Available Media: Print: $248.00 CD-ROM/DVD: $248.00
Also available on Checkpoint - call 800.323.8724, option 1 for more information.
Your best source for illustrative filled-in practice aids. All required planning forms and more are illustrated in the context of real-life case studies.
PPC’s Guide to Audit Risk Assessment provides you with the analysis and tools you need to effectively and efficiently apply audit risk assessment in all of your audit engagements
This Guide gives you a complete package of tools, including:
Detailed analysis of the standards and their requirements.
Practice aids for performing and documenting risk assessment.
Easy-to-understand practical guidance on applying risk assessment, including best practices, case studies, and illustrative documentation, all aligned with the PPC audit approach that you rely on.
Tools to communicate with your clients on important topics, including PowerPoint slides and scripts.
Use this Guide to train your staff, improve your audit process, and add value for your clients.
TOC for GRA
INTRODUCTORY MATERIAL
PREFACE
HOW TO USE THE GUIDE
ACKNOWLEDGMENTS
ACKNOWLEDGMENT OF COPYRIGHTS
ACKNOWLEDGMENT OF TRADEMARKS
ABOUT THE AUTHORS. . .
LIST OF SUBSTANTIVE CHANGES AND ADDITIONS
CHAPTER 1: INTRODUCTION
100 INTRODUCTION AND BACKGROUND INFORMATION
Introduction
Background Information
SAS No. 99, Consideration of Fraud in a Financial Statement Audit.
Risk Assessment Project.
What Is Risk Assessment?
Planning Is the Key.
Risk Assessment Standards
Effective Date.
Integration of SAS No. 99.
Key Provisions of the Standards.
Key Provisions in the Risk Assessment Standards and How They Differ from Previous Standards.
Questions and Answers on the Risk Assessment Standards.
New and Revised Terminology
Audit Strategy.
Audit Plan.
Relevant Assertions.
Significant Risks.
Risk Assessment Procedures.
Risk of Material Misstatement.
Further Audit Procedures.
Other Terms.
Related Auditing Standards
Clarity Standard.
Unconditional Requirements in the Risk Assessment Standards.
Presumptively Mandatory Requirements in the Risk Assessment Standards.
Other Standards Issued by the AICPA.
Other AICPA Guidance
Audit Risk Alert.
Audit Guide.
101 THE PPC AUDIT PROCESS
The PPC Audit Process
Practice Aids
PPC's Industry Audit Guides.
Implementing and Applying the PPC Audit Process Using This Guide
Initial Implementations.
Subsequent Engagements.
102 SCOPE OF THIS GUIDE
Generally Accepted Auditing Standards
How to Use This Guide
Overview of This Guide
Appendix A.
Appendix B.
Appendix C.
APPENDIX 1A: Key Provisions of the Risk Assessment Standards and How They Differ from Previous Standards
APPENDIX 1B: Key Questions and Answers on the Risk Assessment Standards
APPENDIX 1C: Letter to Client Communicating Risk Assessment Standards
APPENDIX 1D: Client Presentation
CHAPTER 2: RISK ASSESSMENT PROCEDURES AND GENERAL AUDIT PLANNING
200 INTRODUCTION
An Overview of the Risk Assessment Perspective
The Distinction among Procedures, Understanding, and Decisions and Judgments
Procedures Performed.
Understanding Obtained.
Decisions and Judgments Made.
Summary of Risk Assessment Process.
The Sequence of Audit Planning from the Risk Assessment Perspective
Organization of This Chapter
201 RISK ASSESSMENT AND OTHER PLANNING PROCEDURES
Types of Risk Assessment Procedures
Nature, Timing, and Extent--General Considerations.
Using the Results of Risk Assessment Procedures Performed in Prior Periods.
Preliminary Engagement Activities
Acceptance/Continuance and Compliance with Ethical Requirements.
Establishing an Understanding with the Client.
Documentation.
Inquiries of Management and Others
Matters and Parties of Inquiry.
Does the Extent of Inquiries Change under the Risk Assessment Standards?
Documentation.
Preliminary Analytical Procedures
The Value of Preliminary Analytical Procedures in Risk Identification.
Do the Risk Assessment Standards Change Practice for Preliminary Analytical Procedures?
Documentation.
Observation and Inspection
Do the Risk Assessment Standards Change Practice for Observation and Inspection during Audit Planning?
Documentation.
Discussion among the Engagement Team
Matters to Be Discussed.
Impact on Significant Audit Areas.
Who Should Attend the Discussion?
When Should the Discussion Occur?
Other Matters That May Be Discussed.
Do the Risk Assessment Standards Change Practice for Audit Team Discussions during Audit Planning?
Documentation.
Summary of Changes in Audit Requirements
202 THE UNDERSTANDING ABOUT THE ENTITY AND ITS ENVIRONMENT
Components of the Understanding
Documentation.
Purpose of This Section.
Industry, Regulatory, and Other External Factors
Possible Risk Assessment Procedures and Factors to Consider.
Business and Other Risks.
Nature of the Entity
Risk Assessment Procedures and Factors to Consider.
Business and Other Risks.
Objectives, Strategies, and Related Business Risks
Risk Assessment Procedures and Factors to Consider.
Identifying Business Risks.
Measurement and Review of the Entity's Financial Performance
Risk Assessment Procedures and Factors to Consider.
Business and Other Risks.
Selection and Application of Accounting Policies
Risk Assessment Procedures.
Evaluating the Selection and Application of Accounting Policies to Identify Risks.
Fraud Risk Factors
Summary of Changes in Audit Requirements
203 THE UNDERSTANDING OF INTERNAL CONTROL
Components of Internal Control
Nature of the Auditor's Understanding
Extent of the Auditor's Understanding
Understanding Controls Related to Significant Risks and Risks for Which Substantive Procedures Alone are Not Sufficient
Effect of Information Technology (IT) on Internal Control
Benefits and Risks of IT.
Examples of How IT Affects Internal Control.
Considering Whether Specialized IT Skills Are Needed to Understand Internal Control.
How Are the Results of the Understanding Used?
A Practical Approach for Obtaining an Understanding of Internal Control
Develop an Overall Strategy for Understanding Internal Control.
Perform Scoping Activities.
Evaluate the Design and Implementation of Entity-level Controls.
Evaluate the Design and Implementation of Activity-level Controls.
Document the Understanding of Internal Control.
Considering Control Objectives and Key Controls
Control Objectives.
Key Controls.
Do Not Forget about Complementary Controls and Controls over Spreadsheets.
Consider Segregation of Duties.
Summary of Changes in Audit Requirements
Do the Risk Assessment Standards Change Previous General Requirements?
204 UNDERSTANDING ENTITY-LEVEL CONTROLS
Control Environment
What Is the Control Environment?
Control Objectives.
Risk Assessment Procedures and Factors to Consider.
Considering Management Control Consciousness.
Small Business Considerations.
Impact of the Control Environment in Assessing Risk.
Effect of Information Technology on the Control Environment.
Documentation of the Control Environment.
Risk Assessment
The Entity's Fraud Risk Assessment and Monitoring.
Control Objectives.
Small Business Considerations.
Risk Assessment Procedures and Factors to Consider.
Documentation of the Client's Risk Assessment Process.
Information and Communication
Information.
Communication.
Documentation of the Understanding of Information and Communication.
Monitoring
Small Business Considerations.
Risk Assessment Procedures and Factors to Consider.
Consideration of Internal Audit Function.
Documentation of the Client's Monitoring Process.
205 UNDERSTANDING ACTIVITY-LEVEL CONTROLS
Financial Reporting System
Identifying Significant Transaction Classes.
Understanding the Flow of Information for Significant Transaction Classes.
Understanding the Financial Close and Reporting Process.
Control Objectives.
Risk Assessment Procedures.
Walkthroughs.
Documentation of the Understanding of the Financial Reporting System.
IT Environment and General Computer Controls
IT Environment.
General Computer Controls.
Documentation of the IT Environment and General Computer Controls.
Control Activities
Small Business Considerations.
Obtaining an Understanding of Control Activities.
When is an Additional Understanding of Control Activities Necessary?
Case Study on Extent of Understanding of Control Activities.
Documenting Activity-Level Controls
Documenting the Financial Reporting System and Walkthroughs.
Documenting the IT Environment and General Computer Controls.
Documenting Control Activities.
206 PLANNING DECISIONS AND JUDGMENTS
Determining Materiality at the Financial Statement Level
Quantifying Planning Materiality.
Desirability of a Single Benchmark.
Benchmarks.
Selecting a Percentage.
Audits of a Single Financial Statement.
Consideration of Industry Characteristics in Making a Preliminary Judgment.
Sources of Amounts for Worksheet.
Determining Materiality for Particular Items of Lesser Amounts
Documenting Planning Materiality Using the PPC Approach
Assessing Risks of Material Misstatement at the Financial Statement Level
Assessing and Responding to Risks at the Financial Statement Level.
Documentation.
Establishing an Overall Audit Strategy
Other Audit Strategy Considerations.
Timing of Developing the Audit Strategy.
Communicating with Those Charged with Governance.
Documentation.
Summary of Changes in Audit Requirements
APPENDIX 2A: Forms Used During General Audit Planning
APPENDIX 2A-1: CX-2: Financial Statement Materiality Worksheet for Planning Purposes
APPENDIX 2A-2: CX-3.1: Understanding the Entity and Its Environment
APPENDIX 2A-3: CX-3.2: Engagement Team Discussion
APPENDIX 2A-4: CX-3.3: Fraud Risk Inquiries Form
APPENDIX 2A-5: CX-4.1: Understanding the Design and Implementation of Internal Control
APPENDIX 2A-6: CX-4.2: Financial Reporting System Documentation Form--Instructions
APPENDIX 2A-7: CX-4.2.1: Financial Reporting System Documentation Form--Significant Transaction Classes
APPENDIX 2A-8: CX-4.2.2: Financial Reporting System Documentation Form--IT Environment and General Computer Controls
APPENDIX 2A-10: CX-5: Activity and Entity-level Control Forms
APPENDIX 2A-11: CX-6.1: Risk Identification Form
APPENDIX 2A-12: CX-6.2: Fraud Risk Factors
APPENDIX 2B: Common Control Objectives by Audit Area and Transaction Class
APPENDIX 2C: Client Presentation--"Assessing Financial Statement Risks and Internal Controls"
CHAPTER 3: ASSESSING AND RESPONDING TO IDENTIFIED RISKS--DEVELOPING THE DETAILED AUDIT PLAN
300 INTRODUCTION
301 TOLERABLE MISSTATEMENT
Determining Tolerable Misstatement
Using the PPC Approach to Determine Tolerable Misstatement
Summary of Changes from Previous Standards.
302 THE CONCEPT OF FINANCIAL STATEMENT ASSERTIONS
Assertions for Classes of Transactions
Assertions for Account Balances
Assertions for Presentation and Disclosure
Relevant Assertions
Implementation of Assertion Categories
Using the PPC Approach.
303 IDENTIFYING RISKS OF MATERIAL MISSTATEMENT AT THE RELEVANT ASSERTION LEVEL (SYNTHESIS)
Gathering Information from Risk Assessment and Other Planning Procedures
Synthesizing the Information
Why Is Synthesis Important?
Synthesis Considerations.
Considering the Type of Risk.
Considering the Pervasiveness of the Risk.
Considering What Can Go Wrong at the Assertion Level.
Considering Fraud Conditions.
Considering the Magnitude of the Risk.
Synthesis Questions.
Identifying Risks of Material Misstatement
Articulating Risks.
Examples of Synthesis.
Documenting Identified Risks
Assessing Identified Risks
304 ASSESSING RISKS OF MATERIAL MISSTATEMENT AT THE RELEVANT ASSERTION LEVEL
The Audit Risk Model
Risk of Material Misstatement
Assessing the Risk of Material Misstatement at the Relevant Assertion Level
Special Risk Considerations.
Significant Risks
Risks for Which Substantive Procedures Alone Are Not Sufficient
Using the PPC Approach
Summary of Changes from Previous Standards
305 A PRACTICAL APPROACH TO PREPARING THE DETAILED AUDIT PLAN
Documentation Requirements
How to Perform and Document the Specific Risk Assessment and the Planned Response
Identifying General Risk Assessment Factors.
Determining Significant Audit Areas.
Describing Specific Risks of Material Misstatement.
Determining the Documentation Approach to Be Used When Assessing the Risk of Material Misstatement.
Assessing Inherent Risk.
Assessing Control Risk.
Assessing the Combined Risk of Material Misstatement.
Documenting the Risk of Material Misstatement.
Responding to the Risk Assessment.
Types of Substantive Procedures and Audit Strategies
Basic Types of Substantive Procedures.
Limited, Basic, and Extended Approaches.
Tailoring the Audit Programs
Lower-risk Audit Areas or Assertions.
Higher-risk Audit Areas or Assertions.
Format of the Audit Programs.
Core Audit Programs.
Specified Risk Audit Programs.
Can the Auditor Use a Combination of Core Audit Programs and Specified Risk Audit Programs?
Examples of Tailoring Audit Programs.
Are the Audit Programs Illustrated in This Guide Considered "Canned" Audit Programs?
Summary of Changes from Previous Standards
APPENDIX 3A: Forms for Assessing Risks
APPENDIX 3A-1: CX-7.1: Risk Assessment Summary Form
APPENDIX 3A-2: CX-7.2: Inherent Risk Assessment Form
APPENDIX 3B: Identifying What Can Go Wrong in the Financial Statements--Inventory/Cost of Sales, Accounts Receivable/Sales, and Accounts Payable and Other Liabilities
APPENDIX 3C: Selecting an Appropriate Audit Response Using the Risk Assessment Summary Form and Core Audit Programs
APPENDIX 3D: Illustrative Risk Assumptions for the Audit of a Small Nonpublic Company--Based on the Specified Risk Approach in PPC's Guide to Audits of Nonpublic Companies
CHAPTER 4: FURTHER AUDIT PROCEDURES AND OTHER MATTERS
400 INTRODUCTION
401 TESTS OF CONTROLS
The Need to Perform Tests of Controls
Practical Considerations Related to Tests of Controls
Is the Auditor Required to Always Test Controls under the Risk Assessment Standards?
To What Extent Can the Control Risk Assessment Be Reduced Based on Risk Assessment Procedures Performed to Understand the Design and Implementation of Controls?
The Nature of Tests of Controls
Inquiry and Observation.
Inspection of Documents, Reports, or Electronic Files.
Walkthroughs.
Review of Reconciliations and Similar Bookkeeping Routines.
Reperformance of the Control Activity.
Timing of Tests of Controls
Interim Testing of Controls.
Rotation of Tests of Controls.
Extent of Tests of Controls
Use of Audit Sampling in Tests of Controls.
Tests of IT Related Controls
Application Controls.
General Controls.
Other Considerations When Performing Tests of Controls
Tests of Controls versus Processes.
Control Activities and Complementary Controls.
Efficiency Opportunities in Testing Controls
Easy-to-test Controls.
Key Controls.
Controls Relevant to Identified Risks.
Concurrent Test of Controls and Substantive Procedure.
Summary of Efficiency Opportunities.
Documentation Requirements
PPC Practice Aids.
"Test of Controls Form."
"Activity and Entity-level Control Forms."
Memo.
Summary of Changes from Previous Standards
402 MAKING A CONTROL RISK ASSESSMENT
Evaluating the Evidence about Operating Effectiveness
Sampling in Tests of Controls.
Deviations and the Auditor's Responsibility to Communicate Internal Control Matters.
Evaluating the Operating Effectiveness of Controls at a Service Organization.
Considering the Amount of Audit Evidence Necessary to Support a Control Risk Assessment
Type of Evidence (Testing Procedure Performed).
Source of the Evidence.
Effect of the Control Risk Assessment on Substantive Procedures
Using the PPC Approach.
403 SUBSTANTIVE PROCEDURES
Substantive Procedures Required in Every Audit
Financial Reporting System and Fraud Procedures.
Significant Risks.
Other Required Audit Procedures.
Sufficiency and Appropriateness of Audit Evidence
Nature, Timing, and Extent of Substantive Procedures
Selecting Appropriate Substantive Procedures
Considering the Account Being Tested.
Considering the Financial Statement Assertion.
Considering the Nature of Risks Identified.
Considering the Degree of Risk.
Considering the Available Evidence.
Considering the Effectiveness and Efficiency of Substantive Procedures.
Choosing between Analytical Procedures and Substantive Tests of Details
Timing of Substantive Procedures
Interim Audit Procedures.
Summary of Changes from Previous Standards
404 OTHER ISSUES RELATED TO FURTHER AUDIT PROCEDURES
The Use of Audit Evidence from Prior Periods
Substantive Procedures.
Tests of Controls (Rotation of Tests of Controls).
Use of Accounting Records as Audit Evidence
405 SUMMARIZATION AND EVALUATION
Audit Differences
Known and Likely Misstatements.
Communication of Misstatements to Management.
Evaluating Audit Differences
Offsetting of Misstatements.
Trivial Misstatements.
Evaluating Estimates.
Different Levels for Different Amounts, Subtotals, or Totals.
Qualitative Considerations.
Overall Evaluation.
Documentation Requirements
Summary of Changes from Previous Standards
APPENDIX 4A: CX-10.1: Test of Controls Form
APPENDIX 4B: Forms for Evaluating Audit Differences
APPENDIX 4B-1: CX-12.1: Closing Entry and Audit Adjustment Form
APPENDIX 4B-2: CX-12.2: Audit Difference Evaluation Form
APPENDIX A: Case Study 1--Completed Practice Aids
APPENDIX A-1: Case Study 1
APPENDIX A-2: CX-3.1: Understanding the Entity and Its Environment
APPENDIX A-3: CX-3.2: Engagement Team Discussion
APPENDIX A-4: CX-3.3: Fraud Risk Inquiries Form
APPENDIX A-5: CX-4.1: Understanding the Design and Implementation of Internal Control
APPENDIX A-6: CX-4.2.1: Financial Reporting System Documentation Form--Significant Transaction Classes
APPENDIX C-6: CX-5.2: Control Activities Form for Accounts Receivable and Sales
APPENDIX C-7: CX-4.2.1: Financial Reporting System Documentation Form--Significant Transaction Classes (Financial Close and Reporting)
APPENDIX C-8: CX-4.3: Walkthrough Documentation Table (Financial Close and Reporting)
APPENDIX C-9: CX-5.12: Control Activities Form for Financial Close and Reporting
APPENDIX C-10: CX-4.2.2: Financial Reporting System Documentation Form--IT Environment and General Computer Controls
Continued Professional Education
CPE & Training Solutions
INDEX
CPE related to these PPC Guides is now available!
New this year, visit Course Finder at trainingcpe.thomson.com to download course materials related to these PPC Guides in PDF format at no cost. For many of these courses, you can also opt to use our new Online Grading Center to submit your completed exams. Click on each title below to view available self-study courses related to these PPC Guides. Also new this year—course materials related to these PPC guides are now available in the CPE tab on Checkpoint!
Now it's easier than ever to meet your CPE requirements with the PPC guidance you use and trust!
The CPE & Training Solutions Online Grading Center gives you easy access to many print-based self-study courses and allows you to complete your CPE exams online for immediate results. Plus, the My Courses feature provides convenient retention and retrieval of your CPE course certificates and completions. Features include:
Immediate 24/7 Grading: Grading is now available 24-hours per day, seven days per week. Submit your final exam for grading at any time, and you’ll get immediate results and certification.
No Express Grading Fee: There’s no additional charge for completing the exam online. You will only be charged the normal course grading fee.
Convenient Retention and Retrieval of CPE Course Completions: CPE Certifications are available for every print course exam you successfully complete in the Online Grading Center.
PPC offers print-based self-study in these topics:
You may access PPC Guide-related course materials at no charge by visiting Course Finder at trainingcpe.thomson.com and searching for PPC Self-Study Print-based courses. Many courses are available for PDF download directly from the Course Finder!
INTRODUCTORY MATERIAL
PREFACE
