Chapter

10:
UNDERSTANDING THE ENTITY
and
its Environment
Performance of risk
assessment procedures
to identify/ assess risk of
material misstatement
through understanding
the entity.

PHASE I-C:
The Standards presents an overview of the requirements such as:
I. Risk assessment procedures and sources of information about the
entity and its environment, including its internal control.
II. Understanding the entity and its environment, including its
internal control.
III. Identifying and assessing of the risks of material misstatements.
IV. Materials weakness in internal control.
V. Documentation
I. Risk assessment procedures and sources of
information about the entity and its
environment, including its internal control.

Obtaining an understanding of the entity and its environment, including its

internal control is a continuous, dynamic process of gathering, updating and
analyzing information throughout the audit.

“Risk assessment Procedures” –PSA 500

 Your Picture Here and Send to Back

RISK
ASSESSMENT
Procedures
a) Inquiries of management and others within the entity
b) Analytical Procedures; and
c) Observation and Inspection

The auditor is not required to perform all the risk

assessment procedures described above for each aspect of
the understanding described in paragraph 20 of PSA 315.
However, all the risk assessment procedures are performed
by the auditor in the course of obtaining the required
understanding.
 Inquiries directed towards those charged with Your Picture Here and Send to Back
Inquiries
governance maydirected towards
help the auditor those chargedthe
understand with
governance may in
environment help the auditor
which understand
the F.S are the
prepared.
environment in which the F.S are prepared.
Inquiries directed toward internal audit personnel
Inquiries
may directed
relate to toward internal
their activities audit
concerning thepersonnel
design
may relate to their activities concerning the design

Example
and effectiveness of the entity’s internal control
and
andeffectiveness of the entity’s
whether management internaltocontrol
responded any
and whether findings
management responded to
from these activities.any
findings from these activities.
Inquiries of employees involved in initiating,

s
Inquiries of
processing or employees involved or
recording complex in unusual
initiating,
processing
transactions mayorhelp
recording complex
the auditor or unusual
in evaluating
transactions may help of
the appropriateness thethe
auditor in evaluating
selection and the
the appropriateness of the selection and the
application of certain accounting policies.
application of certain accounting policies.
Inquiries directed toward in-house legal counsel may
relateInquiries directedastoward
to such matters in-house
litigation, legal counsel
compliance may
with laws
relate
and to such matters
regulations, as litigation,
knowledge of fraudcompliance
or suspectedwith laws
fraud
and regulations,
affecting knowledge
the entity, of fraud
warranties, or suspected
post-sales fraud
obligations,
affecting the entity,
arrangements (suchwarranties, post-sales
as joint ventures) withobligations,
business
arrangements
partners and the meaning of contract business
(such as joint ventures) with terms.
partners and the meaning of contract terms.

Inquiries directed towards marketing or sales personnel may

Inquiries
relate to directed towards
changes in marketing
the entity’s or sales
marketing personnel
strategies, may
sales
relate
trends,toor
changes in thearrangements
contractual entity’s marketing strategies,
with its sales
customers.
trends, or contractual arrangements with its customers.
 Observation and Inspection
• Observation of entity activities and operations.
• Inspections of documents, records and internal control manuals.
• Reading reports prepared by management and those charged with
governance.
• Visits to the entity’s premises and plant facilities.
• Tracing transactions through the information system relevant to financial
reporting (walk-throughs)

When the auditor intends to use information about the entity and its environment
obtained in prior periods, the auditor should determine whether changes have
occurred that may affect the relevance of such information in the current audit.

The members of the engagement team should discuss the susceptibility of the
entity’s F.S to material misstatements.
The auditor’s understanding of the entity and its
environment consists of an understanding of the following
aspects:

Relevant industry, regulatory, and other The entity’s selection and

external factors including the applicable application of accounting policies
financial reporting framework

The entity’s objectives and

The nature of the entity, including: strategies and those related business
i. its operation risks that may result in risks that
ii. Its ownership and governance structures may result of material misstatement
iii. The types of investments that entity is
making and plans to make; and
iv. The way that the entity is structured and The measurement and review of the
how it is financed, to enable the auditor to entity’s financial performance.
understand the classes of transactions,
account balances and disclosures to be
expected in the F.S.
A. Industry, Regulatory and
Other External Factors,
including the Applicable
Financial Reporting
Framework
The auditor should obtain
an understanding of
relevant industry,
regulatory, and other
external factors including
the applicable financial
reporting framework.
 Many firms have adopted a financial model to evaluate the client’s
industry that considers the attractiveness and other characteristics of
the industry. Considering the overall attractiveness of the industry, they
consider such factor as:

Bargaining
Bargaining
Barriers Strength Power of
Suppliers of
Power of
to of
Contents
Raw Here
Materials Customers
Entry Competitors
and Labor
 In most cases, the applicable financial reporting framework will be that of
the jurisdiction in which the entity is registered or operates and the auditor is
based, and the auditor and the entity will have a common understanding of
that framework. In some cases there may be no local financial framework.
 Examples of matters an auditor
may consider
INDUSTRY CONDITIONS REGULATORY ENVIRONMENT
-Accounting principles and industry
01 - The market and competition,
including demand, capacity, and price
specific practices.
- Regulatory framework for regulated
competition. industry.
-- Cyclical or seasonal activity. - Legislation and regulation that
-- Product technology relating to the
entity’s products.
02 significantly affect the entity's
operations.
-- Energy supply and cost - Regulatory requirements.
- Direct supervisory activities.
-Taxation (corporate and other).
- Government policies currently
affecting the conduct of the entity’s
business.
OTHER EXTERNAL FACTORS - Monetary, including foreign exchange
AFFECTING THE ENTITY’S controls
03 BUSINESS
-General level of economic activity (for
- Fiscals
-- Financial incentives (for example,
example, recession, growth) government aid programs.
- Interest rates and availability of - Tariffs, trade restrictions
financing. -- Environmental requirements
- Inflation, currency revaluation. affecting the industry and the entity’s
business.
 B. Nature Of Entity

The auditor should obtain an

understanding of the nature
of the entity. The nature of an
entity refers to the entity’s
operations, its ownership and
governance, the types of
investments that it is making
and plans to make, the way
that the entity is structured
and how it is financed.
 Example: Manufacturing Company

Auditors will obtain an understanding of:

• The processes used to procure, store, and manage raw materials.
• The processes used to machine, assemble, package, and test products.
• The processes used to create demand for products and services and to
manage relations with customers.
• The processes used to establish contract terms and to bill and collect
receivables.
•The processes used to take orders and deliver goods.
• The activities performed after the goods and services have been delivered.
• The processes used to acquire and maintain human resources, technology
including research and development.
 The auditor should obtain an understanding of the entity’s selection and
application of accounting policies and consider whether they are appropriate
for its business and consistent with the applicable financial reporting
framework and accounting policies used in financial relevant industry.
 Your
YourPicture
Picture Here
Here and
and Send
Send to
to Back
Back

Examples of matters and auditor may consider include the

The presentation of financial
statements in conformity with
the applicable financial
reporting framework includes
disclosure of material matters.
These matters relate to the
form, arrangement, and content
of the financial statements, and
their appended notes. The
auditor considers whether the
entity has disclosed a particular
matter appropriately in light of
the circumstances and facts of
which the auditor is aware at the
time.
following:
BUSINESS OPERATIONS
• Nature of revenue
• Products or services
• Conduct of operations
• Alliances, joint ventures, and outstanding activities
• Involvement in electronic commerce, including internet sales
and marketing activities.
• Geographic dispersion and industry segmentation
• Location of production facilities, warehouses, and offices
• Key customers
• Important supplier of goods and services
• Employment
• Research and development activities
• Transactions with related parties
 INVESTMENTS
Acquisitions, mergers, or disposals of
business activities (planed or recently
executed)
• Investments and dispositions of
securities and loans
• Capital investment activities,
including investment in plant and
equipment and technology, and any
recent or planned changes
• Investments in non-consolidated
entities, including partnerships, joint
ventures and special-purpose entities
FINANCING
Group structure – major subsidiaries
and associated entities, including
consolidated and non consolidated
structures
• Debt structure, including covenants,
restrictions, guarantees, and off-
statement of financial position and
financing arrangements
• Leasing of property, plant and
equipment for use in the business
• Beneficial owners (local, foreign,
business reputation and experience)
• Related parties
• Use of derivative financial
instruments
FINANCIAL REPORTING

Accounting principles and industry specific practices

• Revenue recognition practices
• Accounting for fair values
• Inventories
• Foreign currency assets, liabilities and transactions
• Industry-specific significant categories
• Accounting for unusual or complex transactions including those in
controversial or emerging areas
• Financial statement presentation and disclosure
 C. OBJECIVES AND
STRATEGIES AND
RELATED BUSINESS
RISKS

The auditor should obtain an

understanding of entity’s
objectives and strategies and the
related business risks that may
result in material misstatement
of the financial statements.
 EXAMPLES OF MATTERS AN AUDITOR MAY CONSIDER
INCLUDE THE FOLLOWING:

EXISTENCE OF OBJECTIVES

Industry development Regulatory requirements

New products and services Use of IT

Add Text
Expansion of the business Current & prospective Easy to change
requirements colors, photos
and Text.

New accounting requirements

EFFECTS OF IMPLEMENTING A
STRATEGY, PARTICULARLY ANY
EFFECTS THT WILL LEAD TO NEW
ACCOUNTING REQUIREMENTS
D. MEASUREMENT AND
REVIEW
OF THE ENTITY’S
FINANCIAL
PERFORMANCE
The auditor should obtain 
an understanding of
the measurement and revi
ew of the entity's financial
performance.
 Much of the information used in
 Much of the information used in
performance measurement
performance measurement
may be produced by the
may be produced by the
entity’s information system.
entity’s information system.
Examples of matters an auditor may consider include the following:

Key ratios and operating statistics

Key performance indicators

Employee performance measures and

Incentive compensation policies

Trends

Use of forecasts, budgets and

variance analysis

Analyst reports and credit rating reports

Competitor analysis

Period ­on-period financial performance

 E. IDENTIFYING AND
ASSESSING THE RISKS
OF MATERIAL
MISSTATEMENT
The objective of the auditor is to
identify and assess the risks of
material misstatement, whether
due to fraud or error, at the
financial statement and assertion
levels thereby providing a basis
for designing and implementing
responses to the assessed risks
of material misstatement.
Requirements:
RISK ASSESSMENT PROCEDURES AND
RELATED ACTIVITIES
1. The auditor shall design and perform risk assessment procedures
to obtain audit evidence that provides an appropriate basis.
- the identification and assessment of risks of material misstatement, whether due to
fraud or error, at the financial statement and assertion level.

2. The risk assessment procedures shall include the following:

- inquiries of management and of other appropriate individuals within the entity.

- analytical procedures
- observation and inspection
Requirements:
ENGAGEMENT TEAM DISCUSS
The engagement partner and other key engagement team
members shall discuss the application of the applicable
financial statements to material misstatements.
Requirements:
UNDERSTANDING THE ENTITY
1. The auditor shall perform risk assessment procedures to obtain
the understanding of:
- the entity’ organizational structure
- the applicable financial reporting framework
- how inherent risk factors affect susceptibility of assertions to misstatement and
the degree to which they do so, in the preparation of the financial statements in
accordance with the applicable financial reporting framework, based on the
understanding obtained in a and b.

2. The auditor shall evaluate whether the entity’s accounting policies

are appropriate and consistent with the applicable financial reporting
framework.
Requirements:
CONTROL ENVIRONMENT
The auditor shall obtain an understanding of the control environment
relevant to the preparation of the financial statements, through performing
risk assessment procedures.
 Requirements:
IDENTIFYING AND ASSESSING THE RISKS
OF MATERIAL MISSTATEMENTS
The auditor shall identify the risk of material
misstatement and determine whether they exist at:

- the financial statement level

- the assertion level for transactions, account balances and disclosures.
F. ASSESSING INHERENT
RISK AND CONTROL RISK
AT THE ASSERTION
LEVEL
 Auditors in designing audits, consider factors that affect the risk of
material misstatements at the financial statement level and at the
assertion level.

In performing audits, auditors test the validity of financial statement

assertions that relate to classes of transactions, account balances, and
financial statement disclosures.

At the assertion level, a misstatement is material if it exceeds the

tolerable misstatement specified for the assertion.

At the assertion level, a misstatement is material if it exceeds the

tolerable misstatement specified for the assertion.

 The risk that a financial statement assertion is materially misstated is

frequently referred to as risk of the assertion level.

o Financial statement assertions are not equally subject to misstatements.

AUDIT
Audit Risk= Inherent risk x Control risk x Detection risk
RISK
Possibility that
the auditors fail (1) A material misstatement in an assertion about the account
to appropriately has occurred, and
modify their
opinion on the (2) The auditors do not detect the misstatement.
financial
statements that
are materially
misstated.
 AUDIT RISK

The risk that the The risk that the auditor

assertion contains a will not detect a material
material misstatement. misstatement.

Inherent Control Detection

Risk Risk Risk

Is the susceptibility of an
account balance or class
of transactions to
misstatement that could be
material, individually or
when aggregated with
misstatements in other
balances or classes,
assuming there are no
related internal control.
Is the risk that a Is the risk that an auditor’s SAMPLING
misstatement, that could substantive procedures
occur in an account will not detect a RISK
balance or class of misstatement that exists in
transactions and that an account balance or
could be material , class of transactions that
NON
individually or when could be material, SAMPLING
aggregated with individually or when RISK
misstatements in other aggregated with
balances or classes. misstatements in other
balances or classes.
 To assess inherent risk, the auditor uses professional judgment to
INHERENT evaluate numerous factors, example which are:

RISK
At the Financial Statement Level
• The integrity of the management
• Management experience and knowledge and changes in management during for
the period.

• Unusual pressure on management

• The nature of the entity’s business

• Factors affecting the industry in which the entity operates

 Inconsistent profitability relative to the
01 industry.

Factors that are

Operating results that are highly sensitive
02 to economic factors; indicative of high
inherent risk for
03 Going concern problems; the assertions
about many
Large known and likely misstatements accounts in the
04 detected in prior audits client’s financial
Substantial turnover, questionable statements
05 reputation, or inadequate accounting skills
of management.
Assertions with high inherent
risk often involve:
01 Difficult to audit transactions or balances

02 Complex calculations

03 Difficult accounting issues.

04 Significant judgment

05 Valuations that vary significantly based on economic factors.

CONTROL
Risk
This is the risk that a
material error in an
account will not be
prevented or detected
on a timely basis by
the client’s system of
internal control.
 Financial To assess control risk
Statements auditors study the
methods and
Accurate procedures by which
Complete the company controls
its accounting
processes.

To obtain an understanding of the client’s internal control

procedures and determine whether they are designed and
operating effectively, the auditors use a combination of:

Inquiry Inspection Observation Reperformance

procedures
Preliminary Assessment
of Control Risk
After obtaining an understanding of the
accounting and internal control systems,
the auditor should make a preliminary
assessment of control risk.
It is the process of evaluating
It is the process of evaluating
the effectiveness of an entity’s
the effectiveness of an entity’s
accounting and internal control
accounting and internal control
systems in preventing or
systems in preventing or
detecting, and correcting
detecting, and correcting
material misstatements.
material misstatements.
01
The auditor ordinarily assesses control risk at a
high level for some or all assertions when:
a) the entity’s accounting and internal control
systems are not effective; or
b)evaluating the effectiveness of the entity’s
accounting and internal control systems would
not be efficient
The preliminary assessment of control risk for a
02 financial statement assertion should be high
unless the auditor:
a) is able to identify internal controls relevant to the
assertion which are likely to prevent or detect,
and correct a material misstatement; and
b)plans to perform tests of control to support the
assessment
 .

01 The auditor should document in the audit

working papers:

Documentation of
Understanding and
Assessment of Control
Risk
a) the understanding obtained of the entity’s
accounting and internal control systems; and
b)the assessment of control risk
DETECTION
Risk
This refers to the risk that the auditor’s
examination will not detect a material
error in an account balance.
The level of detection risk relates directly to
The
the level of detection
auditor’s riskprocedures.
substantive relates directly
Theto
the auditor’s
auditor substantive
should consider procedures.
the assessed The
levels
ofauditor should
inherent considerrisks
and control the in
assessed levels
determining
of nature,
the inherenttiming
and control risksofinsubstantive
and extent determining
the nature,required
procedures timing and extent of
to reduce substantive
audit risk to
procedures required
an acceptably low level. to reduce audit risk to
an acceptably low level.
G. USING THE AUDIT RISK
MODEL TO DETERMINE
THE NATURE, TIMING,
AND EXTENT OF AUDIT
PROCEDURES
 Called the audit risk mode, auditors use this
Audit Risk = Inherent Risk x Control Risk x Detection Risk relationship to determine the nature, timing,
and extent of audit procedures to manage
AR = IR x CR x DR and control audit risk.

Steps to determine Allowable Detection Risk

An auditor plans audit
risk for each financial
statement assertion
so that he or she will
be able to express an
opinion on the
financial statements
taken as a whole.
Determine
Planned 01
Audit Risk
This assessment implies If after the auditor has It is the amount of risk
that the auditor obtained an the auditor can allow
attempts to predict understanding of for an assertion or a
where misstatements internal control and measure of the risk
are most and least likely concludes that they’re that audit evidence for
in the financial completely ineffective, a segment will fail to
statement segments. the auditor would assign detect misstatements.
a high risk factor to
control risk.
Solve Equation
to Determine
Assess Assess
Inherent Risk 02 Control Risk 03 Allowable 04
Detection Risk
The following are the major factors that should be considered
when assessing inherent risk:
 The following are the major factors that should be considered
when assessing inherent risk:

NATURE OF THE CLIENT’S

BUSINESS
• Inherent risk is most likely to vary from business to business.
INTEGRITY OF MANAGEMENT
• When management is dominated by one or a few individuals who lack integrity,
the likelihood of significantly misrepresented financial statements is greatly
increased.
CLIENT MOTIVATION
• For example, if management receives a percentage of total profits as a bonus,
there may be a tendency to overstate net income.
RESULTS OF PREVIOUS
AUDITS

• Because many types of misstatements are systemic in nature and

organizations are often slow in making changes to eliminate them,
misstatements found in the previous year’s audit have a high likelihood of
occurring again in the current year’s audit and inherent risk will likely be
assessed as high.

ITIAL VS. REPEAT

ENGAGEMENT

• The lack of previous year’s audit results would cause most auditors to use a
larger inherent risk for initial audits that for repeat engagement in which no
material misstatements had been found.
RELATED
RELATEDPARTIES
PARTIES

• Transactions between parent and subsidiaries or those between

management and the corporate entity are examples of related-party
transactions.

NONROUTINE TRANSACTIONS

• Universal transactions where the client lacks experience in recording them

might result in incorrect recording.

SUSCEPTIBILITY TO DEFALCATION

• When the likelihood of defalcation or converting company asset to personal

use is high, inherent risk is increased.
JUDGEMENT REQUIRED TO CORRECTLY RECORD .
ACCOUNT BALANCES AND TRANSACTIONS

• For accounts, the balance of which is subject to

estimates or a great deal of management judgment,
inherent risk is relatively high.

MAKE UP OF POPULATION

• The composition of the total population would also

affect the auditor’s expectation of material
misstatement.
 Your
YourPicture
Picture Here
Here and
and Send
Send to
to Back
Back

Step 4
DETERMINE ALLOWABLE DETECTION RISK
Step 3
ASSESS CONTROL RISK
Allowable detection risk or Planned detection risk is the
amount of risk the auditor can allow for an assertion or a
Control risk represents
measure of the risk that audit evidence for a segment will
(1) an assessment of whether a
fail to detect misstatements exceeding a tolerable
client’s internal controls are
amount, should such misstatements exist.
effective for preventing and
detecting misstatements, and
There are two key points about planned detection risk:
(a) It is dependent on the other three factors in the
(2) the auditor’s intention to make
model.
that assessment at a level below
(b) It determines the amount of substantial evidence that
the maximum (100%) as part of
the auditor plans to accumulate, inversely with the
the audit plan.
size of planned detection risk.
Where:

PDR = planned detection risk AAR

__________
AAR = acceptable audit risk PDR = IR x CR
IR = inherent risk
CR = Control Risk
 Where:
The audit risk model for evaluating audit results is:
AcAR = Achieved Audit Risk
AcDR = Achieved Detection
AcAR = IR x CR x AcDR Risk
IR = Inherent risk
CR = Control Risk
 Although research The formula shows that there are three
ways to reduce achieved audit risk to an
indicates that it is not
acceptable level:
appropriate to use the
formula to calculate 01 Reduce Inherent Risk
achieved audit risk, the
relationships in the
formula are valid and 02 Reduce Control Risk
should be used in
practice. 03 Reduce achieved detection risk by increasing
substantive audit tests
 Audit Risk in the Small Business
 The auditor needs to obtain the same level of assurance in order to express an
unqualified opinion on the financial statements of both small and large entities.