Assessing and Responding to Audit Risk in a Financial Statement Audit - AICPA Audit Guide
View an introduction to the Audit Risk Assessment Tool by Chuck Landes
The Audit Risk Assessment Tool walks an experienced auditor through the risk assessment procedures and documents those decisions necessary to prepare an effective and efficient audit program. Designed to be used in lieu of cumbersome checklists, it provides a top down risk-based approach to the identification of high risk areas to allow for appropriate tailoring of audit programs which will result in audit efficiencies. The tool is available in the Online Subscription format and includes access to the full Risk Assessment Guide.
The AICPA Audit Guide Assessing and Responding to Audit Risk in a Financial Statement Audit is the definitive source for guidance on applying the core principles of the risk-based audit methodology that must be used on all financial statement audits. This guide is written in an easy-to-understand style that enables auditors of all experience levels to find answers to the issues they encounter in the field. Unique insights, examples and a comprehensive case study clarify critical concepts and requirements.
To learn more about what is included in each format, click on the corresponding Available Formats link above.
This Audit Risk Assessment Tool is designed to provide illustrative information with respect to the subject matter covered and is recommended for use on audit engagements that are generally smaller in size and have less complex auditing and accounting issues. It is designed to help identify risks, including significant risks, and document the planned response to those risks. The Audit Risk Assessment Tool should be used as a supplement to a firm’s existing planning module whether in a firm-based or commercially provided methodology. The Audit Risk Assessment Tool is not a complete planning module.
The AICPA recommends the Audit Risk Assessment Tool be completed by audit professionals with substantial accounting, auditing and specific industry experience and knowledge. For a firm to be successful in improving audit quality and efficiencies, it is recommended that a 5+ years experienced auditor completes the Audit Risk Assessment Tool or the engagement team member with the most knowledge of the industry and client (often Partner in small/medium firms) provides insight to whomever is completing the ARA Tool. The AICPA recommends this should not be delegated to lower-level staff and just reviewed – it should be completed under the direction of the experienced auditor (if you delegate to inexperienced auditor you will be at risk for less effectiveness and efficiencies because the tool is intended to be completed by an experienced auditor).
The Audit Risk Assessment Tool does not establish standards or preferred practices and is not a substitute for the original authoritative auditing guidance. In applying the auditing guidance included in this Audit Risk Assessment Tool, the auditor should, using professional judgment, assess the relevance and appropriateness of such guidance to the circumstances of the audit. This document has not been approved, disapproved, or otherwise acted on by a senior committee of the AICPA. It is provided with the understanding that the staff and publisher are not engaged in rendering legal, accounting, or other professional service. All such information is provided without warranty of any kind.
Access to this product is on a concurrent user basis (defined as the number of simultaneous users accessing the tool at any given time). Such use is further limited to five (5) engagements per concurrent user subscription purchased.
Example A: If a subscription for 2 concurrent users is purchased, the tool may be used in no more than 10 engagements.
Example B: If the tool is to be used in connection with 35 such engagements, a subscription for 7 concurrent users would be required, whether or not the actual number of concurrent users was fewer than 7.
Pricing varies with the number of concurrent users. See the chart below:
If purchasing this title as an eBook, please note that it is intended for a single user. An eBook is a downloadable file that will be accessible immediately after completing your purchase. Access to the download link expires 180 days from the purchase date. Download the file before this time elapses. Before downloading your eBook, you must:
Return to the AICPA Store and go to My Account > My Downloads
Click the eBook title to download and open automatically in Adobe Digital Editions
Note: To access your eBook on a smartphone, tablet or other reading device, see our FAQ. This product is refundable within 10 days of your purchase date. For more information about this product or service concerns, please contact the AICPA Store Service Center at firstname.lastname@example.org or call 888-777-7077.
Find out what other CPAs are saying about the Audit Risk Assessment Tool!
“An elegant device that facilitates compliance with the standards” – W. Douglas Logan, CPA, PC
“I was able to complete the risk assessment process faster compared to (a checklist method)…by identifying the significant areas/risks, we were able to focus on those areas and tailor the audit programs accordingly.” - Sole Practitioner
“This process condenses the risk assessment down to just what you need to perform the risk assessment. The steps to get to the audit program generation were reduced and I think you end up with a better and more complete product at that point. I think it makes your planning process better.” - Partner from CPA firm with 18 professionals
“I think time was the biggest efficiency (gained by using the ARA Tool). The support and guidance made the process of assessing risk quicker and clearer.”
– Audit Senior Manager from CPA firm with 88 professionals
“It would be beneficial to use this streamlined tool on a smaller entity where our current forms may be more inefficient.” - Audit Supervisor from CPA firm with 400 professionals
You, as the auditor, are required to perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and relevant assertion levels. This risk assessment then serves as the basis for you to design the nature, timing, and extent of further audit procedures.
The further audit procedures you design and perform should be appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence to be able to draw a reasonable conclusion on which to base your opinion.
This guide provides guidance, primarily on performing risk assessment procedures and obtaining sufficient appropriate audit evidence. As such, this guide illustrates how to gather information needed to assess risk, evaluate that information to assess risk at the assertion level, and design and perform further audit procedures based on that assessed risk, evaluate the results, and reach conclusions. In addition, guidance on evaluating and communicating findings is also included.
From the Introduction section of the Audit Risk Assessment Tool
The objective of this Audit Risk Assessment Tool (tool) is to aid in the implementation of the Risk Assessment Standards; it is designed to focus the auditor’s attention on the identification of significant risks, one or more of which arise on most audits. This tool is intended to work with any audit methodology and may be used for any audit; however, efficiency gains using this tool will probably be most notable with smaller audit clients. The tool also includes the Audit Guide Assessing and Responding to Audit Risk in a Financial Statement Audit. Industry-specific risks and considerations are available in Audit and Accounting Guides and Audit Risk Alerts.
Table of Content
For the Audit Risk Assessment Tool
Step 1 – Obtain an Understanding of Your Client and Its Environment
Step 2 – Obtain an Understanding of Internal Control
Step 3 – Brainstorming Meeting
Step 4 – Summarization of the Audit Risk Assessment
For the Audit Risk Assessment Guide
Part 1 - Authoritative and Nonauthoritative Guidance on the Auditor's Risk Assessment in a Financial Statement Audit
Overview of Applying the Audit Risk Standards
Key Concepts Underlying the Auditor's Risk Assessment Process
Planning and Performing Risk Assessment Procedures
Understanding the Client, Its Environment, and Its Internal Control
Risk Assessment and the Design of Further Audit Procedures
Performing Further Audit Procedures
Evaluating Audit Findings, Audit Evidence, and Deficiencies in Internal Control
Part 2 - Additional Resources
A. Considerations in Establishing the Overall Audit Strategy
B. Understanding the Entity and Its Environment
C. Internal Control Components
D. Exhibit - Management Antifraud Programs and Controls
E. Conditions and Events That May Indicate Risks of Material Misstatement
F. Conditions and Events that May Indicate Risks of Material Misstatement at a Small Business Entity
G. Illustrative Financial Statement Assertions and Examples of Substantive Procedures Illustrations for Inventories of a Manufacturing Company
H. Considerations of Prior Year Uncorrected Misstatements
I. Assessing the Severity of Identified Deficiencies in Internal Control
J. Examples of Circumstances That May Be Deficiencies, Significant Deficiencies, or Material Weaknesses
K. Suggestions for Conducting Inquiries
L. Matters to Consider in Determining Performance Materiality
Part 3 - Illustrative Audit Documentation Case Study
M. Illustrative Audit Documentation Case Study: Young Fashions, Inc.
M-1. Young Fashions: Understanding of Entity and Its Environment
M-1-1. Young Fashions: Audit Strategy
M-2. Young Fashions: Evaluation of Entity-Level Controls
M-2-1. Young Fashions: Procedures Performed to Evaluate Entity-Level Controls
M-3. Young Fashions: Understanding of Internal Control - IT General Controls
M-4. Young Fashions: Evaluation of Activity-Level Controls - Wholesale Sales
M-5. Young Fashions: Assessing Risks of Material Misstatement and Linkage to Further Audit Procedures
M-6. Young Fashions: Evaluation of Uncorrected Misstatements and Assessment of Control Deficiencies
N. Mapping and Summarization of Changes - Clarified Auditing Standards
O. Schedule of Changes Made to the Text From the Previous Edition
About the Publisher
About the AICPA
The American Institute of CPAs is the world’s largest member association representing the accounting profession, with more than 412,000 members in 144 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.
The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialty credentials for CPAs who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. Through a joint venture with the Chartered Institute of Management Accountants, it has established the Chartered Global Management Accountant designation, which sets a new standard for global recognition of management accounting.