00:00:00
hi welcome you once again to audit
00:00:02
snapshots I'm Christine and in this
00:00:04
playlist We Will simplify each phase of
00:00:06
the audit process with clear concept
00:00:08
Maps whether you're brushing up on your
00:00:10
knowledge or gearing up for that big
00:00:11
exam you'll find useful inputs here for
00:00:14
sure if however you desire more detailed
00:00:17
approach Al the undergrad classroom
00:00:18
discussion feel free to check out the
00:00:20
related playlists in my YouTube channel
00:00:22
let's talk audit and insurance so what
00:00:24
are you waiting for let's dive in and
00:00:26
give our audit knowledge database that
00:00:28
much needed boost as I welcome you once
00:00:31
again to another snapshot version this
00:00:33
time we are going to talk about the
00:00:35
financial statements audit client
00:00:37
acceptance audit planning supervision
00:00:39
and monitoring and yes I agree with you
00:00:42
that is quite a mouthful and while we
00:00:45
enjoy the occasional bouet or two I know
00:00:47
that right now what we're really craving
00:00:49
for is bite-sized and so for this
00:00:52
snapshot version we are first going to
00:00:54
focus on the financial statements audit
00:00:56
risk-based audit approach and the audit
00:00:59
risk model and the star of the show of
00:01:02
course is FS audit now the financial
00:01:05
statement audit may be approached by the
00:01:07
auditor from either the traditional
00:01:09
route or the risk-based route so what's
00:01:12
the difference between traditional and
00:01:14
risk-based approach well it's all about
00:01:16
the focus if you think about if you talk
00:01:18
about the traditional FS audit the focus
00:01:21
is more on testing the auditor is
00:01:23
obsessed with testing and the auditor
00:01:26
therefore Endeavors to comprehensively
00:01:28
test all significant transaction and
00:01:30
balances using standardized procedures
00:01:33
let me just point out it doesn't say
00:01:35
test all transactions but rather test
00:01:37
all significant transactions and
00:01:38
balances using standardized procedures
00:01:40
the auditor therefore allocates the
00:01:43
audit resources including his or her
00:01:45
time equally across all significant
00:01:48
transactions and balances to ensure that
00:01:49
they are tested however in terms of the
00:01:52
risk-based fs audit the auditor's focus
00:01:55
is targeted testing having said that it
00:01:58
is risk driven the auditor then
00:02:00
allocates his resources and time to the
00:02:02
areas which pose the highest level of
00:02:04
risk significance is therefore placed on
00:02:07
risk assessment and the risk-based fs
00:02:10
audit is going to be the approach that
00:02:12
we will be using whenever we talk about
00:02:14
financial statement audit across our
00:02:17
discussions on auditing Theory now this
00:02:19
particular approach is characterized by
00:02:21
three distinct phases we of course start
00:02:24
with risk assessment where the auditor
00:02:27
identifies the risk and also EV
00:02:29
evaluates the risk this will help the
00:02:31
auditor determine if there are risks of
00:02:34
material misstatement after that of
00:02:37
course once the auditor has assessed the
00:02:38
risk the auditor cannot just sit idly by
00:02:41
right the auditor has to respond to the
00:02:43
risk giving birth to the second distinct
00:02:45
phase which is risk response and here we
00:02:47
will get to see the Auditors many
00:02:50
different audit procedures in order to
00:02:52
address the risks that have been
00:02:53
previously assessed finally it will be
00:02:55
capped off tied neatly with bow in
00:02:58
conclusion and Report of course let's
00:03:00
put our Focus now on risk assessment and
00:03:03
what better way to do that than to push
00:03:05
to the screen our beloved audit risk
00:03:08
model now I know you're very familiar
00:03:10
with ar equals IR time CR * Dr and when
00:03:14
we talk about AR or audit risk this
00:03:16
refers to the possibility that the
00:03:18
auditor gives an inappropriate
00:03:20
conclusion an inappropriate opinion on
00:03:23
the financial statements which are
00:03:26
materially misstated this then supports
00:03:29
the fact that the audit is not perfect
00:03:33
and we know that the audit is not
00:03:35
perfect because in the first place it
00:03:37
can only provide reasonable Assurance
00:03:40
never absolute Assurance never absolute
00:03:44
assurance and perhaps we still get to
00:03:46
ask the question why can it not provide
00:03:49
absolute Assurance why only reasonable
00:03:51
Assurance well because the audit has
00:03:54
inherent limitations and when we say
00:03:57
inherent limitations these are builtin
00:03:59
limitations to an audit that I would
00:04:01
like to summarize by sin n Cube so just
00:04:06
to remind us that it is not the sin or
00:04:09
the fault of the auditor why an absolute
00:04:12
Assurance cannot be given so what are
00:04:14
these inherent limitations well we start
00:04:17
with the use of testing when the auditor
00:04:20
performs the audit the auditor utilizes
00:04:22
audit sampling and the use of sampling
00:04:26
and we know a sample to be a smaller
00:04:28
subset of the population right right
00:04:30
when the auditor does not test
00:04:32
everything then there is a possibility
00:04:34
that the items or transactions which
00:04:35
were not tested may have contained the
00:04:38
misstatement and this gives rise to
00:04:40
sampling risk another thing that we need
00:04:43
to recognize is that the data that we
00:04:45
are auditing the data that we are
00:04:48
examining are actually products of the
00:04:50
client's internal control system and
00:04:53
having said that the client's internal
00:04:55
control system also has its own inherent
00:04:58
limitations so the inherent limitations
00:05:00
of our client's internal control system
00:05:02
also contributes to the inherent
00:05:04
limitations of our audit now let's just
00:05:08
assume that the auditor is able to test
00:05:10
everything do you think the auditor can
00:05:12
now give absolute Assurance the answer
00:05:15
is of course not because there will
00:05:17
always be human error and that is
00:05:20
represented by non-sampling risk risks
00:05:24
not involved risks not involving the use
00:05:27
of sample such as for example risks
00:05:30
borne out of the auditor's poor judgment
00:05:33
or the auditor's lack of proper planning
00:05:35
the use of ineffective procedures or
00:05:37
simply the inability to properly
00:05:40
interpret the results of the testing all
00:05:43
contribute to non-sampling risk and it
00:05:46
is the very presence of this human error
00:05:49
that makes the audit also imperfect then
00:05:52
we talk about the nature of evidence and
00:05:54
the nature of audit evidence is that it
00:05:57
is persuasive rather than conclusive
00:06:00
meaning to say it simply convinces us
00:06:03
that what we are seeing supports what
00:06:05
management is saying but it is not a
00:06:08
conclusive evidence lastly we talk about
00:06:11
the nature of assertions now in the
00:06:13
conduct of our audit there are certain
00:06:15
assertions whereby we can use or we can
00:06:18
only use Management's representations as
00:06:20
our main evidence the nature of
00:06:23
assertions being that they are made by
00:06:25
management and whether we like it or not
00:06:27
management will also will always have
00:06:29
some form of bias towards the fs which
00:06:32
they are responsible for right and so
00:06:35
because we make use of these assertions
00:06:37
actually we test these assertions so the
00:06:40
nature of the assertion also contributes
00:06:42
to the inherent limitations of an audit
00:06:46
so that my friends simply explained to
00:06:49
us why the audit is not perfect we now
00:06:52
move on to the first component of our
00:06:54
audit risk model and that is of course
00:06:56
inherent risk the word inherent implies
00:06:59
something that is intrinsic something
00:07:02
that is built in something that is by
00:07:04
its very nature and so therefore when we
00:07:07
talk about inherent risk we talk about
00:07:10
no controls in place we assume there are
00:07:13
no controls in place we let the
00:07:15
transaction we let the event we let the
00:07:18
business behave in its natural habitat
00:07:21
assuming no controls in place and
00:07:24
inherent risk is assessed at both the fs
00:07:28
level and the assertion level so what do
00:07:30
we mean by this when we talk about the
00:07:32
fs level just imagine the macro level
00:07:35
can you think about businesses which are
00:07:37
highly regulated say for example
00:07:39
insurance companies we compar that with
00:07:42
businesses which are not highly
00:07:44
regulated like maybe simple commercial
00:07:46
merchandising entities then I think you
00:07:48
will agree with me that highly regulated
00:07:50
businesses like insurance companies or
00:07:52
preed companies pose a higher level of
00:07:55
inherent risk at the fs level another of
00:07:59
looking at it will be perhaps looking at
00:08:03
the entity's uh economic climate or when
00:08:06
or a particular entity economic
00:08:09
environment or economic climate would
00:08:11
also affect the entities inherent risk
00:08:14
at the fs level so FS level refers to
00:08:17
the macro level at the assertion level
00:08:20
on the other hand we get to talk about
00:08:22
transactions balances and events say for
00:08:26
example between cash and office supplies
00:08:29
then most definitely cash will be more
00:08:31
prone to theft right or accounting for
00:08:34
leases versus accounting for prepaid
00:08:36
Insurance then most defitely accounting
00:08:38
for leases would be more complex and
00:08:40
complicated and would thus exhibit a
00:08:43
higher level of inherent risk so once
00:08:45
again when we talk about inherent risk
00:08:47
we assume there are no controls in place
00:08:50
and remember this is assessed at both
00:08:52
the fs level the macro level you talk
00:08:55
about the nature of the entity you talk
00:08:56
about the governance of the entity
00:08:59
everything that affects the entirety of
00:09:01
the fs we call that FS level and at the
00:09:04
assertion level when we now talk about
00:09:06
balances transactions and events now
00:09:09
after inherent risk we have what we call
00:09:11
control risk and control risk
00:09:14
essentially reflects the fact that
00:09:16
internal controls are not perfect this
00:09:18
is in relation to the second inherent
00:09:21
limitation to an audit that we mentioned
00:09:23
where there are also inherent
00:09:25
limitations of the client's internal
00:09:26
controls now our client's internal
00:09:28
control system no matter how
00:09:30
sophisticated no matter how welld
00:09:32
designed and no matter how expensive
00:09:34
they are to design and Implement they
00:09:36
are also not perfect in that internal
00:09:39
controls can also only provide
00:09:41
reasonable assurance and we get to
00:09:43
notice this one whenever we mention
00:09:45
reasonable Assurance there will always
00:09:47
be a subsequent discussion on the
00:09:49
inherent limitations why are internal
00:09:52
controls not perfect because of the
00:09:54
following inherent limitations and I
00:09:56
would like to summarize by the pneumonic
00:09:59
as h o CCR shocker what a shocker right
00:10:03
so here are the inherent limitations to
00:10:05
a client's internal control system well
00:10:07
number one internal control systems are
00:10:10
systems and systems are vulnerable to
00:10:13
breakdowns so the first inherent
00:10:15
limitation is a PO is the always the
00:10:17
vulnerability to a system breakdown
00:10:20
internal controls are also designed and
00:10:23
implemented by human beings even the
00:10:25
most digital controls always have a
00:10:28
human component and so therefore human
00:10:31
error and human limitations would also
00:10:34
contribute to the inherent limitations
00:10:35
of internal controls another inherent
00:10:38
limitation is the possibility of
00:10:41
override to make this one complete it's
00:10:44
the possibility of management override
00:10:47
now we know management is in a position
00:10:49
of power to pause the controls and the
00:10:52
moment the controls are paused the
00:10:54
moment the controls are
00:10:56
overridden then the misstatements could
00:10:58
very will come in unfiltered so the
00:11:01
possibility of management override also
00:11:04
renders the controls to be imperfect
00:11:06
other than that there is also the
00:11:08
possibility of collusion now I know that
00:11:11
you are a little bit familiar or quite
00:11:13
familiar with the concept of segregation
00:11:15
of Duties right where crucial functions
00:11:17
have to be performed at the optimal
00:11:19
level by different people to ensure that
00:11:22
no one commits fraud and gets away with
00:11:24
it
00:11:24
unnoticed pretty neat huh however if you
00:11:27
think about it what if the duties are
00:11:30
segregated but then all of those
00:11:33
occupying the different positions will
00:11:35
collude will connive in order to render
00:11:38
the controls ineffective so there the
00:11:42
possibility of collusion would also
00:11:44
override the effectiveness of the
00:11:46
controls and we acknowledge that there
00:11:49
will always be cost benefit
00:11:51
considerations after all will the the
00:11:54
presence of internal controls are
00:11:56
intended to help the business meet its
00:11:58
objectives therefore for it follows the
00:12:00
business objectives so objectives first
00:12:03
right and so therefore the business
00:12:05
cannot afford to invest heavily on
00:12:07
internal controls if it will just make
00:12:10
their business go bankrupt and so there
00:12:12
will always be cost benefit tradeoffs
00:12:14
and that will of course lead to
00:12:16
imperfect controls and lastly internal
00:12:19
controls are directed towards routine
00:12:22
transactions so much so that if the
00:12:24
business encounters a transaction that
00:12:27
is out of the ordinary then internal
00:12:30
controls are rendered incapable to
00:12:33
address the said extraordinary or
00:12:35
unusual transactions so all of these
00:12:38
contribute to the inherent limitations
00:12:40
of internal
00:12:42
controls now we are saying actually that
00:12:46
inherent risk and sorry before we go
00:12:48
there inter internal controls or control
00:12:50
risk are assessed at the assertion level
00:12:53
so we General talk about control risk at
00:12:55
the micro assertion level but we also
00:12:58
consider it at the fs level because
00:13:01
later on when we talk about the
00:13:02
components of internal controls we get
00:13:04
to see things like the control
00:13:05
environment information and
00:13:07
communication systems which are actually
00:13:09
entity level controls so we consider
00:13:11
this at the fs level or at the entity
00:13:13
level but this is assessed at the
00:13:16
assertion level when you talk about the
00:13:19
assertions when you talk about
00:13:20
transactions when you talk about
00:13:21
balances that is where we normally
00:13:23
assess control risk but considered still
00:13:26
at the fs level now we are saying that
00:13:29
inherent risk and control risk are
00:13:31
actually quite unique in that
00:13:34
collectively we call them the risk of
00:13:35
material misstatement and its nature is
00:13:38
that it cannot be controlled by the
00:13:40
auditor it's
00:13:42
uncontrollable by the auditor with or
00:13:44
without the audit you can't change the
00:13:46
fact that certain businesses are more
00:13:49
risky than others certain transactions
00:13:50
certain events certain balances are more
00:13:52
risky than others you cannot also change
00:13:55
the fact with or without the audit you
00:13:57
can't change the fact that internal
00:13:59
controls are not perfect and because
00:14:01
both of these are uncontrollable by the
00:14:03
auditor the auditor can only assess them
00:14:07
collectively we call them the risk of
00:14:10
material misstatement now one thing I
00:14:13
would like to point out with you regards
00:14:15
the risk of material misstatement is
00:14:16
that rmms can actually be the source or
00:14:19
is the source for that which we call
00:14:22
significant risk now significant risk is
00:14:25
an identified rmm or risk of matal
00:14:28
mistake
00:14:29
where the inherent risk assessment is in
00:14:32
the upper quadrant meaning to say when
00:14:34
the auditor assessed this rmm in terms
00:14:37
of inherent risk there is a high
00:14:39
likelihood for the risk to happen and
00:14:41
there is a high impact should that risk
00:14:44
happen now when the PSAs or the isas
00:14:47
refer to the upper quadrant they
00:14:49
actually simply mean this when you open
00:14:51
for example the XIs and the Y AIS
00:14:54
perhaps looking at Impact versus
00:14:56
likelihood when we talk about
00:14:58
significant risk they are at the upper
00:15:00
quadrant so they represent these data
00:15:03
points okay so once again significant
00:15:06
risk must be number one an identified
00:15:09
risk of material misstatement and number
00:15:10
two they must belong to the upper
00:15:13
quadrant of the inherent risk assessment
00:15:15
for Impact versus likelihood so that's
00:15:19
risk assessment now you may have noticed
00:15:21
we have set aside detection risk for now
00:15:24
because detection risk will belong to
00:15:26
risk response so we talk about detection
00:15:29
risk this is the risk that the auditor
00:15:31
is willing to accept of not detecting
00:15:34
misstatements actually the beauty of
00:15:36
detection risk is that it can be
00:15:39
controlled by the auditor whereas the
00:15:42
auditor might feel a little bit helpless
00:15:44
when we talk about the risk of material
00:15:45
misstatement the auditor will be happy
00:15:48
with detection risk because the auditor
00:15:50
can control detection risk and to
00:15:53
signify the auditor's power to control
00:15:55
detection risk we call it the acceptable
00:15:58
level of detection risk so actually in
00:16:01
the audit risk model when we see Dr
00:16:04
there that actually means the acceptable
00:16:07
level of detection risk and since the
00:16:09
auditor can control detection risk the
00:16:11
auditor also therefore sets audit risk
00:16:14
at the desired level so the complete way
00:16:17
to look at the audit R audit risk model
00:16:20
is desired level of audit risk is equal
00:16:22
to inherent risk times controlers times
00:16:23
the acceptable level of detection risk
00:16:27
now detection risk per se is the risk
00:16:29
that the auditor's procedures will not
00:16:31
be able to detect misstatements in
00:16:35
transactions balances and events notice
00:16:37
a difference in the terminology when you
00:16:39
talk about audit risk this is the risk
00:16:41
that the auditor gives an inappropriate
00:16:42
opinion on the financial statements
00:16:45
macro level right but when we talk about
00:16:47
detection risk this is the risk that the
00:16:49
auditor procedures will not be able to
00:16:52
detect M statements of transactions
00:16:54
balances and events it's on a more micro
00:16:57
level and so therefore when you talk
00:16:59
about the acceptable level of detection
00:17:01
risk this is the risk that you are
00:17:03
willing to accept of not being able to
00:17:06
detect the misstatements and how does
00:17:08
the
00:17:09
auditor um exercise or how does the
00:17:12
auditor respond to this willingness we
00:17:15
have to understand that the acceptable
00:17:16
level of detection risk actually Bears
00:17:18
an inverse relationship to audit effort
00:17:21
so if you think about it if the risk of
00:17:23
material misstatement is high but you
00:17:26
still chose to accept that client then
00:17:28
the audit 's acceptable level of
00:17:30
detection risk should be low in order to
00:17:33
balance the whole equation right again
00:17:35
if the risk of material misstatement is
00:17:37
high and the auditor still chose to
00:17:39
accept that client then the auditor must
00:17:41
set his acceptable level of detection
00:17:44
risk to low in order to balance the
00:17:47
equation now when the auditor sets the
00:17:49
acceptable level of the texis to a low
00:17:51
level that means the auditor is going to
00:17:54
be very strict in the conduct of the
00:17:56
audit and because the auditor wishes to
00:17:59
Embrace a more strict approach then the
00:18:01
auditor's audit effort will be magnified
00:18:04
the auditor will have more extensive
00:18:05
testing and I think it makes sense right
00:18:08
if you accept a client that has a lot of
00:18:10
red flags then you must do a lot of
00:18:13
testing in order to somehow mitigate no
00:18:18
the risk that you have identified so
00:18:20
therefore the acceptable level of
00:18:21
detection risk Bears an inverse
00:18:23
relationship on the contrary if the risk
00:18:26
of material misstatement is low because
00:18:28
the client business is relatively
00:18:31
straightforward the controls are
00:18:32
relatively good as well the design is
00:18:35
good the implementation the operating
00:18:37
Effectiveness shows strong controls then
00:18:40
the auditor will set the acceptable
00:18:42
level I repeat acceptable level of
00:18:45
detection risk to high so if the auditor
00:18:48
is willing to accept a high level of
00:18:50
risk then the auditor will be on chill
00:18:53
mode and because the auditor will be on
00:18:55
chill mode the auditor will test less
00:18:59
this is what we mean by the inverse
00:19:00
relationship to audit effort now to
00:19:03
further illustrate the auditor's risk
00:19:05
response via the acceptable level of
00:19:08
detection risk we understand that the
00:19:10
auditor
00:19:12
responds by looking at or tweaking the
00:19:15
nature timing and extent of his or her
00:19:19
testing what do we mean by this when the
00:19:21
acceptable level of detection risk is
00:19:23
low meaning to say the risk that you are
00:19:25
willing to accept is low that means the
00:19:27
auditor must be taken on the stricter
00:19:29
route or the stricter approach yes and
00:19:31
if the auditor goes on the stricter
00:19:33
approach then the auditor will choose
00:19:36
the nature of the procedures from less
00:19:38
effective to more effective think about
00:19:41
the choice between simply getting a
00:19:43
certification versus actually doing the
00:19:45
cash count so if the auditor is strict
00:19:47
the auditor will insist on the cash
00:19:49
count that is if the acceptable level of
00:19:51
detection risk is low on the other hand
00:19:55
if the auditor takes on a stricter
00:19:56
approach meaning to say acceptable level
00:19:59
detection is low then the auditor will
00:20:01
endeavor to test the entire period under
00:20:03
audit and will test as close to the
00:20:06
balance sheet date as possible to ensure
00:20:09
that the entirety of the audit period is
00:20:11
covered however if if the acceptable
00:20:13
level of detection R is high meaning to
00:20:15
say the auditor is on a relaxed mode
00:20:18
then the auditor may use interum testing
00:20:21
lastly when we talk about the extent
00:20:23
well this has got something to do with
00:20:24
the sample size and the actual testing
00:20:26
of the auditor so when the auditor is St
00:20:29
meaning acceptable level dctionary is
00:20:31
low then the auditor will endeavor to
00:20:33
use a larger sample size as compared to
00:20:36
when the auditor is in a relaxed mode
00:20:38
meaning acceptable level of detection
00:20:40
RIS is high whereby the auditor can use
00:20:42
a smaller sample size so there you have
00:20:45
it risk assessment risk response and of
00:20:48
course later on after the auditor has
00:20:51
performed his or her testing the auditor
00:20:53
will then collate all of these results
00:20:55
and will have to come up with his or her
00:20:58
audit opinion and that is what's going
00:21:00
to happen under conclusion and Reporting
00:21:02
but all for another concept map and
00:21:05
that's it we have just effectively given
00:21:08
the bite-size piece for financial
00:21:11
statement audit particularly risk-based
00:21:12
FS audit approach so to everyone good
00:21:15
job heading over to the next concept map
00:21:18
or you may want to answer some mcqs
