Audit Chapter 9
Audit risk model
: a formal model reflecting the relationships between acceptable audit risk (AAR), inherent risk (IR), control risk (CR) and planned detection risk (PDR); PDR=AAR/(IR*CR)
Audit assurance
a complement of acceptable audit risk; an acceptable audit risk of 2 percent is the same as audit assurance of 98% aka overall assurance and level of assurance
Engagement risk
the risk that the auditor or audit firm will suffer harm because of a client relationship even though the audit report rendered for the client was correct
22. Auditors have not been successful in measuring the components of the audit risk model. How is it possible to use the model in a meaningful way without a precise way of measuring the risk?
Exact quantification of all components of the audit risk model is not required to use the model in a meaningful way. An understanding of the relationships among model components and the effect that changes in the components have on the amount of evidence needed allow practitioners to use the audit risk model in a meaningful way
21. Explain why there is an inverse relationship between planned detection risk and the amount of evidence an auditor collects for a specific audit objective.
Planned detection risk is the risk that audit evidence for a segment will fail to detect misstatements that could be material, should such misstatements exist. In order to reduce this risk, the auditor would increase the amount of evidence they collect for a specific audit objective. For example, if the auditor wanted a low level of risk that audit procedures designed to test the existence of inventory fail to detect a material misstatement, they would increase the amount of inventory tested and/or the number of audit procedures performed.
Provide 2 examples of factors that might increase the risk of material misstatements at the overall financial statement level.
A number of overarching factors may increase the risks of material misstatement at the overall financial statement level. For example, deficiencies in management's integrity or competence, ineffective oversight by the board of directors, or inadequate accounting systems and records increase the likelihood that material misstatements may be present in a number of assertions affecting several classes of transactions, account balances, or financial statement disclosures. Similarly, declining economic conditions or significant changes in the industry may increase the risk of material misstatement at the overall financial statement level.
What constitutes a significant risk?
A significant risk represents an identified and assessed risk of material misstatement that, in the auditor's professional judgment, requires special audit consideration. Auditing standards require the auditor to obtain an understanding of the entity's controls relevant to significant risks to evaluate the design and implementation of those controls, and the auditor must perform substantive tests related to assertions deemed to have significant risks.
Explain what is meant by the term acceptable audit risk. What is its relevance to evidence accumulation?
Acceptable audit risk is a measure of how willing the auditor is to accept that the financial statements may be materially misstated after the audit is completed and an unmodified opinion has been issued. Acceptable audit risk has an inverse relationship to evidence. If acceptable audit risk is reduced, planned evidence should increase
Explain the causes of an increased or decreased planned detection risk.
An increase in planned detection risk may be caused by an increase in acceptable audit risk or a decrease in either control risk or inherent risk. A decrease in planned detection risk is caused by the opposite: a decrease in acceptable audit risk or an increase in control risk or inherent risk.
Describe the types of procedures that constitute risk assessment procedures
To obtain an understanding of the entity and its environment, including the entity's internal controls, the auditor performs risk assessment procedures to identify and assess the risk of material misstatement, whether due to fraud or error. Risk assessment procedures include the following: Inquiries of management and others within the entity Analytical procedures Observation and inspection Discussion among engagement team members Other risk assessment procedures
Risk
the acceptance be auditors ta there is some level of uncertainty in performing the audit function
24. Explain how audit and materiality are related and why they need to be considered together in planning an audit.
Audit risk is a measure of how willing the auditor is to accept that the financial statements may be materially misstated after the audit is completed and an unmodified opinion has been issued. An auditor cannot assess the risk of material misstatement without first deciding the size of misstatements that will be considered material. Materiality and audit risk are considered together in planning the nature and extent of risk assessment procedures to be performed, identifying and assessing the risks of material misstatement, determining the nature, timing and extent of audit procedures, and evaluating audit findings.
Auditing standards require that the engagement team members engage in discussion about the susceptibility of the financial statements to the risk of fraud. How does this discussion relate to the required discussion about the risk of material misstatement?
Auditing standards explicitly require that discussion among engagement team members consider the susceptibility of the client's financial statements to fraud, in addition to their susceptibility of material misstatement due to errors. While auditing standards specifically require a discussion among the key engagement team members, including the engagement partner, about how and where the entity's financial statements may be susceptible to material misstatement due to fraud, this can be held concurrently with the discussion about the susceptibility of the financial statements to material misstatement due to error. These discussions should include an exchange of ideas or brainstorming among the engagement team members about business risks and how and where the financial statements might be susceptible to material misstatement, whether due to fraud or error.
What types of inquiries should the auditor make when considering the risk of material misstatement due to fraud?
Auditing standards require the auditor to inquire of management about their assessment of the risk that the financial statements may be materially misstated due to fraud. As part of those inquiries, the auditor should ask management to describe the frequency of management's assessment and the extent of their consideration of risks due to fraud, including discussion about management's processes that are designed to identify, respond to, and monitor the risks of fraud in the organization. Auditing standards require the auditor to make inquiries of management and others within the entity about their knowledge of any actual, suspected, or alleged fraud affecting the client and whether management has communicated any information about fraud risks to those charged with governance.
Auditing standards require that the engagement team members engage in discussion about the risk of material misstatement. Describe the nature of this required discussion and who should be involved.
Auditing standards require the engagement partner and other key engagement team members to discuss the susceptibility of the client's financial statements to material misstatement. Discussion among the engagement partner and other key members of the engagement team provides an opportunity for more experienced team members, including the engagement partner, to share 9-4 Copyright © 2017 Pearson Education, Inc. 9-7 (continued) their insights about the entity and its environment, including their understanding of internal controls, with other members of the engagement team. The discussion should include an exchange of ideas or brainstorming among the engagement team members about business risks and how and where the financial statements might be susceptible to material misstatement, whether due to fraud or error. By including key members of the engagement team in discussions with the engagement partner, all members of the engagement team become better informed about the potential for material misstatement of the financial statements in specific areas of the audit assigned to them, and it helps them gain an appreciation for how the results of audit procedures performed by them affect other areas of the audit.
How should the auditor consider risks related to revenue recognition when assessing the risks of material misstatement due to fraud?
Because a number of high profile instances of fraudulent financial reporting have involved misstatements in revenue recognition, auditing standards require the auditor to presume that risks of fraud exist in revenue recognition. As a result, risks related to audit objectives for revenue transactions and their related account balances and presentation and disclosure are presumed to be significant risks in most audits. If the auditor determines that the presumption is 9-5 Copyright © 2017 Pearson Education, Inc. 9-10 (continued) not applicable to a particular audit engagement, the auditor must document this conclusion in the working papers.
Assume you are concerned that your client has recorded revenues that didn't occur. What audit objective would you assess as having a high risk of material misstatement?
Concern about the client potentially recording revenues that did not occur would relate to the occurrence transaction-related audit objective. In this case, the auditor would assess the risk of occurrence as high.
Explain the effect of extensive misstatements found in the prior year's audit on inherent risk, planned detection risk, and planned audit evidence.
Extensive misstatements in the prior year's audit would cause inherent risk to be set at a high level (maybe even 100%). An increase in inherent risk would lead to a decrease in planned detection risk, which would require that the auditor increase the level of planned audit evidence.
In addition to inquiring of individuals among management who are involved in financial reporting positions, such as the CFO and controller, which additional individuals should you consider making inquiries of as part of your risk assessment procedures? Be sure to describe how those individuals might be helpful to you in assessing risks of material misstatement
In addition to making inquiries of individuals involved in financial reporting positions, auditors benefit from obtaining information or different perspectives through inquiries of others within the entity and other employees with different levels of authority. Additionally, inquiries of those charged with governance, such as the board of directors or audit committee, may provide important insights about the overall competitive environment and strategy of the business that may provide important insights about overall client business risks. Similarly, because internal auditors typically have exposure to all aspects of the client's business and operations, they may have important information about risks at the overall financial statement level or assertion level. Most internal audit functions develop their internal audit scope based on a risk assessment process that considers risks to design their audit strategies.
Describe which 2 factors of the audit risk model relate to the risk of material misstatement at the assertion level.
Inherent risk and control risk relate to the risk of material misstatement at the assertion level. Inherent risk measures the auditor's assessment of the susceptibility of an assertion to material misstatement, before considering the effectiveness of related internal controls. Control risk measures the auditor's assessment of the risk that a material misstatement could occur in an assertion and not be prevented or detected on a timely basis by the client's internal controls.
Define what is meant by inherent risk. Identify 4 factors that are associated with higher inherent risks in audits.
Inherent risk is a measure of the auditor's assessment of the susceptibility of an assertion to material misstatements before considering the effectiveness of internal control. Factors affecting assessment of inherent risk include: Nature of the client's business Results of previous audits Initial vs. repeat engagement Related parties Complex or nonroutine transactions Judgment required to correctly record transactions Makeup of the population Factors related to fraudulent financial reporting Factors related to misappropriation of assets
Explain why inherent risk is set for audit objectives for segments (classes of transactions, balances, and presentation and disclosure) rather than for the overall audit. What is the effect on the amount of evidence the auditor must accumulate when inherent risk is increased from medium to high for an audit objective?
Inherent risk is set for audit objectives for segments rather than for the overall audit because misstatements occur at the objective level within a segment. By identifying expectations of misstatements in segments, the auditor is thereby able to modify audit evidence by searching for misstatements in those segments. When inherent risk is increased from medium to high, the auditor should increase the audit evidence accumulated to determine whether the expected misstatement actually occurred.
Define the audit risk model and explain each term in the model.
The audit risk model is as follows: PDR = AARR IR x CR Where PDR = Planned detection risk AAR = Acceptable audit risk IR = Inherent risk CR = Control risk Planned detection risk A measure of the risk that audit evidence for a segment will fail to detect misstatements that could be material, should such misstatements exist. Acceptable audit risk A measure of how willing the auditor is to accept that the financial statements may be materially misstated after the audit is completed and an unmodified opinion has been issued. Inherent risk A measure of the auditor's assessment of the susceptibility of an assertion to material misstatement before considering the effectiveness of internal control. Control risk A measure of the auditor's assessment of the risk that a material misstatement could occur in an assertion and not be prevented or detected by the client's internal controls. Auditing standards note that the combination of inherent risk and control risk reflects the risk of material misstatement.
Describe the types of procedures auditors perform as part of their assessment procedures.
The auditor performs risks assessment procedures to identify and assess the risk of material misstatement, whether due to fraud or error. Risk assessment procedures include the following: 1. Inquiries of management and others within the entity: Because management and others, including those charged with governance and internal audit, have important information to assist the auditor in identifying risks of material misstatements, the auditor will make a number of inquiries of these individuals to understand the entity and its environment, including internal control, and to ask them about their assessments of the risks of material misstatements. 2. Analytical procedures: As noted in Chapter 8, auditors are required to perform preliminary analytical procedures as part of audit planning to better understand the entity and to assess client business risks. 3. Observation and inspection: Auditors observe the entity's operations and they inspect documents, such as the organization's strategic plan, business model, and its organizational structure to increase the auditor's understanding of how the business is structured and how it organizes key business functions and leaders in the oversight of dayto-day operations. 4. Discussion among engagement team members: Auditing standards require the engagement partner and other key engagement team members to discuss the susceptibility of the client's financial statements to material misstatement. This includes explicit discussion about the susceptibility of the client's financial statements to fraud, in addition to their susceptibility of material misstatement due to errors. 5. Other risk assessment procedures: The auditor may perform other procedures to assist in the auditor's assessment of the risk of material misstatement.
23. Explain the circumstances when the auditor should revise the components of the audit risk model and the effect of the revisions on planned detection risk and planned evidence.
The auditor should revise the components of the audit risk model when the evidence accumulated during the audit indicates that the auditor's original assessments of inherent risk or control risk are too low or too high or the original assessment of acceptable audit risk is too low or too high. The auditor should exercise care in determining the additional amount of evidence that will be required. This should be done without the use of the audit risk model. If the audit risk model is used to determine a revised planned detection risk, there is a danger of not increasing the evidence sufficiently.
Which parts of the 8 parts of planning involve the evaluation of risk?
The parts of planning are: accept client and perform initial planning, understand the client's business and industry, perform preliminary analytical procedures, set preliminary judgment of materiality and performance materiality, identify significant risks due to fraud or error, assess inherent risk, understand internal control and assess control risk, and finalize overall audit strategy and audit plan. The evaluation of risk is an explicit component of part five (identify significant risks, including fraud risks), part six (assess inherent risk), and part seven (control risk).
Why is it important for the auditor to consider the risk of material misstatement ta the overall financial statement level?
The risk of material misstatement at the overall financial statement level refers to risks that relate pervasively to the financial statements as a whole and potentially affect a number of different transactions and accounts. It is important for the auditor to consider risks at the overall financial statement level given those risks may increase the likelihood of risks of material misstatement across a number of accounts and assertions for those accounts.
At what 2 levels does the auditor assess the risk of material misstatement?
The risk of material misstatement exists at two levels: the overall financial statement level and at the assertion level for classes of transactions, account balances, and presentation and disclosures. Auditing standards require the auditor to assess the risk of material misstatement at each of these levels and to plan the audit in response to those assessed risks.
Describe examples of characteristics of transactions and balances that might cause an auditor to determine that a risk of material misstatement is a significant risk.
Three types of characteristics of transactions and balances that might cause an auditor to determine that a risk of material misstatement is a significant risk: 1. Nonroutine Transactions: Significant risks often relate to significant nonroutine transactions, which represent transactions that are unusual, either due to size or nature, and that are infrequent in occurrence. Nonroutine transactions may increase the risk of material misstatement because they often involve a greater extent of management intervention, including more reliance on manual versus automated data collection and processing, and they can involve complex calculations or unusual accounting principles not subject to effective internal controls due to their infrequent nature. Related party transactions often reflect these characteristics, thereby increasing the likelihood they are considered significant risks. 2. Matters Requiring Significant Judgment: Significant risks also relate to matters that require significant judgment because they include the development of accounting estimates for which significant measurement uncertainty exists. Classes of transactions or account balances that are based on the development of accounting estimates often require significant judgment that is subjective or complex based on assumptions about future events. As a result, those types of transactions or balances frequently are identified as significant risks. 9-6 Copyright © 2017 Pearson Education, Inc. 9-13 (continued) 3. Fraud Risk: Because fraud generally involves concealment, detecting material misstatements due to fraud is difficult. As a result, when auditors identify a potential risk of material misstatement due to fraud, auditing standards require the auditor to consider that risk a significant risk, which triggers required responses to those risks.
20. Explain the relationship between acceptable audit risk and the legal liability of auditors.
When the auditor is in a situation where he or she believes that there is a high exposure to legal liability, the acceptable audit risk would be set lower than when there is little exposure to liability. Even when the auditor believes that there is little exposure to legal liability, there is still a minimum acceptable audit risk that should be met.
Why is it important to distinguish the auditor's assessment of the risk of material misstatement due to fraud from the assessment for the risk of material misstatement due to error?
While auditors perform risk assessment procedures to assess the risk of material misstatement due to fraud or error, auditing standards require the auditor to explicitly consider fraud risk because the risk of not detecting a material misstatement due to fraud is higher than the risk of not detecting a misstatement due to error. Fraud often involves complex and sophisticated schemes designed by perpetrators to conceal it, such as forgery of approvals and authorizations for unusual cash disbursement transactions or intentional efforts to not record a transaction in the accounting records. And, individuals engaged in conducting a fraud often intentionally misrepresent information to the auditor, and they may try to conceal the transaction through collusion with others. As a result, explicitly focusing on the risks of material misstatements due to fraud helps the auditor apply professional skepticism as part of the auditor's planning procedures.
Acceptable audit risk
a measure of how willing the auditor is to accept that the financial statements may be materially misstated after the audit is completed and an unmodified opinion has been issued
Control risk
a measure of the auditor's assessment of the risk that a material misstatement could occur in an assertion and not be prevented or detected on a timely basis by the client's internal control
Inherent risk
a measure of the auditor's assessment of the susceptibility of an assertion to material misstatement before considering the effectiveness of internal control
Planned detection risk
a measure of the risk that audit evidence for a segment will fail to detect misstatements that could be material, should such misstatements exist
Nonroutine transaction
a transaction that is unusual, either due to size or nature, and that is infrequent in occurrence
Significant risk
an identified and assessed risk of material misstatement that, in the auditor's professional judgment, requires special audit consideration