting
entity
amount period
Client’s Controls
PwC
The Auditor’s responses to assessed risks
“ The objective of the auditor is to obtain

sufficient appropriate audit evidence
regarding the assessed risks of material
misstatement, through designing and
implementing appropriate responses to
those risks.”
PwC
Relationship between risk and evidence
• Inherent risk: controlled by client ... function of type of business,

degree of liquidity, complexity
• Control risk: controlled by client ... relates to effectiveness of
client's control system in preventing, detecting, and correcting
errors.
• Detection risk: controlled by auditor ... function of nature,
timing, and extent of audit procedures applied ...
• Detection risk = audit risk / (inherent risk * control risk)
Detection risk low ... Detection risk high ...

the more evidence you have to collect the less evidence you have to collect

PwC 20
Q&A

PwC 21

Risk Based Audit - ISA 315 Risk Assessment

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Risk Based Audit - ISA 315 Risk Assessment

Hochgeladen von

Copyright:

Verfügbare Formate

www.pwc.

Our understanding Identify internal Establish audit

Risk Assessment August 2016

ISA 315 Objective:

The objective of the auditor is to identify and assess the risks of

Risk Assessment August 2016

Risk Assessment August 2016

How do I gain my understanding?

Risk Assessment August 2016

The auditor shall obtain an understanding of internal control

Risk Assessment August 2016

Control activities are policies and procedures that help ensure

Risk Assessment August 2016

The design of controls can be described in many ways.

Three major attributes are:

Risk Assessment August 2016

Risk Assessment August 2016

Risk Assessment August 2016

Risk Assessment August 2016

Risk Assessment August 2016

Imagine your client is: What could go

Customer Order is Order Financial

- Transactions are not recorded Assertion:

Customer Order is Order shipped =100 Gross

Customer Order is Order shipped Gross

Transactions are Transactions are

Customer Order is Order shipped Financial

Transactions are Transactions are

“ The objective of the auditor is to obtain

• Inherent risk: controlled by client ... function of type of business,

Detection risk low ... Detection risk high ...

Risk Assessment August 2016

Risk Assessment August 2016

Das könnte Ihnen auch gefallen