The parts of planning are: accept client and perform initial planning,
understand the client's business and industry, perform preliminary analytical
procedures, set preliminary judgment of materiality and performance materiality,
identify significant risks due to fraud or error, assess inherent risk, understand
internal control and assess control risk, and finalize overall audit strategy and
audit plan. The evaluation of risk is an explicit component of part five (identify
significant risks, including fraud risks), part six (assess inherent risk), and part
seven (control risk).
The auditor performs risks assessment procedures to identify and assess
the risk of material misstatement, whether due to fraud or error. Risk assessment
procedures include the following:
1. Inquiries of management and others within the entity: Because
management and others, including those charged with governance and
internal audit, have important information to assist the auditor in
identifying risks of material misstatements, the auditor will make a
number of inquiries of these individuals to understand the entity and its
environment, including internal control, and to ask them about their
assessments of the risks of material misstatements.
2. Analytical procedures: As noted in Chapter 8, auditors are required to
perform preliminary analytical procedures as part of audit planning to
better understand the entity and to assess client business risks.
3. Observation and inspection: Auditors observe the entity's operations
and they inspect documents, such as the organization's strategic plan,
business model, and its organizational structure to increase the
auditor's understanding of how the business is structured and how it
organizes key business functions and leaders in the oversight of dayto-day
4. Discussion among engagement team members: Auditing standards
require the engagement partner and other key engagement team
members to discuss the susceptibility of the client's financial
statements to material misstatement. This includes explicit discussion
about the susceptibility of the client's financial statements to fraud, in
addition to their susceptibility of material misstatement due to errors.
5. Other risk assessment procedures: The auditor may perform other
procedures to assist in the auditor's assessment of the risk of material
Three types of characteristics of transactions and balances that might
cause an auditor to determine that a risk of material misstatement is a significant
1. Nonroutine Transactions: Significant risks often relate to significant
nonroutine transactions, which represent transactions that are unusual,
either due to size or nature, and that are infrequent in occurrence.
Nonroutine transactions may increase the risk of material misstatement
because they often involve a greater extent of management
intervention, including more reliance on manual versus automated data
collection and processing, and they can involve complex calculations
or unusual accounting principles not subject to effective internal
controls due to their infrequent nature. Related party transactions often
reflect these characteristics, thereby increasing the likelihood they are
considered significant risks.
2. Matters Requiring Significant Judgment: Significant risks also
relate to matters that require significant judgment because they include
the development of accounting estimates for which significant
measurement uncertainty exists. Classes of transactions or account
balances that are based on the development of accounting estimates
often require significant judgment that is subjective or complex based
on assumptions about future events. As a result, those types of
transactions or balances frequently are identified as significant risks.
Copyright © 2017 Pearson Education, Inc.
3. Fraud Risk: Because fraud generally involves concealment, detecting
material misstatements due to fraud is difficult. As a result, when
auditors identify a potential risk of material misstatement due to fraud,
auditing standards require the auditor to consider that risk a significant
risk, which triggers required responses to those risks.