MODUL 7

PENILAIAN RISIKO

RISIKO AUDIT

1. Defenisi Risiko Audit

- Risiko yang terjadi dalam hal auditor tanpa disadari tidak memodifikasikan pendapatnya

sebagaimana mestinya, atas suatu laporan keuangan yang mengandung salah saji

material.

- Semakin besar keinginan auditor menyatakan pendapat yang benar, semakin rendah

risiko audit yang akan bisa ia terima jika diinginkan keyakinan 99%, maka risiko audit

yang dapat diterima adalah 1%.

- Konsep risiko audit berkaitan dengan risiko kegagalan auditor dalam mengubah

pendapatnya atas laporan keuangan yang sebenarnya berisi salah saji material.

- Risiko audit digolongkan menjadi 2 :

1) Risiko audit keseluruhan

2) Risiko audit individual

2. Komponen-komponen risiko audit

1) Risiko bawaan (inherent risk)

Kerentanan suatu saldo rekening atau golongan transaksi terhadap suatu salah saji yang

material, dengan asumsi bahwa tidak terdapat kebijakan dan prosedur struktur

pengendalian intern yang terkait

1
 2) Risiko pengendalian (control risk)

Risiko bahwa suatu salah saji material yang dapat terjadi dalam suatu asersi tidak dapat

dicegah atau dideteksi tepat waktu oleh struktur pengendalian intern satuan usaha.

3) Risiko deteksi (detection risk)

Risiko bahwa auditor tidak dapat mendeteksi salah saji material yang terdapat dalam

suatu asersi

3. Model Risiko Audit:

RA = RB x RP x RD

Keterangan:
- RA = Risiko Audit
- RB = Risiko Bawaan
- RP = Risiko Pengendalian
- RD = Risiko Deteksi

4. Hubungan risiko audit dengan bukti audit

Risiko Audit ↓↑ Jumlah Bukti Audit, artinya:

Semakin rendah tingkat risiko audit yang ingin dicapai, maka semakin banyak jumlah bukti

audit yang diperlukan.

Risiko Audit Bukti Audit

Semakin rendah risiko audit ↓ Banyak
Semakin tinggi risiko audit ↑ Sedikit

5. Hubungan antara Risiko Deteksi dengan Bukti Audit

Risiko deteksi ↓↑ Jumlah Bukti Audit, artinya:

2
 Semakin rendah tingkat risiko deteksi yang dapat diterima yang ditetapkan auditor, semakin

banyak jumlah bukti audit yang diperlukan untuk membatasi tingkat risiko deteksi pada

tingkat tersebut.

Risiko Deteksi Bukti Audit

Semakin rendah risiko deteksi ↓ Banyak
Semakin tinggi risiko deteksi ↑ Sedikit

6. Hubungan antara Risiko Bawaan & Risiko Pengendalian dengan Bukti Audit

Risiko Bawaan & Risiko Pengendalian mempunyai hubungan langsung dengan Jumlah Bukti

Audit yang diperlukan, artinya:

Bukti yang diperlukan semakin sedikit apabila risikonya rendah, karena dalam situasi

demikian risiko deteksinya dapat menjadi tinggi.

Risiko Bawaan & Risiko Pengendalian Bukti Audit

Semakin rendah risiko audit ↓ Sedikit
Semakin tinggi risiko audit ↑ Banyak

HUBUNGAN ANTARA MATERIALITAS, RISIKO AUDIT DAN BUKTI AUDIT

Berbagai kemungkinan hubungan antara materialitas, bukti audit dan risiko audit sebagai berikut:

1 Jika auditor mempertahankan risiko audit konstan dan tingkat materialitas dikurangi,

auditor harus menambah jumlah bukti audit yang dikumpulkan.

2 Jika auditor mempertahankan tingkat materialitas konstan dan mengurangi jumlah bukti

audit yang dikumpulkan, risiko audit menjadi meningkat.

3 Jika auditor menginginkan untuk mengurangi risiko audit, auditor dapat menempuh salah

satu dari 3 cara berikut: (a) menambah tingkat materialitas, sementara itu mempertahakan

jumlah bukti audit yang dikumpulkan, (b) menambah jumlah bukti audit yang

3
 dikumpulkan, sementara itu tingkat materialitas tetap dipertahankan, dan (c) menambah

sedikit jumlah bukti audit yang dikumpulkan dan tingkat materialitas secara bersama-

sama.

ASSESSING THE RISK OF MATERIAL MISSTATEMENT

1. Audit Risk
Standar auditing mengharuskan auditor untuk memahami entitas dan lingkungannya, termasuk
pengendalian internalnya yang berguna untuk penilaian risiko salah saji yang material dalam laporan
keuangan. Standar auditing mengharuskan auditor menilai risiko salah saji yang material pada
tingkat laporan keuangan secara keseluruhan serta tingkat asersi yang relevan bagi kelas
transaksi, saldo akun, danpengungkapan. Terdapat 2 komponen penilaian level risiko salah
saji yang material yakni inherent risk dan control risk.
2. Risk Assessment Procedures
1) Pertanyaan manajemen dan entitas lain di dalamnya.
2) Prosedur analitis.
3) Observasi dan inspeksi (pemeriksaan secara langsung).
4) Prosedur peniliaian risiko lainnya.
Dilakukan untuk menilai, penilaian auditor pada risiko salah saji yang material.
3. Identification of Significant Risks
1) Signifikan Risiko marupakan identifikasi dan penilaian risiko salah saji material dalam
judgement yang dilakukan oleh auditor profesional. Hal tersebut memerlukan
pertimbangan audit khusus.
2) Jika risiko salah saji sudah diidentfikasi dan dinilai, yang diperlukan ialah menelaah
temuan dan kemudian memilih (berdasarkan kearifan professional) risiko-risiko yang
memang signifikan.
3) Ketika risiko digolongkan signifikan, auditor harus memberikan tanggapan.Tanggapan
auditor, berupa langkah audit, terhadap risiko signifikan.

4
4. Model risiko audit adalah model yang digunakan terutama untuk tahap perencanaan dalam
menentukan berapa besar bahan bukti yang harus dikumpulkan dalam tiap siklus.
Rumus :
PDR = AAR / (IR x CR)
PDR = Risiko penemuan yang direncanakan
(Planned Detection Risk)
AAR= Risiko audit yang dapat diterima
(Acceptable Audit Risk)
IR = Risiko bawaan (Inherent Risk)
CR = Risiko Pengendalian (Control Risk)
5. Risiko penemuan yang direncanakan (Planned Detection Risk) adalah risiko bahwa bahan
bukti yang dikumpulkan dalam segmen gagal menemukan salah saji yang melewati jumlah
yang dapat ditoleransi, kalau salah saji semacam itu timbul.
6. Risiko bawaan (inherent risk)merupakan faktor kerentanan laporan keuangan terhadap
kekeliruan yang material, dengan asumsi tidak ada pengendalian intern.
7. Risiko pengendalian (control risk) adalah ukuran penetapan auditor akan adanya salah saji
dalam segmen audit yang melewati batas toleransi, yang tidak terdeteksi atau tercegah oleh
struktur pengendalian intern klien. Risiko pengendalian dipengaruhi efektivitas pengendalian
intern dan pemahaman auditor atas struktur pengendalian intern.
8. Risiko Audit yang dapat Diterima (Acceptable Audit Risk) adalah ukuran ketersediaan auditor
untuk menerima bahwa laporan keuangan salah saji material walaupun audit telah selesai dan
pendapat wajar tanpa pengecualian telah diberikan
9. Risiko Usaha (Engagement Risk) adalah tingkat risiko bahwa auditor atau kantor akuntan
publik akan menderita kerugian yang diakibatkan hubungannya dengan klien, walaupun
laporan audit yang diberikannya sudah pantas. Hal ini dipengaruhi oleh tingkat
ketergantungan pemakai pada laporan keuangan dan kemungkinan akan adanya kesulitan
keuangan klien yang timbul setelah laporan audit diterbitkan.
10. Achieved Audit Risk ( AcAR) : ukuran resiko yang diambil auditor yang mana sebuah akun
di laporan keuangan telah salah saji setelah auditor mengakumulasi bukti audit
11. Achieved Detection Risk (AcDR) : ukuran resiko yang mana bukti audit untuk sebuah
segmen tidak dapat mendeteksi salah saji melebihi jumlah yang ditoleransi

5
12. Evaluating audit result
AcAR = IR x CR x AcDR
13. Hubungan antara resiko dan bukti audit
a) Situasi 1: AAR high, IR low, CR low, PDR high, evidence low
b) Situasi 2: AAR low, IR low, CR low, PDR medium, evidence medium
c) Situasi 3: AAR low, IR high, CR high, PDR low, evidence high
d) Situasi 4: AAR medium, IR medium, CR medium, PDR medium, evidence medium
e) Situasi 5 : AAR high, IR low, CR medium, PDR medium, evidence medium
14. Cara mengurangi AcAR : mengurangi IR, mengurangi CR, mengurangi AcDR dengan
memperkuat tes audit

6
 ISA 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS

ISA 300 Role and Timing of Planning

Adequate planning benefits the audit of financial statements in several ways, including the
following:
a) Helping the auditor to devote appropriate attention to important areas of the audit.
b) Helping the auditor identify and resolve potential problems on a timely basis;
c) Helping the auditor properly organize and manage the audit engagement so that it
isnperformed in an effective and efficient manner
d) Assisting in the selection of engagement team members with appropriate levels of
capabilities and competence to respond to anticipated risks, and the proper
assignment of work to them;
e) Facilitating the direction and supervision of engagement team members and the
review of their work;
f) Assisting, where applicable, in coordination of work done by auditors of
components and experts

ISA 300 Scope

ISA 300 deals with the auditor’s responsibility to plan an audit of financial. ISA 300 is written in
the context of recurring audits. Additional considerations in an initial audit engagement are
separately identified.

ISA 300 Effective date 15 December 2009

ISA 300 Objective

The objective of the auditor is to plan the audit so that it will be performed in an effective
manner

ISA 300 Requirements

ISA 300 requires to get engagement partner and other key members of the engagement team
to get involve in:

7
 a) Planning
b) Discussion
ISA 300 require under take the following activities at the beginning of the current audit
engagement:
a) Perform requirements of ISA 220
b) Establishing and understanding terms of engagement in accordance with ISA 210

ISA 300 Require to establish overall audit strategy

a) Identify the characteristics of the engagement that define its scope;
b) Ascertain the reporting objectives of the engagement to plan the timing of the audit and
the nature of the communications required;
c) Consider the factors that, in the auditor’s professional judgement, are significant in
directing the engagement team’s efforts;
d) Consider the results of preliminary engagement activities and, where applicable, whether
knowledge gained on other engagements performed by the engagement partner for the
entity is relevant; and
e) Ascertain the nature, timing and extent of resources necessary to perform the
engagement.

ISA 300 require to develop audit plan that involve;

a) The nature, timing and extent of planned risk assessment procedures, as determined under
ISA 315;
b) The nature, timing and extent of planned further audit procedures at the assertion level, as
determined under ISA 330; and
c) Other planned audit procedures that are required to be carried out so that the engagement
complies with ISAs
ISA 300 require to plan the nature, timing and extent of direction and supervision.
ISA 300 require to document the strategy, plan and any significant changes.
ISA 300 require that In respect of Initial Audit Engagement:
a) Performing procedures required by ISA 220 regarding the acceptance of the client
relationship and the specific audit engagement; and

8
 b) Communicating with the predecessor auditor, where there has been a change of auditors,
in compliance with relevant ethical requirements.

Summary ISA 315

ISA 315- Identifying and Assessing the Risks of Material Misstatement Through
Understanding the Entity and its Environment

Scope of ISA 315

This International Standard on Auditing (ISA) deals with the auditor’s responsibility to identify
and assess the risks of material misstatement in the financial statements, through understanding
the entity and its environment, including the entity’s internal control.

Objective
The objective of the auditor is to identify and assess the risks of material misstatement, whether
due to fraud or error, at the financial statement and assertion levels, through understanding the
entity and its environment, including the entity’s internal control, thereby providing a basis for
designing and implementing responses to the assessed risks of material misstatement.

Risk Assessment Procedure:

1. Understand the entity
1) Industry, regulatory and other external factors: This means having an understanding of
the industry in which the company operates, including the level of competition, the nature
of the relationships with suppliers and customers, and the level of technology used in the
industry. The industry may have specific laws and regulations which impact on the
business. The auditor should also consider wider economic factors such as the level and
volatility of interest rates and exchange rates and their potential impact on the client. The
importance of these issues is their potential impact on the financial statements and on the
planning of the audit. For example, if a client operates in a highly regulated industry, it
may be worth considering the inclusion in the audit team of a person with specific
experience or knowledge of those regulations. Regulations include the financial reporting

9
 framework, for example, whether the company uses local or international financial
reporting standards.
2) Nature of the entity and its accounting policies: This includes having an understanding of
the legal structure of the company (and group where relevant), the ownership and
governance structure, and the main sources of finance used by the company. Complex
ownership structures with multiple subsidiaries and/or locations may increase the risk of
material misstatement.Understanding the nature of the company also includes an
understanding of the accounting policies selected and applied to the financial statements.
The auditor must consider whether the accounting policies applied are consistent with the
applicable financial reporting framework.
3) Objectives and strategies and related business risks: The management of the company
should define the objectives of the business, which are the overall plans for the company.
Strategies are the operational approaches by which management intend to meet the
defined objectives. For example, an objective could be to maximize market share, and the
strategy to achieve this could be to launch a new brand or product every year. Business
risks are factors which could stop the company achieving its stated objectives, for
example, launching a product for which there is limited demand. Most business risks will
eventually have financial consequences, and thus an effect on the financial statements.
This is why auditors perform a business risk assessment as part of their planning
procedures.
4) Measurement and review of the entity’s financial performance: Here the auditor is
looking to gain an understanding of the performance measures which management and
others consider to be of importance. Performance measures can create pressure on
management to take action to improve the financial statements through deliberate
misstatement. For example, a bonus payable to the management based on revenue growth
could create pressure for revenue to be overstated. Thus the auditor must gain an
understanding of the company’s financial and non-financial key performance indicators
targets, budgets and segmental information.

10
2. Understand controls
The auditor must gain knowledge of internal control in order to consider how different
aspects of internal control could impact on the audit. Internal control includes the control
environment, the entity’s risk assessment procedures, information systems, control activities,
and the monitoring of controls. Put simply, the evaluation of the strength or weakness of
internal control is a crucial consideration in the assessment of audit risk, and so will have a
significant impact on the audit strategy. The design and implementation of controls should
be considered as part of gaining an understanding. The auditor should also understand
whether controls are manual or automated

Procedures used to gain understanding:

 Inquiries of management and others within the company
 Analytical procedures
 Observation
 Inspection
 Information Obtained in Prior Periods

11