MENGIDENTIFIKASI DAN MENILAI RISIKO

BAWAAN DAN RISIKO SIGNIFIKAN

Sepky Mardian | March 12nd, 2018
Risk Assessment/Penilaian Risiko
Kegiatan Tujuan Dokumentasi

Rinci faktor risiko

Kegiatan pra Putuskan terima/tolak Independensi
penugasan penugasan Surat penugasan
Penilaian Risiko

Materialitas
Rencanakan auditnya Buat strategi audit Diskusi tim audit
menyeluruh dan Strategi audit menyeluruh
rencanakan audit
Risiko bisnis & fraud,
Laksanakan prosedur Identifikasi/nilai termasuk risiko penugasan
penilaian risiko RSSM dengan
memahami entitas Rancang/
implementasi PI
Nilai RSSM di tingkat:
LK dan asersi
Risk Assessment Procedures
Quality controls – Ethics, Independence & ISAs
Decide to Accept/Continue Engagement
Planning Activities
Determine Team Planning Overall
Risk Assessment

Materiality Meeting Audit Strategy

Risk Assessment Procedures
Identify & Assess Identify & Assess Conclude:
Inherent Risk Control Risk Assess RMM at
financial
Communicate
statement and
Significant
assertion levels
Deficiencies

Document findings & any changes to the plan

Risk Assessment Procedures
• Risk assessment procedures are audit procedures performed
to obtain an understanding of the entity and its
environment, including the entity’s internal control, to
identify and assess the risks of material misstatement
(RMM), whether due to fraud or error, at the financial
statement and assertion levels.

• The auditor shall perform risk assessment procedures to

provide a basis for the identification and assessment of RMM
at the financial statement and assertion levels.
Risk Assessment Procedures
• The objective of the risk assessment phase :
- to identify sources of risk, and then
- to assess whether they could possibly result in a
material misstatement in the financial statements.

Risk identification
(asking “what can go wrong”)
Risk
assessment
Risk assessment
(determining the
significance of each risk)
Understanding the Entity
Understanding the Entity

Entity
objectives &
strategies
Internal External
The Areas of Risk

control factors
RMM
Accountin Nature
g policies of
entity
Financial
performance
indicators

RMM = risk of material

misstatement
Understanding the Entity
The scope of the understanding required by the auditor for
identifying risks is contained in six key areas, as follows :

Business plans and strategies

Entity Objectives &
Financial implications and
Strategies risks undertaken

Nature of industry
External Factors Regulatory environment
Financial reporting framework

Operations and key personnel

Nature of Entity Ownerships and governance
Investment, structure & financing
Understanding the Entity
The scope of … (continued)

Measurement/
What is measured
Review of Financial Who reviews financial results
Performance

Selection and application

Accounting Policies Reasons for changes
Appropriateness to entity

Internal Control Processes and relevant controls to

mitigate risks at the entity level and
Relevant to the Audit at the transactional level
Source of Risk
Source of Risk
Source of Risk
Understanding the Entity
Source of Information about the Entity :
Understanding the Entity
Source of …(continued) :
Understanding the Entity
Benefits Obtained from Understanding the Entity :
• Identifying risks and developing responses
- Making judgments about the risk assessments.
- Developing appropriate responses to identified risks of
material misstatement in the financial statements.
- Establishing materiality.
- Developing expectations needed for performing analytical
procedures.
- Designing/performing further audit procedures to reduce
audit risk to an acceptably low level.
- Evaluating sufficiency/appropriateness of audit evidence
obtained (e.g., appropriateness of assumptions used and
management’s oral and written representations).
 Understanding the Entity

Benefits Obtained… (continued):

• Financial statement review

• Assessing management’s selection and application of
accounting policies.
• Considering the adequacy of financial statement disclosures.
• Identifying audit areas for special consideration (e.g., related
party transactions, unusual or complex contractual
arrangements, going concern or unusual transactions).
 Understanding the Entity

• Obtaining an understanding of the entity is not a discrete

task that can be completed early in the audit.
• It is important to keep learning about the entity throughout
the audit, and to remain alert to risk factors not previously
identified or where the original assessment of risk needs
updating.
Procedures to Understanding the Entity
and Assess Risk
Types of risk
assessment
procedure :
Inherent Risk – Identification
Inherent Risk – Identification

Risk identification involves:

• Performing risk assessment procedures to identify
sources (causes) of risk through understanding the entity;
• Determining the possible effects of the risk sources
identified (potential misstatements in the financial
statements), including the possibility of fraud; and
• Relating the effects of risks to the financial statement area
and assertions affected, or determining that the risks are
pervasive to the financial statements as a whole and
potentially affect many assertions.
Risk Identification
Factors Affecting Inherent Risk
Nature of Client’s : • Industry practices
Business • Non-routine transactions
• Makeup of the population
Culture : • Related parties
• Factors•related to fraudulent
Industry practices financial reporting
• Factors•related
Non-routine transactionsof assets
to misappropriation
• Makeup of the population

Audit Experience : • Prior audit results

• Initial vs. repeat engagement
• Audit judgment required to correctly record
balances and transactions
Factors Affecting Inherent Risk
Inherent Risk at the Financial Statement Levels

1. Business risk
2. Fraud risk.
Factors Affecting Inherent Risk
Inherent Risk at the Accounts and Assertions Level

The account balance :

• represents an asset that is relatively easily stolen
• is made up of complex transactions
• requires a high level of judgment or estimates to value
• is composed of a high volume of non-routine
transactions
• is subject to adjustments that are not in the ordinary
processing routine, such as year-end adjustments
Business Risk

Business risks can be resulted from

• Significant conditions, events, circumstances, actions, or
inactions that could adversely affect the entity’s ability to
achieve its objectives and execute its strategies.
• Setting inappropriate objectives and strategies.
• Change, complexity, or the failure to recognize the need for
change.
- The development of new products that may fail;
- An inadequate market, even if new products are successfully
developed; or
- Flaws in the products that may result in liabilities and
damage to the entity’s reputation
Fraud Risk

The term “fraud” refers to an intentional act by one or more

individuals among management, those charged with
governance, employees, or third parties involving the use
of deception to obtain an unjust or illegal advantage.
• Management fraud – involving member(s) of
management and those charged with governance;
• Employee fraud - involving only employees of the entity.

Fraud risk relates to events or conditions that indicate an

incentive or a pressure to commit fraud or provide an
opportunity to commit fraud.
Fraud Risk

Types and characteristics of fraud :

Error
RMM
Fraud

• Fraudulent (Manipulation of)

Financial Statements

• Missappropriation of Assets
Fraud Risk
Fraud Risk

How
Muc
h
Fraud Risk

Major conditions that create an environment for fraud include:

• Ineffective corporate governance;
• Lack of leadership by management and poor “tone at the top”;
• High incentives provided for financial performance;
• Taxes or other expenses that are considered very high or
onerous;
• Complexity in the entity’s rules, regulations, and policies;
• Unrealistic expectations from bankers, investors, or other
stakeholders;
• Downward and unexpected shifts in profitability;
• Unrealistic budget targets for staff to attain; and
• Inadequate internal control, especially in the presence of
organizational change.
Fraud Risk

In conducting risk assessment procedures, audit team

members need to consider the existence of the three
conditions that often provide clues to the existence of fraud
(“fraud triangle”).
 When all three conditions are present, it is highly likely
that fraud may be occurring.
 Fraud Risk
The Fraud Triangle :

Generated by Rationalization is
immediate the belief that a
needs that are fraud has not really
difficult to share been committed
with others

A poor corporate culture and

a lack of adequate internal
control procedures can often
create confidence that
a fraud could go undetected
Risk Factors for Fraudulent Reporting

Pressures/Incentives
• Financial stability or profitability is threatened by economic,
industry, or entity operating conditions
• Excessive pressure exists for management to meet targets
or debt requirements
• Personal net worth is materially threatened by the entity’s
financial performance
Risk Factors for Fraudulent Reporting

Opportunities
• There are significant accounting estimates involve
judgments that are difficult to verify
• There is ineffective board or audit committee oversight
over financial reporting
• High turnover or ineffective accounting, internal audit, or
information technology staff exists
Risk Factors for Fraudulent Reporting

Rationalization/Attitude
• Inappropriate or inefficient communication & support of
the entity’s values is evident
• A history of violations of laws is known
• Management has a practice of making overly aggressive
or unrealistic forecasts
Risk Factors for Missapropriation of Assets

Pressures/Incentives
• Personal financial obligations create pressure to
misappropriate assets
• Adverse relationships between management and
employees motivate employees to misappropriate assets

Opportunities
• There is a presence of large amounts of cash on hand or
inventory items
• There is an inadequate internal control over assets
Risk Factors for Missapropriation of Assets

Rationalization/Attitude
• Disregard for the need to monitor or reduce risk of
misappropriating assets exists
• There is a disregard for internal controls by failing to
correct known deficiencies
• Management is tolerant of some employee thefts (no
disciplinary action is taken when an employee is caught
stealing)
• Management does not enforce the entity’s values or
ethical standards
Responses to Fraud Risk

Maintain an attitude of professional skepticism at all time

during the engagement.
 Recognizing that management can commit fraud;
 Make critical assessments about the validity of audit
evidence obtained;
 Being alert on the reliability of documents and
responses to inquiries and othe information obtained
form management;
Responses to Fraud Risk

Maintain an ….(cont)
 Being careful – avoid :
• Overlooking unusual circumstances
• Overgeneralizing when drawing conclusions
• Accepting less than persuasive audit evidence in a belief
that management and those charged with governance are
honest and have integrity
Inherent Risk – Assessment
 Inherent Risk – Assessment
Risk assessment involves consideration of two attributes
about the risk:
1. What is the likelihood of a misstatement occurring as a
result of the risk?
2. What would be the magnitude (monetary impact/
materiality) if the risk did occur?

• Use subjective/non-quantitative measurement.

• The auditor could evaluate the likelihood of simply as high,
medium, or low, or could assign a numerical score, such as 1 to 5.
Inherent Risk – Assessment
 CONTOH KERTAS KERJA
RISK IDENTIFICATION AND ASSESMENT