Chapter 4

Name three types of misstatements

1. Factual Misstatements 2. Judgmental Misstatements 3. Projected Misstatements

As lower acceptable levels of both audit risk and materiality are established, the auditor should plan more work on individual accounts to

Find smaller errors.

When is a duty to disclose fraud to parties other than the entity's senior management and its audit committee most likely to exist?

In response to inquiries from a successor auditor.

Risk of material misstatement refers to a combination of which two components of the audit risk model?

Inherent risk and control risk.

Which of the following characteristics most likely would heighten an auditor's con- cern about the risk of intentional manipulation of financial statements? a. Turnover of senior accounting personnel is low. b. Insiders recently purchased additional shares of the entity's stock. c. Management places substantial emphasis on meeting earnings projections. d. The rate of change in the entity's industry is slow.

c. Management places *substantial emphasis on meeting earnings projections*.

The *existence of audit risk* is recognized by the statement in the auditor's standard report that the auditor

"Obtains reasonable assurance about whether the financial statements are free of material misstatement."

Audit Risk

*Audit risk* is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.

Based only on the information provided, indicate the effect on acceptable audit risk compared to a typical private company audit: Budd Co., a private company, has approached your audit firm to bid on their annual audit. During discussions with the CFO, you learn that the company is filing for bankruptcy.

*Bankruptcy increases the auditor's reputation and litigation risk* and would, therefore, *reduce acceptable audit risk relative to a private company audit.*

Engagement Risk

*Engagement risk* is the risk that the auditor is exposed to financial loss or damage to his or her professional reputation from litigation, adverse publicity, or other events arising in connection with financial statements audited and reported on.

Based only on the information provided, indicate the effect on acceptable audit risk compared to a typical private company audit: Stephens Inc., a private company, has recently installed a new accounting information system.

*Significant changes to accounting information systems would typically increase control risk*, but would have *no effect on the acceptable audit risk relative to a private company audit.*

In developing an understanding of the entity and its environment, the auditor can *obtain information from numerous sources*, such as knowledge from prior audits and discussions with management. List five additional potential sources (internal or external) of information about the entity and its environment.

-*Cumulative knowledge* and experience obtained from *prior audits*. -*Procedures* performed in *client acceptance* and continuance process. -*Knowledge obtained* from performing interim procedures. -Consulting, tax, or other *engagements performed for the entity.* -*Published annual reports* and interim reports to shareholders, if applicable. -*Discussions with management*. -*Minutes* of board of directors and/or audit committee *meetings*. -*Entity's business/strategic plans*, budgets, or other documentation. -*Reports prepared by analysts*, banks, underwriters, rating agencies, and the like. -*Individuals knowledgeable about the industry*, such as the engagement team members for clients in a similar business/industry. -*Audit firm-generated industry guidance*, databases, and practice aids, where applicable. -*Government statistics*. -Economic and *financial journals*. -Industry or *trade journals*. -*Client press releases*, publications, and brochures. -*Internal audit reports*.

Explain how the components of audit risk (e.g. inherent risk, control risk, and detection risk) are interrelated.

-*Inherent risk and control risk* differ from detection risk in that *they exist independently of the audit of financial statements*, whereas *detection risk relates to the auditor's procedures and can be changed at the auditor's discretion.* -Detection risk has an inverse relationship to inherent and control risk.

How do inherent risk and control risk differ from detection risk?

-*Inherent risk* and *control risk* differ from *detection risk* in that inherent risk and control risk exist *independent of the audit*; that is, the *levels of inherent risk and control risk are functions of the client and its environment.* -*The auditor has little control over these risks.* -The auditor can control detection risk through the scope (nature, timing, and extent) of the audit procedures performed. -Thus, *detection risk has an inverse relationship with inherent risk and control risk.*

Describe the components of audit risk (e.g., inherent risk, control risk, and detection risk).

-*Inherent risk* is the *susceptibility of an assertion in an account or disclosure to a misstatement* due to error or fraud that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls. -*Control risk* is the risk that *a misstatement that could occur in an assertion about an account or disclosure* and that could be material, either individually or when aggregated with other misstatements, *will not be prevented, or detected and corrected,* on a timely basis by the entity's internal control. -*Detection risk* is the risk that the *procedures performed by the auditor will not detect a misstatement that could be material*, either individually or when aggregated with other misstatements.

Describe how the following industry condition can result in business risks: The cyclical or seasonal activity in the entity's industry.

-An *industry that is cyclical or seasonal* can affect the *demand for the entity's product and the size of its workforce.* -It can also cause *problems with purchasing raw materials* or product components. -For example, EarthWear's sales are much higher during the Christmas holiday season than the rest of the year. -If EarthWear *misestimates the demand for certain types of products* or fails to provide products that are in high demand, *revenues will decline*. -In addition, the *company may find itself with obsolete or slow moving products*. -EarthWear also has to *significantly increase its workforce for the holiday season* by employing part-time workers.

Marv Jackal, CPA, determines that a number of risks of material misstatement are pervasive to the overall financial statements. How should Jackal respond to such pervasive risks?

-If Jackal determines that a number of the risks of material misstatements are pervasive to the overall financial statement, *he should reconsider the overall audit approach* and respond to such pervasive risks by: 1. *Assign more experienced personnel* or those with specialized knowledge to assess the risks of material misstatement due to fraud; 2. *Evaluate whether the selection and application of accounting policies by the entity*, particularly those related to subjective measurements and complex transactions, *may be indicative of fraudulent financial reporting* resulting from management's effort to manage earnings, or a bias that may create a material misstatement; and 3. *Incorporate an element of unpredictability* in the selection of the nature, timing, and extent of audit procedures.

Distinguish between errors and fraud.

-Misstatements can result from errors or fraud. -The term *errors* refers to *unintentional* misstatements of amounts or disclosures in financial statements. -The term *fraud* refers to an *intentional* act by one or more among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. -Thus, the primary distinction between errors and fraud is *whether the misstatement was intentional or unintentional*. (It is often difficult to determine intent) -For example, if the auditor detects a misstatement in an account that requires an estimate, such as bad debt expense, *it may be difficult to determine whether the misstatement was intentional.*

Distinguish between sampling risk and professional judgment errors (nonsampling) risk.

-Sampling risk refers to the fact that, in many instances, *the auditor does not examine 100 percent of the class of transactions or account balance.* -Since only a subset of the population is examined, it is possible that the sample drawn is not representative of the population and a wrong conclusion may be made on the fairness of the account balance. -Professional judgment errors *(nonsampling risk)* occur because an auditor may use an inappropriate audit procedure, fail to detect a misstatement when applying an appropriate audit procedure, or misinterpret an audit result.

What are some limitations of the audit risk model?

-Standard setters developed the audit risk model as a *planning and evaluation tool.* -Therefore, *the model is only as good as the judgments and assessments used as inputs.* -First, since the auditor assesses inherent risk and control risk (*RMM*), such *assessments may be higher or lower than the actual inherent risk and control risk* that exist for the client. -Second, the audit risk model *does not consider the possibility of judgment or nonsampling risk* (auditor error in assessing risk, choosing audit procedures, and evaluating results).

Describe how the following industry condition can result in business risks: The supply availability and cost of the entity's raw materials and components.

-The *availability of raw materials* or product components and their price can *significantly affect an entity*. -If an entity is *unable to obtain raw materials* or their price has increased significantly, *revenues are likely to decrease* because *products are not available for sale* or the *higher price can lead to lower demand*. -One can see these effects in *entities that buy and sell commodities* (e.g., oil, precious metals, agricultural products).

Explain how risk of material misstatement should be assessed and what effect that assessment will have on detection risk: The First National Bank of Pond City has been your *client for the past two years*. During that period you have had *numerous arguments with the president and the controller* over a number of accounting issues. The major issue has related to the *bank's reserve for loan losses and the value of collateral*. Your prior audits have indicated that a *significant adjustment is required each year to the loan loss reserves*.

-The *risk of material misstatement should be increased* for the First National Bank of Pond City for the following reasons. -First, the *audit firm has been the bank's auditors for only two years*. -Second, there have been *contentious accounting issues related to loan loss reserves* and the value of collateral. -Third, *prior audits have indicated the presence of misstatements in the loan loss reserve*. -Based on these risk factors, *detection risk should be set lower* and *increased substantive tests performed.*

Describe how the following industry condition can result in business risks: The speed of technology change related to the entity's products.

-The *speed of technological change* in an industry can result in an entity *holding products that are not competitive*. -This can result in *reduced revenues and over-valued inventory.*

Describe how the following industry condition can result in business risks: The entity's market characteristics (e.g., demand, capacity, etc.) and competition.

-The entity's *market conditions and competition* can be *significant sources of business risks*. -For example, *decreasing demand for the entity's products can affect revenues and the value of inventory.* -Competition in an industry has a similar affect on prices, and therefore revenues.

Explain how risk of material misstatement should be assessed and what effect that assessment will have on detection risk: MaxiWrite Corporation is one of several companies engaged in the *manufacture of high-speed, high-capacity data storage devices*. The *industry is very competitive* and subject to *quick changes in technology*. MaxiWrite's operating results would place the company in the *second quartile in terms of profitability and financial position*. The company has *never been the leader in the industry*, with its *products typically slightly behind the industry* leader's in terms of performance.

-The factors affecting the assessment of the risk of material misstatement for MaxiWrite Corporation all *relate to industry characteristics*. -First, the *industry is very competitive*, which can lead to *price-cutting* and its related effects on revenues. -Second, the *industry is affected by changes in technology*, and MaxiWrite is not one of the industry leaders in technology. -Its *products usually are not competitive with the industry leaders* in terms of performance. -Third, the company is *not as profitable or financially strong as the major companies in the industry.* -The industry factors result in an *increased assessment of the risk of material misstatement* for MaxiWrite Corporation, leading to a *lower determination of detection risk* and *more substantive tests.*

Why would a company institute a control policy that required *mandatory vacations*?

-There are numerous risk factors that can cause an individual to misappropriate assets, such as cash -By requiring that an individual take a vacation, *another individual will perform that person's duties* -If some type of misappropriation is taking place, *there is a strong probability that the misappropriation will be detected*. -*Such a policy is particularly helpful in a small business that does not have sufficient personnel* to provide total segregation of duties or where there is poor oversight by personnel responsible for the asset.

Factual Misstatments

-These are *misstatements about which there is no doubt*. -For example, an auditor may test a sales invoice and determine that the prices applied to the products ordered are incorrect. -Once the products are correctly priced, the amount of misstatement is known. -In such cases, the auditor knows the exact amount of the misstatement.

Judgmental Misstatements

-These are *misstatements that arise from the judgments of management* concerning accounting *estimates that the auditor considers unreasonable* or the selection or application of accounting policies that the auditor considers inappropriate.

Projected Misstatements

-These are *the auditor's best estimate of misstatements in populations*, involving the projection of misstatements identified in an audit sample to the entire population from which the sample was drawn

Explain how risk of material misstatement should be assessed and what effect that assessment will have on detection risk: Johnson, Inc., is a *fast-growing trucking company* operating in the southeastern part of the United States. The company is publicly held, but *Ivan Johnson and his sons control 55 percent of the stock*. Ivan Johnson is chairman of the board and CEO. He *personally makes all major decisions with little consultation* with the board of directors. *Most of the directors*, however, are either *members of the Johnson family* or long-standing friends. The board basically *rubberstamps Ivan Johnson's decisions.*

-Two factors are particularly important in assessing the risk of material misstatement for Johnson, Inc. -First, *one individual*, who also has majority control of the stock, *dominates the decision making in the company*. -This factor should lead to a *higher assessment for the risk of material misstatement* because there is *no review of important decisions* and *actions may be taken that are not in the best interest of the company* or its stockholders. -Second, Johnson, Inc. is expanding rapidly throughout the southeast. -*Such expansion may result in material misstatements since decision-making may become decentralized without adequate internal control*. -The increase in the risk of material misstatement due to these two factors will result in a *lower determination of detection risk* and an *increase in the scope of the auditor's work.*

Based only on the information provided, indicate the effect on acceptable audit risk compared to a typical private company audit: LVD is a pharmaceutical company that has three successful drugs. They have recently decided to make a public offering of their stock.

A *public offering would increase the auditor's exposure to third party litigation* and would, therefore, *reduce acceptable audit risk relative to a private company audit.*

What is the auditor's responsibility for detecting fraud?

An auditor is responsible for obtaining reasonable assurance that the financial statements as a whole are *free from material misstatements*, whether caused by error or fraud.

Calculate detection risk for each of the following hypothetical clients: Client 1: Audit Risk 5%, Risk of Material Misstatement 20% Client 2: Audit Risk 5%, Risk of Material Misstatement 50% Client 3: Audit Risk 10%, Risk of Material Misstatement 15% Client 4: Audit Risk 10%, Risk of Material Misstatement 40%

Client 1: (5%/20%) = 25% Client 2: (5%/50%) = 10% Client 3: (10%/15%) = 67% Client 4: (10%/40%) = 25%

Select the component of audit risk that is most directly illustrated. The components of audit risk may be used once, more than once, or not at all: A client fails to discover employee fraud on a timely basis because bank accounts are not reconciled monthly.

Control Risk

Select the component of audit risk that is most directly illustrated. The components of audit risk may be used once, more than once, or not at all: Disbursements have occurred without proper approval.

Control Risk

Select the component of audit risk that is most directly illustrated. The components of audit risk may be used once, more than once, or not at all: There is inadequate segregation of duties.

Control Risk

Select the component of audit risk that is most directly illustrated. The components of audit risk may be used once, more than once, or not at all: A necessary substantive audit procedure is omitted.

Detection Risk

Select the component of audit risk that is most directly illustrated. The components of audit risk may be used once, more than once, or not at all: Confirmation of receivables by an auditor fails to detect a material misstatement.

Detection Risk

Give three examples of error and fraud

Examples of misstatements due to errors or fraud include: -An *inaccuracy in gathering or processing data* from which financial statements are prepared. -An *omission of an amount* or disclosure. -A *financial statement disclosure that is not presented in accordance with GAAP.* -An *incorrect accounting estimate* arising from *overlooking or clear misinterpretation of facts.* -*Judgments of management* concerning accounting estimates that *the auditor considers unreasonable* or the selection or application of accounting policies that the auditor considers inappropriate (*can cause judgmental misstatements*)

Many entities are subject to regulations by state and federal regulatory bodies. For example, the Environmental Protection Agency has a mission of protecting human health and the environment. What *general business risks* would an entity face if it operated in the coal mining industry?

General Risks: -*Coal prices are subject to change* and a substantial or extended decline in prices could materially and adversely affect our profitability and the value of our coal reserves. -Our coal mining operations are subject to *operating risks that are beyond our control*, which could result in materially increased operating expenses and decreased production levels and could materially and adversely affect our profitability. -*Competition within the coal industry* could put downward pressure on coal prices and, as a result, materially and adversely affect our revenues and profitability. -*Decreases in demand for electricity* resulting from economic, weather changes, or other conditions could adversely affect coal prices and materially and adversely affect our results of operations. -The use of *alternative energy sources for power* generation could reduce coal consumption by U.S. electric power generators, which could result in lower prices for our coal. Declines in the prices at which we sell our coal could reduce our revenues and materially and adversely affect our business and results of operations. -*Disruptions in the quantities of coal produced* by our contract mine operators or purchased from other third parties could temporarily impair our ability to fill customer orders or increase our operating costs. -Our profitability depends upon the long-term coal supply agreements we have with our customers. *Changes in purchasing patterns in the coal industry* could make it difficult for us to extend our existing long-term coal supply agreements or to enter into new agreements in the future.

Distinguish between audit risk and engagement risk.

In simple terms, audit risk is the risk that an auditor will issue an unqualified opinion on materially misstated financial statements, while engagement risk relates to the auditor's exposure to financial loss and damage to his or her professional reputation.

In *understanding the entity and its environment*, the auditor gathers knowledge about which categories of information?

In understanding the entity and its environment, the auditor gathers knowledge about: (1) the *nature* of the entity; (2) industry, regulatory, and other *external factors*; (3) *objectives strategies, and business risks*; (4) entity *performance measures*; and (5) *internal control*

Select the component of audit risk that is most directly illustrated. The components of audit risk may be used once, more than once, or not at all: Cash is more susceptible to theft than an inventory of coal

Inherent Risk

Select the component of audit risk that is most directly illustrated. The components of audit risk may be used once, more than once, or not at all: Notes receivable are susceptible to material misstatement, assuming there are no related internal controls.

Inherent Risk

Select the component of audit risk that is most directly illustrated. The components of audit risk may be used once, more than once, or not at all: Technological developments make a major product obsolete.

Inherent Risk

Select the component of audit risk that is most directly illustrated. The components of audit risk may be used once, more than once, or not at all: The client is very close to violating debt covenants.

Inherent Risk

Select the component of audit risk that is most directly illustrated. The components of audit risk may be used once, more than once, or not at all: XYZ Company, a client, lacks sufficient working capital to continue operations.

Inherent Risk

Calculate detection risk for each of the following hypothetical clients. Client 1: Audit Risk = Low, Risk of Material Misstatement = Moderate Client 2: Audit Risk = Very Low, Risk of Material Misstatement = High Client 3: Audit Risk = Low, Risk of Material Misstatement = Low Client 4: Audit Risk = Very Low, Risk of Material Misstatement = Moderate

RMM & DR have *inverse relationships* Client 1: Moderate Client 2: Low Client 3: High Client 4: Low

What *risks related to environmental, other regulations and legislation* would an entity face if it operated in the coal mining industry?

Risks Related to Environmental, Other Regulations and Legislation: -*Extensive environmental regulations*, including existing and potential future regulatory requirements relating to air emissions, affect our customers and could reduce the demand for coal as a fuel source and cause coal prices and sales of our coal to materially decline. -Our *failure to obtain and renew permits* necessary for our mining operations could negatively affect our business. -*Federal or state regulatory agencies have the authority to order certain of our mines to be temporarily or permanently closed* under certain circumstances, which could materially and adversely affect our ability to meet our customers' demands. -*Extensive environmental regulations impose significant costs* on our mining operations, and future regulations could materially increase those costs or limit our ability to produce and sell coal.

Give three examples of conditions and events that may indicate the *existence of business risks*.

Some examples of conditions and events that may indicate the existence of business risks are: -*Significant changes in the entity* such as large acquisitions, reorganizations, or other unusual events -*Significant changes in the industry* in which the entity operates -*Significant new products or services* or *significant new lines of business* -*New locations* -*Significant changes in the IT environment* -*Operations in* areas with *unstable economies* -High degree of *complex regulation*

What steps should an auditor perform to identify the risk of material misstatement due to fraud?

The auditor performs the following steps to identify the risks of material misstatement due to fraud: 1. *Discussion among the audit team members* regarding the risks of material misstatement due to fraud. 2. *Inquire of management, audit committee, and others about their views on the risks of fraud* and how it is addressed. 3. *Consider any unusual or unexpected relationships* that have been identified in performing analytical procedures in planning the audit. 4. *Understand the client's period-end closing process* and *investigate unexpected period-end adjustments.* 5. *Identification and assessment of fraud risk factors.*

What are the objectives of the "brainstorming" meeting that is held among the engagement team members?

The objectives of the brainstorming meeting are to: 1. *Share insights about the entity* and its environment and the *entity's business risks* 2. Provide an opportunity for the team members to *discuss how and where the entity might be susceptible to fraud*. 3. *Emphasize the importance of maintaining professional skepticism* throughout the audit regarding the *potential for material misstatement due to fraud*.

What is the required documentation for identified risk factors?

This happens after the auditor has detected fraud within an entity. The documentation should include: 1. The *risks identified*, an *evaluation of management's response* to such risks, and the *auditor's assessment of the risk of error or fraud* after considering the entity's response. 2. The *nature, timing, and extent of the procedures performed* in response to the risks of material misstatement due to fraud and the *results of that work.* 3. *Fraud risks* or other conditions *that caused the auditor to believe that additional audit procedures* or other responses *were required* to address such risks or other conditions. 4. The *nature of communications about error or fraud made to management*, the audit committee, and others.

Describe the three conditions that are generally present when fraud occurs.

Three conditions are generally present when material misstatements due to fraud occur: 1. Management or other *employees have an incentive or are under pressure* that provides a *reason to commit fraud.* 2. *Circumstances exist that provide an opportunity for a fraud* to be carried out. 3. Those involved are *able to rationalize committing a fraudulent act.* Some *individuals possess an attitude*, character, or set of ethical values that allow them to knowingly and intentionally commit a dishonest act.

Which of the following is an example of fraudulent financial reporting? a. Company management falsifies the inventory count, thereby overstating ending inventory and understating cost of sales. b. An employee diverts customer payments to his personal use, concealing his actions by debiting an expense account, thus overstating expenses. c. An employee steals inventory, and the shrinkage is recorded as a cost of goods sold. d. An employee borrows small tools from the company and neglects to return them; the cost is reported as a miscellaneous operating expense.

a. Company management falsifies the inventory count, thereby overstating ending inventory and understating cost of sales.

Which of the following is correct concerning required auditor communications about fraud? a. Fraud that involves senior management should be reported directly by the auditor to the audit committee regardless of the amount involved. b. Fraud with a material effect on the financial statements should be reported directly by the auditor to the Securities and Exchange Commission. c. Any requirement to disclose fraud outside the entity is the responsibility of management and not that of the auditor. d. The professional standards provide no requirements related to the communication of fraud, but the auditor should use professional judgment in determining communication responsibilities.

a. Fraud that involves senior management should be reported directly by the auditor to the audit committee regardless of the amount involved.

Auditing standards require auditors to make certain inquiries of management regarding fraud. Which of the following inquiries is required? a. Whether management has ever intentionally violated the securities laws. b. Whether management has any knowledge of fraud that has been perpetrated on or within the entity. c. Management's attitudes toward regulatory authorities. d. Management's attitude about hiring ethical employees.

b. Whether management has any knowledge of fraud that has been perpetrated on or within the entity.

Which of the following is a misappropriation (embezzlement) of assets? a. Classifying inventory held for resale as supplies. b. Investing cash and earning at a 3 percent rate of return as opposed to paying off a loan with an interest rate of 7 percent. c. An employee of a consumer electronics store steals 12 CD players. d. Management estimates bad debt expense as 2 percent of sales when it actually expects bad debts equal to 10 percent of sales.

c. An employee of a consumer electronics store steals 12 CD players.

Which of the following concepts are pervasive (an unwelcome spread) in the application of generally accepted auditing standards, particularly the standards of field work and reporting? a. Internal control. b. Expected misstatement. c. Control risk. d. Materiality and audit risk.

d. Materiality and audit risk.