Lecture Auditing and assurance services (Second international edition) Chapter 3 Risk assessment and materiality

Chapter 3 Risk assessment and materiality. In this chapter you will understand the auditors requirements for client acceptance and continuance, understand the steps that are involved in the preliminary engagement activities, know what is required to establish an understanding with the client, know the types of information that are included in an engagement letter,...

Risk Assessment

and Materiality

Chapter Three

Audit Risk

The risk that an auditor expresses

an inappropriate audit opinion when

the financial statements are

materially misstated.

The risk that an auditor expresses

an inappropriate audit opinion when

the financial statements are

materially misstated.

Financial statement

level

Individual accountbalance or class

of transactions level

Auditor’s Business Risk

An auditor’s exposure

to financial loss and

damage to professional reputation.

Client and thirdparty lawsuits

Negativepublicity

The Audit Risk Model

Detection risk:

Risk that auditor will not detect misstatements

• Inappropriate audit procedure

• Fail to detect when using appropriate audit procedure

• Misinterpreting audit result s

The Audit Risk Model

Audit Risk = IR × CR × DR

Inherent risk and control risk:

Risk that material misstatements exist

Non-sampling

risk

Sampling risk

Detection risk:

Risk that auditor will not detect misstatements

• Inappropriate audit procedure

• Fail to detect when using appropriate audit procedure

• Misinterpreting audit results

Using the Audit Risk Model

 Set a planned level of audit risk such that an opinion can be issued on the financial statements.

 Assess risk of material misstatements.

 Use the audit risk equation to solve for the appropriate level of detection risk:

 Set a planned level of audit risk such that an opinion can be issued on the financial statements.

 Assess risk of material misstatements.

 Use the audit risk equation to solve for the appropriate level of detection risk:

AR = MRR × DR

DR = MRR AR

Auditors use this level of detection risk to design audit procedures that will reduce audit risk to an acceptable level.

Using the Audit Risk Model

 Set a planned level of audit risk such that an opinion can be issued on the financial statements.

 Assess inherent risk and control risk.

 Use the audit risk equation to solve for the appropriate level of detection risk:

 Set a planned level of audit risk such that an opinion can be issued on the financial statements.

 Assess inherent risk and control risk.

 Use the audit risk equation to solve for the appropriate level of detection risk:

AR = IR × CR × DR

DR = IR AR × CR

Auditors use this level of detection risk to design audit procedures that will reduce audit risk to an acceptable level.

Using the Audit Risk Model

Using the Audit Risk Model

Qualitative terms may also be used in the audit risk model

Qualitative terms may also be used in the audit risk model

1 Very low High Low

2 Low Moderate Moderate

3 Very low Low High

1 Very low High Low

2 Low Moderate Moderate

3 Very low Low High

Using the Audit Risk Model

Qualitative terms may also be used in the audit risk model

Qualitative terms may also be used in the audit risk model

Limitations of the Audit Risk Model

Preliminary Assessment Level of Risk

Actual

or Achieved Level of Risk

+ / –

The audit risk model is a planning tool, but it has some limitations that must be considered when the model is used to revise an audit plan or to evaluate audit results

• The desired level of audit risk may not actually be achieved

• It does not consider potential auditor error.

• There is no way of knowing what the preliminary level of risk actually was.

The audit risk model is a planning tool, but it has some limitations that must be considered when the model is used to revise an audit plan or to evaluate audit results

• The desired level of audit risk may not actually be achieved

• It does not consider potential auditor error.

• There is no way of knowing what the preliminary level of risk actually was.

The Auditor’s Risk Assessment Process

Auditors need toidentify business risks andunderstand the potentialmisstatements that

may result

Business risksinclude any external orinternal factors, pressures, andforces that bear on the entity’s

ability to survive and

be profitable

The Auditor’s Risk Assessment Process

Understanding the Entity

and Its Environment

IndustryFactors

RegulatoryEnvironment the EntityNature of

InternalControl

Objectives and Strategies

BusinessRisks

FinancialPerformance Measures

Accounting policies

Understanding the Entity

and Its Environment

Understanding the Entity

and Its Environment

Auditor’s Risk Assessment Procedures (How do we gather this evidence?)

Inquiries of Managementand Others

AnalyticalProcedures

Observationand Inspection

A misstatement due to error or fraud

is a difference between the amount,

classification, or presentation of a reported financial statement element, account, or item and the amount, classification, or presentation

that would have

been reported under the applicable

financial reporting framework.

A misstatement due to error or fraud

is a difference between the amount, classification, or presentation of a reported financial statement element, account, or item and the amount, classification, or presentation that would have been reported under the applicable

financial reporting framework.

Assessing the Risk of Material Misstatement Due to Error or Fraud

Examples of misstatements include:

 An inaccuracy in gathering or processing data from which the financial statements are prepared

 An omission of an amount or disclosure

 An incorrect accounting estimate arising from overlooking or clear misinterpretation of facts

 Management’s selection and application of accounting policies that the auditor considers inappropriate or judgements concerning

accounting estimates that the auditor considers unreasonable, including related disclosures

Examples of misstatements include:

 An inaccuracy in gathering or processing data from which the financial statements are prepared

 An omission of an amount or disclosure

 An incorrect accounting estimate arising from overlooking or clear misinterpretation of facts

accounting policies that the auditor considers inappropriate or judgements concerning

accounting estimates that the auditor considers unreasonable, including related disclosures

Assessing the Risk of Material Misstatement Due to Error or Fraud

Assessing the Risk of Material Misstatement Due to Error or Fraud

Errors are unintentional misstatements:

Mistakes in gathering or processing financial data used to prepare financial statements

Unreasonable accounting estimates arising from oversight or misinterpretation of facts

Mistakes in the application of accounting policies relating to amount, classification, manner of presentation, or disclosure

Errors are unintentional misstatements:

Mistakes in gathering or processing financial data used to prepare financial statements

from oversight or misinterpretation of facts

Mistakes in the application of accounting policies relating to amount, classification, manner of presentation, or disclosure

Assessing the Risk of Material Misstatement Due to Error or Fraud

Fraudulentfinancial reporting Misappropriationof assets

Misappropriation

of assets

Assessing the Risk of Material Misstatement Due to Error or Fraud

Fraudulent financial reporting includes acts

such as the following:

Manipulation, falsification, or alteration of accounting records or supporting documents used to prepare financial statements

Misrepresentation in, or intentional omission from, the financial statements of events,

transactions, or significant information

Intentional misapplication of accounting policies relating to amount, classification, manner of

Misrepresentation in, or intentional omission from, the financial statements of events,

transactions, or significant information

Intentional misapplication of accounting policies relating to amount, classification, manner of

presentation, or disclosure

Misappropriation of assets involves the theft

of an entity’s assets to the extent that financial statements are misstated

Examples include:

Misappropriation of assets involves the theft

of an entity’s assets to the extent that financial statements are misstated

Examples include:

Assessing the Risk of Material Misstatement Due to Error or Fraud

Stealing assets

Embezzlingcash received

Paying forgoods and services

not received

Assessing the Risk of Material

Misstatement Due to Error or Fraud

Categorisation in evaluating misstatements identified during the audit (ISA 450):

• Factual misstatements are misstatements about which

there is no doubt.

• Judgemental misstatements are differences arising from

the selection or application of accounting policies that the

auditor considers inappropriate, or the judgements of

management concerning accounting estimates that the

auditor considers unreasonable.

• Projected misstatements are the auditor’s best estimate

of misstatements in populations, involving the projection of

misstatements identified in audit samples to the entire populations from which the samples were drawn.

Categorisation in evaluating misstatements identified during the audit (ISA 450):

• Factual misstatements are misstatements about which there is no doubt.

• Judgemental misstatements are differences arising from the selection or application of accounting policies that the auditor considers inappropriate, or the judgements of

management concerning accounting estimates that the auditor considers unreasonable.

• Projected misstatements are the auditor’s best estimate

of misstatements in populations, involving the projection of misstatements identified in audit samples to the entire

populations from which the samples were drawn.

The Fraud Risk Identification Process

Sources of information

Discussionamong theaudit team

Discussionamong theaudit team

Inquiries ofmanagementand others

Inquiries ofmanagementand others

Fraudrisk factors

Fraudrisk factors

Analyticalprocedures

Analyticalprocedures

Other relevant

Other relevant information

Three conditions usually exist when fraud occurs.

Three conditions usually exist when fraud occurs.

Incentive orpressure toperpetrate fraud

Incentive orpressure toperpetrate fraud

Opportunity

to carry out the fraud

Opportunity

to carry out the fraud

Attitude orrationalisation

to justify fraud

Attitude orrationalisation

to justify fraud

Assessing the Risk of Material Misstatement

Due to Error or Fraud (Fraud Triangle)

Excessive pressurefor management tomeet third partyexpectations

Fraudulent Financial Reporting

Risk Factors Relating to Incentive/Pressure

include:

Assessing the Risk of Material Misstatement Due to Error or Fraud (See Table 3-4)

Ineffectivemonitoring ofmanagement

Ineffectivemonitoring ofmanagement

Nature

of theindustry

Nature

of theindustry

Deficientinternalcontrol

Deficientinternalcontrol

Complex

or unstableorganisationalstructure

Complex

or unstableorganisationalstructure

Fraudulent Financial Reporting

Risk Factors Relating to Opportunities

include:

Assessing the Risk of Material Misstatement

Due to Error or Fraud (See Table 3-5)

Risk Factors Relating to Attitudes / Rationalisations (See Table 3-6)

Poor communicationchannels for reportinginappropriate behaviour

Poor communicationchannels for reportinginappropriate behaviour

Weak ethicalstandards formanagement

Weak ethicalstandards formanagement

Committing to aggressive orunrealistic forecasts

Committing to aggressive orunrealistic forecasts

Use ofinappropriate accountingbased on materiality

Use ofinappropriate accountingbased on materiality

Fraudulent Financial Reporting

Risk Factors Relating to

Attitudes/Rationalisations include:

to assets

Inadequate separation

of duties

No mandatory vacation policy

Personal financial pressures

Adverse employee management

relationships

Small, valuable inventory items

Sudden changes in

Lack of inventory control

Assessing the Risk of Material

Misstatement Due to Error or Fraud

Misappropriation of Assets

Risk Factors for Misappropriation of Assets

include:

Employee disregard

Auditor’s Response to the Risk

Assessment

Fraud risk factors

Highly complex transactions

Significant transactions with related parties

Significant accounting estimates

Non-routine or unsystematically processed transactions

Industry specific issues

Application of new accounting

Revenue recognition

Auditor’s Response to the Risk Assessment

Significant risks require special audit

considerations

Significant transactions outside the

© The McGraw-Hill Companies 2010

McGraw-Hill/Irwin

Evaluation of Audit Test Results

At the completion of the audit, the auditor should consider:

1 The effect of the identified misstatements on the audit

2 Whether the uncorrected misstatements cause the financial statements to be materially misstated.

T H E N

…

1 If the uncorrected misstatements are immaterial and the relevant qualitative aspects of the entity’s accounting practices and financial statements presentation do not imply otherwise, the auditor can issue an unmodified opinion.

At the completion of the audit, the auditor should consider:

1 The effect of the identified misstatements on the audit

2 Whether the uncorrected misstatements cause the financial statements to be materially misstated.

T H E N

…

1 If the uncorrected misstatements are immaterial and the relevant qualitative aspects of the entity’s accounting practices and financial statements presentation do not imply otherwise, the auditor can issue an unmodified opinion.

Evaluation of Audit Test Results

If the auditor determines that the misstatement is or may be the result of fraud, and has determined that the effect could be material, the auditor should:

 Attempt to obtain audit evidence to determine whether, in fact, material fraud has occurred and, if so, its effect.

 Consider the implications for other aspects of the audit.

 Discuss the matter and the approach to further investigation with an appropriate level of management that is at least one level above those involved in

committing the fraud and with senior management.

 If appropriate, suggest that the client consult with legal counsel.

 Consider withdrawing from the engagement.

If the auditor determines that the misstatement is or may be the result of fraud, and has determined that the effect could be material, the auditor should:

 Attempt to obtain audit evidence to determine whether, in fact, material fraud has occurred and, if so, its effect.

 Consider the implications for other aspects of the audit.

 Discuss the matter and the approach to further investigation with an appropriate level of management that is at least one level above those involved in

committing the fraud and with senior management.

 If appropriate, suggest that the client consult with legal counsel.

 Consider withdrawing from the engagement.

Documentation of the Auditor’s Risk

Assessment and Response

The auditor should document:

 Discussions among engagement personnel

 Procedures performed to identify and assess the risks of material misstatement due to fraud

 Risks of identified material misstatement due to fraud and

a description of the auditor’s response to the risks.

 Fraud risks or other conditions that result in additional audit procedures

 The nature of the communications about fraud made to management, those charged with governance, and

others

 The basis for the auditor’s conclusions about the reasonableness of accounting estimates that give rise to significant risks.

The auditor should document:

 Discussions among engagement personnel

 Procedures performed to identify and assess the risks of material misstatement due to fraud

 Risks of identified material misstatement due to fraud and

a description of the auditor’s response to the risks.

 Fraud risks or other conditions that result in additional audit procedures

 The nature of the communications about fraud made to management, those charged with governance, and

others

 The basis for the auditor’s conclusions about the reasonableness of accounting estimates that give rise to significant risks.