Auditing Chapter 4

Audit Risk Definition

Risk of issuing an incorrect opinion on financial statements. Giving an unmodified opinion when unknown material misstatements actually exist in the statements.

Business Risks

Risks that could adversely affect companies' ability to achieve objectives and execute strategies. Business risks might result from setting inappropriate objectives and strategies, or from complexity in the company's operations, changes in the industry environment, or even management incompleteness.

Company Performance Measures

The purpose of obtaining an understanding of the company's performance measures is to determine what information management and others deem to be key indicators of company performance. They also reveal what items management or financial statement users might be sensitive to.

General Categories of Misstatement

1. Invalid transactions are recorded 2. Valid transactions or disclosures are omitted from the financial statements 3. Transactions or disclosure amounts are inaccurate 4. Transactions are classified in the wrong accounts 5. Transaction accounting and posting are incorrect 6. Transactions are recorded in the wrong period 7. Disclosures are incomplete or misleading

5 Steps When Completing Analytical Procedures

1. Develop an expectation 2. Define a significant difference 3. Compare expectation with the recorded amount 4. Investigate significant differences 5. Document each of the preceding steps

Factors Related to Susceptibility of Accounts

1. Dollar size of the account 2. Liquidity 3. Volume of transactions 4. Complexity of the Transactions 5. Subjective estimates

Information from Client Acceptance or Continuance Evaluation, Audit Planning, Past Audits, and Other Engagements

A great deal of information about the client is gathered in the pre-engagement planning process. Auditors evaluate the competence and integrity of management and the riskiness of the business before taking or continuing a client. The best indicator of the risk of material misstatements is the presence of misstatements in previous audits that required adjusting entries.

Enterprise Risk Management (ERM)

A process effected by an entity's board of directors, management, and other personnel applied in a strategy setting and across the enterprise that is designed to identify potential events, that may affect the entity and to manage risks to be within its risk appetite to provide reasonable assurance regarding the achievement of entity objectives. Management, boards, and employees have to be constantly thinking about what could go wrong with the business and how they can prevent it.

Audit Committees

A subset of a company's board of directors composed of outside members who can provide a buffer between the audit firm and management.

Reasonable Assurance

A term that implies some risk that a material misstatement could be present in the financial statements without the auditor detecting it, even when the auditor has exercised due care.

Significant Account or Disclosure

An account or disclosure that has a reasonable possibility of containing a material misstatement regardless of the effect of controls.

Defalcation

Another name for employee fraud, embezzlement, and larceny. Auditing standards also call is misappropriation of assets.

Analytical Procedures

Reasonable tests. Auditors compare their expectations for each of the account balances with those recorded by management. These procedures must be applied in the preliminary stages of each audit.

Accounting Estimates

Approximations of financial statement numbers and are often included in financial statements. Examples include valuation of investment securities, net realizable value of accounts receivable, market value of inventory, and etc. Auditors should monitor the differences between management's estimates and the closest reasonable estimates supported by audit evidence.

Risk Model

Audit Risk = Inherent Risk X Control Risk X Detection Risk

Assessing Inherent Risk

Auditor's basis for assessing a client's inherent risk is found in their familiarity with the types of misstatements that could occur for each assertion in any account balance or class of transactions.

Auditor Responsibility

Auditors are concerned with fraud only as it affects the financial statements. They are not responsible to detect all fraud, but are responsible to detect cases where fraud results in material misstated financial statements.

Preliminary Analytical Procedures

Auditors are required to complete preliminary analytical procedures on each engagement. When completing analytical procedures, auditors are required to develop an expectation about what an account balance should be and then compare that expectation to the recorded balance.

Gathering Information, Assessing and Responding to Risks

Auditors have to keep up with developments in their clients' industries and in the overall economy. Auditors should also read public information about the company. Auditors also need to obtain an understanding of compensation agreements with senior management.

Communicate Fraud Risks

Auditors must always exercise technical and personal care because accusations of fraud are always taken seriously

Business Risk

Auditors must assess the risk of providing incorrect information to financial statement users.

Selection and Application of Accounting Principles, Including Related Disclosures

Auditors should evaluate whether the company's selection and application of accounting principles are appropriate for its business and consistent with the applicable financial reporting framework and accounting principles used in the relevant industry. Auditors should also pay attention to any changes and reasons for any changes.

Management Fraud

Deliberate fraud committed by management that injures investors and creditors through material misstated information. Usually takes the form of deceptive financial statements, management fraud is sometimes referred to as fraudulent financial reporting.

Document Risk Assessment

Discussions with engagement personnel, Procedures to identify and assess risk, Significant decisions during discussion, Specific risks identified and audit team responses, Explanation of why improper revenue recognition is not a risk, Results of audit procedures, particularly procedures regarding management override, Other conditions causing auditors to believe that additional procedures are required, and Communications to management.

Auditor's Risk Assessment

Guide auditors in assessing and dealing with a client's business risks and other risks that might affect financial statements. Top-down evaluation that goes beyond looking at accounting process and preparation of financial statements. So now audit teams devote a significant amount of time in their engagement planning to gaining an understanding of the client's business strategies and processes to understand whether the financial statements are fairly presented.

Related Parties

Include those individuals or organizations that can influence or be influenced by decisions of the company, possibly through family ties or investment relationships. Auditors strive to identify related-party relationships and transactions during planning to be able to obtain evidence that the financial accounting and disclosure for them are proper.

Risk of Material Misstatement (ROMM)

Includes inherent and control risk. ROMM is the risk material misstatement that exists in the financial statements before auditors apply procedures.

ERM Framework (8 Elements)

Internal Environment, Objective Setting, Event Identification, Risk Assessment, Risk Response, Control Activities, Information and Communication, and Monitoring. More in depth on pg.120

Inquiry of Audit Committee, Management, and Others within the Company

Interviewing the entity's management, internal auditors, directors, the audit committee, and other employees is a required audit process that can bring auditors up to date on changes in the business and the industry. Such inquires of client personnel have multiple purposes of building personal working relationships, observing the competence and integrity of client personnel, obtaining a general understanding, and probing for problem areas that could harbor financial misstatements.

Understanding the Client's Business

Knowledge and understanding of the client's business is essential to the audit. Obtaining an understanding of the company includes understanding: relevant industry, regulatory, and other external factors, the nature of the company and related parties, the effect of client computerized processing, the company's selection and application of accounting principles, including related disclosures, the company's objectives and strategies and those related business risks that might reasonably be expected to result in risks of material misstatement, and the company's measurement and analysis of its financial performance.

Control Risk Categories and Probabilities

Low: .1-.45 Moderate: .4-.7 Slightly Below Max: .6-.95 Maximum: 1

Impact of Detection Risk

Lower Detection Risk Allowed: more effective tests, testing performed at year-end, more tests needed. Higher Detection Risk Allowed: less effective tests, testing can be performed at interim, and fewer tests needed. ROMM and detection risk are inversely related. The greater the risk of material misstatement, the lower the detection risk that auditors could allow in order to maintain level of audit risk with which they feel comfortable.

Relevant Assertions

Management assertions that have a reasonable possibility of containing material misstatements without regard to the effect of controls.

General Business Sources

Most industries have specialized trade magazines and journals. Specific information can be found in registration statements and 10-K reports filed with the SEC.

Industry, Regulatory, and Other External Factors

Obtaining an understanding of relevant industry, regulatory, and other external factors encompasses the competitive environment and technological developments. Auditor must understand the broad economic environment that the client operates, including such things as the effects of national economic policies, the geographic location and its economy, and developments in taxation and regulatory areas.

The Nature of the Company

Obtaining an understanding of the nature of the company includes understanding: 1. The company's organizational structure and management personnel 2. The sources of funding the company's operations and investment activities 3. The company's significant investment 4. The company's operating characteristics, including its size and complexity 5. The source of the company's earniings

Assessing Risk Factors

Once risk factors have been identified, auditors have a better understanding of the potential for material misstatement. This includes evaluating the risk that a significant disclosure might be misleading or omitted. The auditors' next task is to assess the types of risk present, the likelihood that material misstatement has occurred, the magnitude of the risk, and the pervasiveness of the potential for misstatement.

Company Sources

Other early information gathering sources include reviewing the corporate charter and bylaws or partnership agreement, reviewing contracts, agreements, and legal proceedings, and reading the minutes of the meetings of directors and committees of the board of directors.

Audit Risk

Probability that an audit team will express an inappropriate audit opinion when the financial statements are materially misstated. Such risks always exists, even when audits are well planned and carefully performed. Broken down into inherent risk, control risk, and detection risk.

Detection Risk

Probability that the auditor's own procedures will fail to detect material misstatements provided that any have entered the accounting system in the first place and have not been prevented or detected and corrected by the client's internal controls. Auditors are responsible for performing evidence-gathering procedures that manage and establish detection risk.

Control Risk

Probability that the client's internal control activities will fail to prevent or detect material misstatements provided that they enter or would have entered the accounting system in the first place. "What is the client doing about them?" Want to ensure appropriate processing and recording of transactions to help ensure the production of reliable financial statements. Auditors do not create or manage control risk.

Information Risk

Probability that the information distributed by an entity will be materially false and misleading. Auditors evidence-gathering and reporting reduce the risk to financial statement users.

Inherent Risk

Probability that, in the absence of internal controls, material errors or frauds could enter the accounting system used to develop financial statements. Susceptibility of the account to misstatement. "What could go wrong?" It is a function of the nature of the client's business, major types of transactions, and the effectiveness and integrity of its managers and accountants. Auditors do not create or control inherent risk.

Respond to Significant Risks

Significant risks are those risks that require special audit considerations because of the nature of the risk or the likelihood and potential magnitude of misstatement related to the risk. Fraud risks are significant risks. Auditors should specifically examine controls and design tests to address significant risks. Auditors must next respond to the results of the risk assessments using the risk audit model.

Types of Fraud

Stockholders/Creditors, Owners/Managers, Customers, Government, Insurers, Employees, Vendors/Suppliers/Consultants, and Competitors

Fraud

The act of knowingly making material misrepresentations of fact with the intent of inducing someone to believe the falsehood and act on it and, suffer a loss or damage. Through both fraud and aggressive financial reporting, some companies have caused financial statements to be misstated. usually by overstating revenues and assets, understating expenses and liabilities, and giving disclosures that are misstated or that omit important information. Intent of inducing someone to believe the falsehood and act on it. Exhibit 4.3 pg. 125.

Extended Procedures

The audit procedures used in response to heightened fraud awareness as the result of the identification of significant risks.

Vertical Analysis

The common-size analysis of financial statement amounts created by expressing amounts as proportions of a common base such as sales for the income-statement accounts or total assets for the balance-sheet accounts.

Horizontal Analysis

The comparative analysis of year-to-year changes in balance-sheet and income-statement accounts

White-Collar Crimes

The misdeeds of people who wear ties to work and steal with a pencil or a computer terminal. Produce ink stains instead of bloodstains.

Company Objectives, Strategies, and Related Business Risks

The purpose of obtaining an understanding of the company's objectives, strategies, and related business risks is to identify business risks that could reasonably be expected to result in material misstatement of the financial statements. Examples of situations in which business risks might result in material misstatement are: Industry developments, New products and services, Expansion of the business, The effects of implementing a strategy, and Financing requirements.

Audit Team Discussions (Brainstorming)

The risk assessment process includes required audit team brainstorming sessions in with critical audit areas are discussed. These sessions update audit team members on important aspects of the audit and heighten team members' awareness of the potential for fraud and errors in the engagement.

Audit Strategy Memorandum

The scope, timing, and direction for auditing each relevant assertion based on the results of the risk model.

Direct-Effect Noncompliance

The violations of laws or government regulations by the entity or its management or employees that produce direct and material effects on dollar amounts in financial statements (Tax or Pension Laws, Government Contracting, Revenue Recognition).

Indirect-Effect Noncompliance

The violations of laws or government regulations that does not directly affect specific financial statement accounts or disclosures (Sexual Harassment, Food and Safety, Equal Employment).

Larceny

Theft. Example: employee misappropriates am employer's funds or property that has not been entrusted to the custody of the employee.

Embezzlement

Type of fraud involving employees or non-employees wrongfully misappropriating funds or property entrusted to their care, custody, and control, often accompanied by false accounting entries and other forms of deception and cover-up

Errors

Unintentional misstatements or omissions of amounts or disclosures in financial statements.

Employee Fraud

Use of fraudulent means to misappropriate funds or other property from an employer. Such as using false documents, lying, exceeding authority, violating employer's policies. 3 phases: fraudulent act, conversion of the funds or property, the cover-up.

Evaluate Accumulated Results of Audit Procedures

When collecting corroborating evidence to support the financial statements, auditors must remain vigilant to the potential for fraud.