Page 31 - Internal Auditing Standards
P. 31
Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts
An effective risk assessment phase would include the following.
Exhibit 3.3-4
Requirements Description
Up-Front The engagement partner and other key members of the engagement team need
Involvement to be actively involved in planning the audit, and in planning and participating in
of Senior Team the discussion among engagement team members. This will ensure the audit plan
Members takes advantage of their experience and insight. Note that ISAs usually refer to the
term “auditor” as the person(s) performing the engagement. Where an ISA intends
a requirement or responsibility be fulfilled by the engagement partner, the term
"engagement partner" rather than "auditor" is used.
An Emphasis on The auditor cannot be expected to disregard past experience of the honesty
“Professional and integrity of the entity’s management and those charged with governance.
Skepticism” Nevertheless, a belief that management and those charged with governance are
honest and have integrity does not relieve the auditor of the need to maintain
professional skepticism, or allow the auditor to be satisfied with less-than-persuasive
audit evidence when obtaining reasonable assurance.
Planning The time spent in audit planning (developing the overall audit strategy and audit plan)
will ensure that audit objectives are properly met, and that the work of audit staff is always
focused on gathering evidence on the most critical areas of potential misstatement.
Team Discussions A team planning discussion/meeting with the engagement partner present provides
and Ongoing an excellent forum for:
Communication • Informing staff about the client in general and discussing potential risk areas;
• Discussing the effectiveness of the overall audit strategy and the audit plan and
then making changes as necessary;
• Brainstorming how fraud could occur and then designing an appropriate
response; and
• Allocating audit responsibilities and setting timeframes.
Ongoing communication among the audit team throughout the engagement is
also important, the better to discuss and address audit issues as they arise, any
unusual activities noted, or possible indicators of fraud. This will enable timely
communications to management and, where necessary, changes to the audit
strategy and audit procedures.
Focus on Risk The most important step in a risk assessment process is to identify all the relevant
Identifi cation risks. If business and fraud risk factors are not identified by the auditor, they will not
be assessed or documented, and an appropriate audit response (if required) will not
be designed. This is why well-designed risk assessment procedures are so important
to the effectiveness of the audit. These risk assessment procedures also need to be
performed by the appropriate level of staff .
Ability to Evaluate A key step in the risk assessment process is to evaluate the eff ectiveness of
Management’s management’s responses (that is, management’s control design/implementation),
Response(s) to if any, to mitigate the identified risks of material misstatement in the fi nancial
Risk statements. In smaller entities, more reliance will likely be placed on the control
environment and monitoring of controls, and less on the traditional control activities.
29
