Holding a belief that a potential conflict of interests always exists causes auditors to perform procedures to search for errors or irregularities that would have a material effect on fi
Trang 1A RISK-BASED AUDIT APPROACH
I Review Questions
1 Holding a belief that a potential conflict of interests always exists causes auditors to perform procedures to search for errors or irregularities that would have a material effect on financial statements This tends to make audits more extensive for the auditor and more expensive for the client The situation is not
a desirable one in the vast majority of audits where no errors or irregularities exist
2 Errors and irregularities: Auditors are required to plan the audit to detect errors
and irregularities that would have a material effect on the financial statements
Clients’ illegal acts: Auditors are not required to search for illegal acts, but they
are warned to be alert to any that might be detected in the ordinary course of an audit
3 Seven major assertions in financial statements:
a Existence assertion:
The practical objective is to establish with evidence that assets, liabilities and equities actually exist and that sales and expense transactions actually occurred Cut-off can be considered an aspect of the existence assertion
b Occurrence assertion:
The practical objective is to establish with evidence that recorded transactions or events that occurred during a given accounting period pertained to the entity
c Completeness assertion:
The practical objective is to establish with evidence that all transactions of the period are in the financial statements and all transactions that properly belong in the preceding or following accounting periods are excluded
Another term for these aspects of completeness is cut-off.
Completeness also refers to proper inclusion in financial statements of all
assets, liabilities, revenue, expense, and related disclosures
Trang 2d Rights and Obligations assertion:
The practical objectives related to rights and obligations are to establish
with evidence that assets are owned (or rights such as capitalized leases are shown) and liabilities are owed.
e Measurement assertion:
The practical objective is to establish with evidence that a transaction or event is recorded at the proper amount and revenue or expense is allocated
to the proper period
f Valuation assertion:
The practical objective is to establish with evidence that proper values have been assigned to things (assets, liabilities, equities and related disclosures) and events (revenues, expenses and related disclosures) Auditing Standards refer to the practical objective of obtaining evidence about
“valuations” achieved by cost allocations such as depreciation and inventory costing methods
g Presentation and Disclosure assertion:
The practical objective is to establish with evidence that accounting principles used by management are appropriate in the circumstances and are applied properly, and that disclosures contain all information required by generally accepted accounting principles
4 Benefits of preliminary assessment of materiality:
Fine-tune the audit for effectiveness and efficiency
Help auditors avoid surprises related to:
Finding out too late about not auditing enough.
Finding out later about auditing too much.
Is P500,000 material? Maybe
Absolute size If you think so, it’s material just because it’s a large
number
Relative size.
No If P500,000 is less than 5% of a relevant base
Maybe If P500,000 is between 5% and 10% of a relevant base Yes If P500,000 is 10% or more of a relevant base
Nature of the item Yes, P500,000 is material if it arises from an illegal
act
5 Yes, auditors have credited discovery of errors and irregularities to analytical
review procedures in 27.1% of the cases in a set of audits, and another 18.5% discovery rate was attributed to “prior expectations” and “discussions.”
Trang 36 In assessing inherent risk and control risk, the auditor must consider the types of
errors or irregularities that might occur and their impact on the financial statements (materiality.) In evaluating materiality, the auditor should consider the impact of errors and irregularities both individually and in the aggregate Auditing Standards require that the auditor design the audit to provide reasonable assurance of detecting errors and irregularities that are material to the financial statements Auditing Standards require that audit risk and materiality
be considered both in planning the audit and in evaluating audit results
Control risk and inherent risk are also directly related to the setting of materiality thresholds If, for example, application of analytical procedures (inherent risk analysis) leads the auditor to suspect earnings inflation, individual item materiality thresholds should be reduced accordingly (i.e., either the materiality percentage or the amount of unaudited income should be decreased.) Similarly, if control risk analysis leads the auditor to suspect numerous errors, aggregate materiality thresholds need to be lowered accordingly
7 An auditor’s reaction to an immaterial error may differ from his or her reaction
to an immaterial irregularity Auditors generally accumulate the amount of individual immaterial errors to be sure that the aggregate of all errors is not material In addition, the auditor is concerned about whether an error came from
a misunderstanding or other cause that would have resulted in yet more errors during the period An auditor is expected to report all irregularities to the audit committee or the board of directors and senior management
8 Refer to pages 436 to 437 of the textbook
9 Refer to pages 440 to 441 of the textbook
10 Refer to page 430 of the textbook
11 Inventory is included in the acquisitions and payments, payroll and personnel (for manufacturing concerns), and production and warehousing cycles
12 Tolerable misstatement is the amount of materiality allocated to an account or
class of transactions Tolerable misstatement is a portion of planning materiality allocated to the audit of an account or class of transactions and is directly related
to materiality
13 The factors that should be considered are the peso amount of the account, the likelihood of error, and the cost of auditing the account
14 In evaluating audit risk for an engagement, auditing standards indicate that an auditor should consider (1) management characteristics, (2) operating and industry characteristics, and (3) engagement characteristics
Trang 415 Use the model AR = IR x CR x DR to solve for different values of Audit Risk (AR) when internal control risk (CR) is given different values In all cases IR = 0.90 and DR = 0.10, therefore, AR = 0.90 x CR x 0.10
16 a Risk of Assessing Control Risk Too Low or Overreliance is a matter of
judgment about the importance (“key”) characteristic of a particular client control procedure An auditor can take more risk of assessing control risk too low on unimportant controls than on important (“key”) ones Alternatively, the risk of assessing control risk too low can be considered a constant (say, 0.05) and the importance of a control can be measured in terms of a smaller or larger tolerable rate (The authors prefer the latter approach.)
b Risk of Assessing Control Risk Too High or Underreliance is a matter of
judgment about the efficiency of an audit engagement The risk can be quite high when the audit team is willing to do extensive substantive work anyway If the work budget is tight, auditors need to find objective ways (e.g., larger test of controls audit samples) to mitigate the risk
c Tolerable Deviation Rate is a judgment about how many control deviations
can exist in the population, yet the control can still be considered effective Auditors need to be careful about brushing aside findings of deviations
d Expected Deviation Rate in the Population is an estimate, usually based on
assumptions or sketchy information, of the imbedded incidence of control deviations The only use of this estimate in classical attribute sampling is to figure a sample size in advance The statistical evaluation (CUL calculation) does not use it
e Population Definition might be called a judgment about identification of the
population of control performances that correspond to an audit objective For example, an auditor would want to be sure he is sampling from a file of recorded documents if his objective is to audit the controls over transaction
validity.
17 Assessing the control risk too low causes auditors to assign less control risk (CR) in planning procedures than proper evaluation would cause them to assign The result could be (1) inadvertently conducting less audit work than properly
Trang 5necessary and taking more audit risk (AR) than originally contemplated, perhaps
to the unpleasant results of failing to detect material misstatements (damaging the effectiveness of the audit) or (2) discovering in the course of the audit work that control is not as good as first believed, causing an increase in the audit work, perhaps at a time when doing so is very costly (damaging the efficiency of the audit)
18 The important consideration involved in judging an acceptable risk of assessing control risk too high is the efficiency of the audit Assessing control risk too
high causes auditors to think they need to perform a level of substantive work
which is greater than a proper evaluation of control would suggest Assessing control risk too high leads to overauditing.
Some auditors may be willing to accept high risks of assessing the control risk too high because they intend to overaudit anyway, and the audit budget can support the work
Other auditors want to minimize their work (within acceptable professional bounds of audit risk) and thus want to minimize the risk (probability) of overauditing by mistake
Technically, the risk of assessing control risk too high in relation to an attribute sample is the probability of finding in the sample (n) one deviation more than the “acceptable number” for the sampling plan For example, if the plan called for a sample of 100 units and a tolerable rate of 3 percent at a 0.10 risk of assessing control risk too low, the “acceptable number” is zero deviations The probability of finding 1 or more deviations when the population rate is actually 2 percent is:
Probability (x > 0 : n = 100, r = 0.02) = 1 – (1 – r) n
= 1 – (1 – 0.02) 100
= 0.867 or 86.7 percent
19 All the elements of the risk model are products of auditors’ professional judgments Auditors must judge:
Inherent risk – the probability that material errors or irregularities have entered
the accounting system used to develop financial statements
Internal control risk – the probability that client’s system of internal control
policies and procedures will fail to detect material errors and irregularities, provided any enter the data accounting system in the first place
Analytical procedures risk – the probability that auditors’ analytical procedures
will fail to produce evidence of material errors and irregularities, provided any have entered the accounting system in the first place and have not been detected and corrected by the client’s internal control procedures
Trang 6Audit risk – the probability that auditors will not discover by any means errors
and irregularities that cause an account balance to be materially misstated Test of detail risk appears at first glance to be the product of a formula and not a professional judgment However, everything in the risk model is a judgment, so the test of detail derived from the model is no less a judgment
20 An incorrect acceptance decision directly impairs the effectiveness of an audit.
Auditors wrap up the work and the material misstatement appears in the financial statements
An incorrect rejection decision impairs the efficiency of an audit Further
investigation of the cause and amount of misstatement provides a chance to reverse the initial decision error
21 Detection risk is the component of audit risk that is controllable by the auditor
It may be raised or lowered by reducing or increasing the amount of substantive audit testing It is determined by the auditor’s assessment of inherent risk and control risk
22 The auditor deals with both inherent risk and control risk during the planning phase of the audit Inquiry of client personnel, study of the business and industry, application of analytical procedures, and documentation of the auditor’s initial understanding of internal control are all performed during the planning phase of the audit Further study of internal control procedures may occur after the planning phase if the auditor wishes to further reduce the assessed level of control risk, and considers it economically feasible to do so
23 An auditor would assess control risk to be at maximum when (1) effective controls for the assertion have either not been designed or not put in place, or (2) when the auditor believes performing substantive tests of the assertion is more cost effective When an auditor assesses control risk to be below the maximum, the auditor should believe that effective controls are present to prevent or detect misstatements in the financial statement assertions
24 When the auditor assesses control risk at a level lower than maximum, the auditor may generally perform fewer substantive tests
25 The audit risk model is useful in managing audit risk for assertions By determining planned audit risk for an assertion, assessing inherent and control
risks, an auditor can determine the allowable detection risk (the amount of
detection risk an auditor can allow) for an assertion Allowable detection risk is used to determine the nature, timing, and extent of audit procedures for the assertion
Trang 726 Detection risk exists because auditors (1) may use an inappropriate audit procedure, (2) may misapply an audit procedure, (3) may misinterpret the findings, or (4) do not examine 100 percent of an account balance or transaction class
27 The amount of audit evidence an auditor must gather varies inversely with allowable detection risk As allowable detection risk decreases, the amount of evidence required increases, and vice versa Chapter 12 introduces audit procedures and discusses how auditors modify audit procedures to obtain sufficient competent evidential matter by changing (1) the nature, (2) the timing,
or (3) the extent of procedures
28 The audit risk model is
Audit risk (AR) = Inherent risk (IR) x Control risk (CR) x Detection risk (DR)
29 Risks identified at the financial statement level may have a substantial impact on the assessment of inherent risk for specific assertions For example, concern about management integrity, identified as a risk at the financial statement level, would cause an auditor to assess a higher level of inherent risk for existence of sales
II Multiple Choice Questions
III Comprehensive Cases
Case 1 a Antonio’s activity is an irregularity (intentional distortion of financial
statements) rather than error (unintentional mistake) It is also an illegal act
on Antonio’s individual part
b The problem does not describe the kind of related party transactions discussed in PSA 550
Trang 8c Yes, a weakness in internal control exists It may be considered a material weakness because the compensating control (internal auditors’ work on slow-moving inventory) did not operate in a timely enough manner to detect the irregularity before it had gotten large
If a material weakness in internal control exists, Brava & Campos are obligated to report it to management and/or the board of directors
d The problem description indicates that this element of the audit was
conducted in a negligent manner There’s nothing wrong about auditing a sample of the transactions, but Campos’ follow-up and explanation of the missing receiving reports leaves much to be desired At the very least he could have reviewed the reports produced by Antonio at a later date, and he could have traced the purchases to the inventory records and perhaps noticed an over-stocking condition The auditors had some evidence that an irregularity might exist, but they failed to apply extended audit procedures properly
Case 2 a Yes Nicolas was a party to the issuance of false financial statements and as
such is a joint tortfeasor The elements necessary to establish an action for common law fraud are present There was a material misstatement of fact, knowledge of falsity (scienter), intent that the plaintiff bank rely on the false statement, actual reliance and damage to the bank as a result thereof If action is based upon fraud there is no requirement that the bank establish privity of contract with the CPA Moreover, if the action by the bank is based upon ordinary negligence, which does not require a showing of scienter, the bank may recover as a third-party beneficiary (an exception to the strict privity requirement) Thus, the bank will be able to recover its loss from Nicolas under either theory
b No The lessor was a party to the secret agreement As such, the lessor cannot claim reliance on the financial statements and cannot recover uncollected rents Even if he was damaged indirectly, his own fraudulent actions led to his loss, and the equitable principle of “unclean hands” precludes him from obtaining relief
c Nicolas was not independent His report is improper and he is probably subject to disciplinary action by the professional organization or regulatory body According to the ethics interpretation on actual or threatened litigation:
“An expressed intention by the present management to commence litigation against the auditor alleging deficiencies in audit work for the client is considered to impair independence if the auditor concludes that there is a strong possibility that such a claim will be filed.”
Trang 9Case 3.
Case 4 1 a Sales and collections cycle
b Presentation and disclosure
2 a Production and warehousing
b Valuation
3 a Acquisitions and payments
b Existence
4 a Investing and financing
b Existence
5 a Acquisitions and payments
b Existence
6 a Investing and financing
b Valuation
7 a Investing and financing
b Rights and obligations
Case 5 a Audit Risk = Inherent Risk x Control Risk x Detection Risk
Detection Risk = Audit Risk / (Inherent Risk x Control Risk)
Detection Risk = 3% / (100% x 50%)
Detection Risk = 6%
b Detection Risk = Audit Risk / (Inherent Risk x Control Risk)
Detection Risk = 5% / (100% x 50%)
Detection Risk = 10 %
Case 6 (1) Adjustment is not necessary for two reasons:
(a) The amount involved is not material
(b) The present classification is an acceptable one
(2) Reclassification of the credit balances is not warranted because the amounts are not material
(3) Making direct entries in the general ledger without use of journals is not an
Trang 10acceptable practice It prevents proper authorization, is conducive to errors, and may be used to conceal fraud Journal entries should be developed by the client for the transactions in question regardless of the amounts involved
(4) Credit memoranda should be controlled by serial numbers and should bear the approval signature of an executive in all cases Any violation of these rules is a virtual invitation to the concealment of irregular transactions The client should be so advised in the report on internal control
(5) Explanations should be required for all general journal entries A transaction regarded as usual by one employee might be considered as unusual by another, and the practice now in effect will surely lead to journal entries not readily understandable The client should be so advised
(6) Missing posting references should be determined and inserted in the ledger
by the client’s employees
(7) No adjustment is required because the amount is not material Even if the amount were material, no adjustment would be required for the purpose of calendar year financial statements
(8) This insignificant shortage should be called to the attention of the petty cash custodian and any paper work thereby avoided; the amount involved does not warrant any action by the auditors
(9) An adjusting entry should be proposed as follows:
Advertising Expense 3,000 Miscellaneous Expense 3,000
To correct erroneous classification for expenditures for advertising
(10) An adjusting entry is probably warranted in the case although the amount is relatively small As a means of assuring that all notes payable outstanding are reflected in the accounts, it is helpful to compute each period’s interest expense exactly and to reconcile this amount with the notes shown as outstanding
Prepaid Interest 1,000 Interest Expense 1,000
To defer interest expense applicable to the succeeding period (P12,000 x 10/120.)
Case 7 The purposes of obtaining the representation letter are to have management
acknowledge their primary responsibility for the financial statements, and to get