Assessing and Responding to Audit Risk in a Financial Statement Audit: Audit Guide
This guide is the definitive source for guidance on applying the core principles of the risk-based audit methodology required for all financial statement audits.

If you are purchasing a product in one of the following formats, please check the system requirements below:

Online Professional Library
The AICPA Online Professional Library will operate in a variety of configurations, but only the configuration described below is supported by our technicians:

  • Windows 7+ (Latest Microsoft Edge, Internet Explorer, Firefox or Chrome)

eBooks through VitalSource®

Operating Systems:

  • Windows 7/8/8.1/10 (32/64 bit)
  • Mac (OS X 10.9 or later)


  • Chrome (stable channel)
  • Firefox (release channel)
  • Safari 9+
  • Internet Explorer 11+
  • Microsoft Edge
  • Mobile Safari 9+
  • Chrome for Android (stable channel)


  • iPhone (iOS 10 or later)
  • iPad (iOS 10 or later)
  • Android Smartphone 5.0 or later
  • Android Tablet (Android OS 5.0 or later)
  • Kindle Fire (OS 5 or later)

VitalSource supports the current browser version.

Other Software Needs
To access your Interactive eBook on your tablet, desktop or mobile device, download the appropriate VitalSource Bookshelf app. Downloading this product will require an account with the third-party vendor and your data will be treated according to the vendor’s terms and conditions.


  • eBooks are intended for a single user only.
  • eBooks are accessible immediately after completing your purchase. Access to the link on the AICPA Store expires one year from the purchase date. You must create a VitalSource account before this time elapses in order to have continued access.
  • This product is refundable within 14 days of your purchase date if no more than 20% of the content was accessed.

Read our eBook Tutorial and see our FAQ for more information.


  • Adobe® Acrobat® Reader 8 or higher
Product details

Bottom line: If you're conducting a financial statement audit, then these are the principles to follow

Who Will Benefit?

  • Experienced auditors

Key Topics

  • Overview of applying the audit risk standards
  • Key concepts underlying the auditor's risk assessment process
  • Planning and performing risk assessment procedures
  • Understanding the client, its environment and its internal control
  • Risk assessment and the design of further audit procedures
  • Performing further audit procedures
  • Evaluating audit findings, audit evidence and deficiencies in internal control

The Assessing and Responding to Audit Risk in a Financial Statement Audit guide covers the core principles of the risk-based audit methodology that must be used on all financial statement audits.

You'll find an easy-to-understand style that addresses the issues you encounter in the field. And no matter your experience level, you'll benefit from the unique insights, examples and a comprehensive case study that clarify critical concepts and requirements.

Bonus Audit Risk Assessment Tool for Online Subscriptions

The Audit Risk Assessment Tool is automatically included only when you select the Online Subscription format.

The tool explains the risk assessment procedures to experienced auditors, and documents those decisions necessary to prepare an effective and efficient audit program.

Use the tool in place of cumbersome checklists. It will guide you through a top-down risk-based approach to the identification of high-risk areas. That allows for appropriate tailoring of audit programs, resulting in audit efficiencies.


This Audit Risk Assessment Tool is designed to provide illustrative information with respect to the subject matter covered and is recommended for use on audit engagements that are generally smaller and have less-complex auditing and accounting issues.

It is designed to help identify risks, including significant risks, and document the planned response to those risks. The Audit Risk Assessment Tool should be used as a supplement to a firm's existing planning module whether in a firm-based or commercially provided methodology.

The Audit Risk Assessment Tool is not a complete planning module.

The AICPA recommends that audit professionals with substantial accounting, auditing and specific industry experience and knowledge complete the Audit Risk Assessment Tool. For a firm to be successful in improving audit quality and efficiencies, it is recommended that a 5+ years experienced auditor completes the Audit Risk Assessment Tool or the engagement team member with the most knowledge of the industry and client (often Partner in small/medium firms) provides insight to whomever is completing the ARA Tool.

The AICPA recommends this should not be delegated to lower-level staff and just reviewed – it should be completed under the direction of the experienced auditor (if you delegate to inexperienced auditor, you will be at risk for less effectiveness and efficiencies because the tool is intended to be completed by an experienced auditor).


Here's what fellow CPAs are saying about the Audit Risk Assessment Tool.

"An elegant device that facilitates compliance with the standards."
– W. Douglas Logan, CPA, P.C.
"I was able to complete the risk assessment process faster compared to [a checklist method] … By identifying the significant areas/risks, we were able to focus on those areas and tailor the audit programs accordingly."
– Sole practitioner
"This process condenses the risk assessment down to just what you need to perform the risk assessment. The steps to get to the audit program generation were reduced, and I think you end up with a better and more complete product at that point. I think it makes your planning process better."
– Partner from CPA firm with 18 professionals
"I think time was the biggest efficiency [gained by using the Audit Risk Assessment Tool]. The support and guidance made the process of assessing risk quicker and clearer."
– Audit senior manager from CPA firm with 88 professionals
"It would be beneficial to use this streamlined tool on a smaller entity where our current forms may be more inefficient."
– Audit supervisor from CPA firm with 400 professionals
Content preview

For the Audit Risk Assessment Tool

  • Introduction
  • Step 1 – Obtain an Understanding of Your Client and Its Environment
  • Step 2 – Obtain an Understanding of Internal Control
  • Step 3 – Brainstorming Meeting
  • Step 4 – Summarization of the Audit Risk Assessment

For the Audit Risk Assessment Guide

Part 1 - Authoritative and Nonauthoritative Guidance on the Auditor's Risk Assessment in a Financial Statement Audit

  • Overview of Applying the Audit Risk Standards
  • Key Concepts Underlying the Auditor's Risk Assessment Process
  • Planning and Performing Risk Assessment Procedures
  • Understanding the Client, Its Environment, and Its Internal Control
  • Risk Assessment and the Design of Further Audit Procedures
  • Performing Further Audit Procedures
  • Evaluating Audit Findings, Audit Evidence, and Deficiencies in Internal Control

Part 2 - Additional Resources


A. Considerations in Establishing the Overall Audit Strategy
B. Understanding the Entity and Its Environment
C. Internal Control Components
D. Exhibit - Management Antifraud Programs and Controls
E. Illustrative Financial Statement Assertions and Examples of Substantive Procedures Illustrations for Inventories of a Manufacturing Company
F. Consideration of Prior Year Uncorrected Misstatements
G. Assessing the Severity of Identified Deficiencies in Internal Control
H. Examples of Circumstances That May Be Deficiencies, Significant Deficiencies, or Material Weaknesses
I. Suggestions for Conducting Inquiries
J. Matters to Consider in Determining Performance Materiality

Part 3 - Illustrative Audit Documentation Case Study


K. Illustrative Audit Documentation Case Study: Young Fashions, Inc.
K-1. Young Fashions: Understanding of Entity and Its Environment
K-1-1. Young Fashions: Audit Strategy
K-2. Young Fashions: Evaluation of Entity-Level Controls
K-2-1. Young Fashions: Procedures Performed to Evaluate Entity-Level Controls
K-3. Young Fashions: Understanding of Internal Control - IT General Controls
K-4. Young Fashions: Evaluation of Activity-Level Controls - Wholesale Sales
K-5. Young Fashions: Assessing Risks of Material Misstatement and Linkage to Further Audit Procedures
K-6. Young Fashions: Evaluation of Uncorrected Misstatements and Assessment of Control Deficiencies
L. The Effect of Group Audits on Planning and Determining Materiality
M. Overview of Statements on Quality Control Standards
N. Schedule of Changes Made to the Text From the Previous Edition

From the Audit Risk Assessment Guide

You, as the auditor, are required to perform risk assessment procedures, which include gaining an understanding of systems of internal control, to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and relevant assertion levels. This risk assessment then serves as the basis for you to design the nature, timing, and extent of further audit procedures.

The further audit procedures you design and perform should be appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence to be able to draw a reasonable conclusion on which to base your opinion.

This guide provides guidance, primarily on performing risk assessment procedures and obtaining sufficient appropriate audit evidence. As such, this guide illustrates how to gather information needed to assess risk, evaluate that information to assess risk at the assertion level, and design and perform further audit procedures based on that assessed risk, evaluate the results, and reach conclusions. In addition, guidance on evaluating and communicating findings is also included.

Comments from Lynford Graham, CPA, Ph.D., CFE:

"The profession continues to become familiar with the Risk Assessment Standards and discover the many benefits provided in efficiency and effectiveness from implementing them as designed. Unfortunately misunderstandings about risk assessment, controls and audit procedures continue to underlie comments from peer reviewers and inspectors. The Audit Guide helps walk you through the current requirements (under the Clarity revisions) with helpful hints and best practices for maximizing value to the auditor."

From the Introduction section of the Audit Risk Assessment Tool

The objective of this Audit Risk Assessment Tool (tool) is to aid in the implementation of the Risk Assessment Standards; it is designed to focus the auditor’s attention on the identification of significant risks, one or more of which arise on most audits. This tool is intended to work with any audit methodology and may be used for any audit; however, efficiency gains using this tool will probably be most notable with smaller audit clients. The tool also includes the Audit Guide Assessing and Responding to Audit Risk in a Financial Statement Audit. Industry-specific risks and considerations are available in Audit and Accounting Guides and Audit Risk Alerts.

Ratings and reviews

American Institute of CPAs

The American Institute of CPAs (AICPA) is the world’s largest member association representing the CPA profession, with more than 418,000 members in 143 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.

The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialized credentials for qualified professionals who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. With The Chartered Institute of Management Accountants (CIMA), it offers the Chartered Global Management Accountant (CGMA) designation, which sets the global benchmark for quality and recognition in management accounting.

The AICPA and CIMA also make up the Association of International Certified Professional Accountants (the Association), which represents public and management accounting globally, advocating on behalf the public interest and advancing the quality, competency and employability of CPAs, CGMAs and other accounting and finance professionals worldwide.

The AICPA maintains offices in New York, Washington, DC, Durham, NC, and Ewing, NJ.

EAQ logo
Member Quantity:
Nonmember Quantity:
Estimated total:
Add to cart
Back to Top