AC 516 Chapter 3 - Fundamental Concepts: Materiality, Audit Risk and Risk Assessment
Detection risk
A function of the effectiveness of an auditing procedure and of its application by the auditor
Control risk
A function of the effectiveness of the design and operation of the client's internal control structure policies and procedures relevant to an audit of financial statements
Business risk
A risk that affects the operations and potentialoutcomes of organizational activities that result from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity's ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies
Engagement risk
A risk that auditors encounter by being associated with a particular client, including loss of reputation, inability of the client to pay the auditor, or financial loss
Financial reporting risk
A risk that relates to the recording of transactions and the presentation of the financial data in an organization's financial statements
Auditing standards
Also requires the auditor to consider the possibility of misstatements of relatively small amounts that, cumulatively, could have a material effect on the financial statements.
True
An error is more likely to occur in valuations requiring complex calculations and in estimated balances. T/F?
- Industry, regulatory, and other external factors, including AFRF - Nature of the entity, including the entity's selection and application id accounting policies - Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements - Measurement and review of the entity's financial performance - Internal control
Aspects of understanding the entity and its environment
- Identifying and evaluating inherent risk - Assessing control risk - Designing and carrying out substantive test of account balances and class of transactions
Audit procedures comprise
Risk assessment procedures
Audit procedures performed to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and assertion levels
AR = RMM x [1-Pr(Da)], or AR = RMMi x [1-Pr(De)] x [1-Pr(Da)]
Audit risk equation
- The risk of material misstatement of financial statements - Detection risk
Audit risk is a function of
False, reduced
Audit risk is increased by gathering evidence. T/F?
False; as a functional rather than mathematical
Because of limitations, many auditors use the audit risk model as a mathematical, rather than functional model. T/F?
PSA 320 (R&R)
Clearly requires the auditor to determine three different levels of materiality
- The elements of the financial statements and the financial statement measures defined in the applicable financial reporting framework - Whether there are financial statement items on items for the particular entity, users' attention tends to be focused - The nature of the entity and the industry in which it operates - The size of the, nature of its ownership, and the way it is financed
Considerations in determining acceptable materiality levels
PSA 320 (R&R), "Materiality in Planning and Performing an Audit"
Deals with the auditor's responsibility to apply the concept of materiality un planning and performing an audit of financial statements
Audit strategy
Describes, in broad terms, the principal features of the auditor's proposed approach to the audit
Audit planning
Detection risk is controlled by the auditor and is an integral part of ____________.
Two-step
Detemining the materiality levels for use in examining a particular account balance is a ________ process.
PSA 520(Red) - Analytical Procedures
Establishes requirements and provides guidance on the use of analytical procedures
- The entity's operations - Documents, records, and internal control manuals - Reports prepared by management and those charged with governance - The entity's premises and plant facilities
Examples of targets of observation and inspection
Controls
Exist to address risks
PSA 450, "Evaluation of Misstatements Identified during the Audit"
Explains how materiality is applied in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements
- laws and regulations - financial reporting framework - key industry disclosutes of the entity - particular aspects of the entity's business - understanding of the view of those charged with governance
Factors in determining specific materiality
- components of the FS - focus of the users of the FS - nature of the entity - ownership structure of the entity - volatility of the benchmark identified and laws and regulations
Factors in determining the appropriate benchmark
- The skillfulness of the perpetrator - The frequency and extent of manipulation - The degree of collusion involved - The relative size of individual amounts manipulated - The seniority of those individuals involved
Factors that affect the auditor's ability to detect a fraud
Qualitative factors
First year engagement, control weaknesses, management turnover, high market pressures, high fraud risk and higher-than-normal risk of bankruptcy are examples of what kind of factors of misstatements?
a) Set the desired level of audit risk b) Based on the susceptibility of the account balance, class of transactions, or assertions affecting the account balance or class of transactions, assess inherent risk c) Based on the effectiveness of internal control, assess control risk d) Based on the audit risk, inherent risk and control risk, determine the necessary level of detection risk
Four steps in using the audit risk model
- Falsification, or alteration of accounting records or supporting documentation - Misrepresentation in or intentional omission from, the financial statements of events, transactions or other significant information - Intentional misapplication of accounting principles
Fraudulent financial reporting may be accomplished by:
True
Higher detection risk implies the need for less evidence, and low detection risk implies a need for more substantive audit procedures. T/F?
True
If the auditor accepts a client with high engagement risk, the auditor must conduct a more rigorous audit, thereby setting audit risk at a low level. T/F?
Those charged with governance
If the auditor judges that there is a material weakness in the entity's risk assessment process, the auditor communicates to _____________.
Acceptable materiality level
In designing the audit plan, the auditor must establish a/an ______________ so as to detect quantitative material misstatements considering both amount and nature of the items.
- nature of the entity's business and transactions - risk assessment procedures - nature and extent of misstatements identified in previous audits
In determining performance materiality, an understanding of the following factors may affect the auditor's judgment such as:
False, it is the other way around
In theory, audit risk is always greater than zero while in practice, audit risk ranges from zero percent to 100%. T/F?
PSA 320 (R&R)
Introduced a third concept-performance materiality - which changes the way auditors set the materiality level to be used for scoping and testing financial statement balances
Fraudulent financial reporting
Involves intentional misstatements including omissions of amounts or disclosures in financial statements to deceive financial statement users
Misappropriation of assets
Involves the theft of an entity's assets and is ofyen perpetuated by employees in relatively small and immaterial amounts
Risk
Is a pervasive concept
Performance materiality
Is calculated as a certain percentage of overall materiality in order to capture any uncorrected misstatements, the total amount of which may exceed overall materiality.
Overall materiality
It is the materiality for the financial statements as a whole
Good business advisor
Knowledge of the risks allows the auditor to become a __________ to the client
False; low probability of NOT detecting
Low detection risk means a low probability of detecting material misstatements. T/F?
Tolerable misstatement
Materiality allocated to a particular account
Specific materiality or individual materiality
Materiality applied to specific classes of transactions, account balances or disclosures are also known as
Analytical procedures
May help identify the existence of unusual transactions or events, and amounts, ratios, and trends that might indicate matters that have audit implications
Observation and inspection
May support inquiries of management and others, and may also provide information about the entity and its environment
Excuse/Rationalization
Most fraud perpetrators have a/an ___________ that allows them to justify their improper behavior.
True
Much of the information obtained by the auditor's inquiries is obtained from management and those responsible for financial reporting. T/F?
Auditor judgment
Needed to identify more classes of transactions and balances that are susceptible to material misstatement
Materiality
Omissions or misstatements of items are material if they could, individually or collectively; influence the economic decisions of users taken on the basis on the financial statements
- Inadequate capital - Lack of long-run strategic and operational plans - Low cost of entry into the market - Dependence on a limited product range - Dependence on technology that may quickly become obsolete - Instability of future cash flows - History of questionable accounting practices - Previous inquiries by the SEC or other regulatory agencies
Possible indicators of high risk clients
False, Effective
Professional standards require the performance of analytical procedures as part of audit planning because they are efficient at identifying accounts that may contain misstatements in the financial statements. T/F?
PSA 315 (Red)
Provides guidance to the auditor in identifying and assessing the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment
Risk of a material misstatement
RMM
Inherent risk of a material misstatement occurring
RMMi
Quantitative factors
Relationship of a misstatement to certain key amounts in the financial statements is an example of what kind of factor of misstatements?
Acceptable materiality level for the financial statements taken as a whole
Represents the maximum amount by which the auditor believes the financial statements could be misstated and still not affect the decisions of reasonable users
Detection of noncompliance
Requires consideration of the implications for integrity of management or employees and the possible effect on other aspects of the audit
Audit risk
Risk that the auditor may unknowingly fail to appropriately modify the opinion on financial statements that are materially misstated
- Greater management intervention to specify the accounting treatment - Greater manual intervention for data collection and processing - Complex calculations or accounting principles - The nature of non-routine transactions
Risks of material misstatement may be greater for risks relating to significant non-routine transactions arising from matters such as the following:
5%, 10%
SEC Memorandum Circulat No. 8, Series 2009 considers significant accounts equivalent to ___ of a balance sheet or income statement line item for listed companies, mutual funds, other issuers of securities to public and pre-need companies. For all other corporations, the threshold shall be ___ or more.
Audit risk model
Serves as a framework for assessing audit risk
1) Identify relevant financial statement assertions 2) Understand the entity and its environment including its internal controls 3) Make decisions about materiality 4) Perform analytical procedures 5) Identify risks that may result in material misstatements including the risk of fraud 6) Develop preliminary audit strategies
Six steps to fully understand the risk of material misstatement
SEC Memorandum Circular No. 8, Series of 2009
States that related party transactions required under PAS 24 are considered significant regardless of amount involved if the company is a public company, listed companies, issuers of securities to public or secondary licensee of the SEC
- Identify an appropriate benchmark which could either ebe an element or component of the financial statements - Choose an appropriate percentage to be applied to that benchmark
Steps in calculating overall materiality
- Complex or unusual transactions are more likely to recorded in error than are simple or recurring transactions - Management may be motivated to misstate earnings or assets - Better internal controls means a lesser likelihood of misstatement - The amount and persuasiveness of audit evidence gathered should vary directly with the likelihood of material misstatements
The audit risk model allows the auditor to consider
Independent
The audit risk model assumes that the components of the model are ________ of each other.
Non-sampling risk
The audit risk model does not consider the possibility of __________.
False; cannot
The auditor can assume that an instance of fraud is an isolated occurrence. T/F?
False, Management
The auditor is primarily responsible for identifying business risks. T/F?
- Adjusting audit staff to reflect risk associated with a client - Developing substantive tests of account balances consistent with detection risk - Anticipating potential misstatements likely associated with account balances - Adjusting the timing of audit tests to minimize overall audit risk
The auditor manages audit risk by
False; at a lower level
The auditor may, in planning the audit work, intentionally set the acceptable materiality level at a higher level than is intended to be used to evaluate the results of the audit and may be done to reduce the likelihood of undiscovered misstatements. T/F?
- A response that has an overall effect on how the audit is conducted - A response to identified risks at the assertion level involving the nature, timing and extent of audit procedures to be performed - A response to identified risks involving the performance of certain audit procedures to address the risks of material misstatement due to fraud involving management override of controls
The auditor responds to the risks of material misstatement due to fraud in the following ways:
Professional skepticism
The auditor should also be aware of the possibility of noncompliance thus mist exercise ______________ in all facets of the engagement.
True
The auditor should document the assessments made together with the related responses of the auditor's understanding of the entity and its environment and the auditor's assessment of the risks of material misstatement. T/F?
Entity's risk assessment procedures
The auditor should obtain an understanding of the _____________ for the purpose of forming a basis of how management detemines the business risks to be managed.
True
The auditor should use assertions in sufficient detail to form a basis for the assessment of risk of material misstatement and the design and performance of further audit procedures. T/F?
- Make decisions about the assessment of risk by considering the types of potential misstatements that may occur - Design audit procedures that are appropriate to the assertion and to the risk assessment
The auditor uses financial statement assertions to:
- Reducing the assessed risk of material misstatement, where this is possible, and supporting the reduced level by carrying out extended or additional tests control; or - Reducing detection risk by modifying the nature, timing and extent of planned procedures
The auditor would compensate for the increased audit risk by either:
- The overall responses to the assessed risks of material misstatement due to fraud at the FS level and the nature, timing and extent of audit procedures, and the linkage of those procedures with the assessed risks of material misstatement due to fraud at the assertion level - The results of the audit procedures, including those designed to address the risk of management override of controls
The auditor's documentation of the responses to the assessed risks of material misstatement required by PSA 330(Red) shall include:
- The significant decisions reached during the discussion among the engagement teak regarding the susceptibility of the entity's financial statements to material misstatement due to fraud - The identified and assessed risks of material misstatement due to fraud at the financial statement level and at the assertion level
The auditor's documentation of the understanding of the entity and its environment and the assessment of the risk of material misstatement required by PSA 315(Red) shall include:
Fraudulent financial reporting; Misappropriation of assets
The auditor's interest relates to fraudulent acts that cause material misstatements at the financial statement level and the assertion level that arise from __________ and ____________.
- Past misstatements and whether they were corrected on a timely basis - The nature of the entity and its environment, and its internal control - Significant changes that the entity or its operations may have undergone since the previous financial period
The auditor's previous experience with the entity and audit procedures performed in previous audits may provide the auditor with information about such matters as:
- The knowledge, skill, and ability of personnel assigned significant engagement responsibilities, including whether to involve experts - The appropriate levels of supervision - Whether there are events or conditions that may cast significant doubt on the entity's ability to continue as a going concern
The auditor's response to the assessed risk of material misstatement at the overall financial statement level includes consideration of:
Materiality
The magnitude of an omission or misstatement of accounting information that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement
Those charged with governance; management
The primary responsibility for the prevention and detection of fraud rests with both ___________ and with _________.
Audit skills
The risk assessment demands __________ for noticing the "red flags" and deciding whether they are significant for planning subsequent procedures
- Inquiries of management and of others within the entity - Analytical procedures - Observation and Inspection
The risk assessment procedures shall include the following:
Audit risk
The risk of a material misstatement of a financial statement item that is or should be included in the audited financial statements of an entity
False; greater
The risk of the auditor not detecting a material misstatement resulting from management fraud is lesser than for employee fraud. T/F?
Control risk
The risk that a misstatement, which could occur in an account balance or class of transactions and that, could be material individually or when aggregated with misstatements in other balances or classes, will not be prevented or detected and corrected on a timely basis by the accounting and internal control systems.
Detection risk
The risk that an auditor's procedures will not detect a misstatement that exists in an account balance or class of transactions that could be material, individually or when aggregated with misstatements in other balances or classes
Audit risk
The risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated (AASC-Glossary of Terms)
Inherent risk
The susceptibility of an account balance or class of transactions to misstatement that could be material, individually or when aggregated with misstatements in other balances or classes, assuming that there are no related internal controls.
- materiality for the financial statements as a whole - performance materiality - materiality applied to specific classes of transactions, account balances or disclosures
The three different levels of materiality
- Inherent risk - Control risk
The two components of the risk of material misstatement
Inverse
There is a/an _______ relationship between materiality and risk.
PSA 330(Red) - The Auditor's Responses to Assessed Risks
This PSA discusses the auditor's responsibility to determine overall responses and to design and perform further audit procedures whose nature, timing, and extent are responsive to the risk assessments.
PSA 315(Red) - Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment
This PSA requires the auditor to make risk assessments at the financial statement and assertion levels based on an appropriate understanding of the entity and its environment, including its internal control
PSA 240(Red) - The Auditor's Responsibility to Consider Fraud in an Audit of Financial Statements
This Standard deals with the auditor's responsibilities relating to fraud in an audit of financial statements.
In all material respects
This phrase included in the opinion paragraph communicates to third parties that the audit report is limited to material information
PSA 250(Red) - Consideration of Laws and Regulations in an Audit of Financial Statements
This standard deals with the auditor's responsibility to consider laws and regulations when perfoming an audit of financial statements
PSA 320 (R&R) - Materiality in Planning and Performing an Audit
This standard provides more specific guidance in establishing materiality in planning and performing an audit and introduces the concept of "performance materiality"
a) an incentive or pressure to commit fraud b) a perceived opportunity to commit fraud c) an ability to rationalize the fraudulent action
Three conditions that comprise the fraud triangle
- Financial - Work-related - Other factors
Three kinds of pressures that can lead to fraud
- establishing materiality levels - the different ways in which management assertions, as reflected in financial statement items, may contain misstatements - information on the susceptibility of these assertions to misstatement and the effectiveness of the client's internal control in preventing and detecting misstatement, or the audit risk model
Three major conceptual issues in planning an audit to detect material misstatements
- A misstatement must be generated - Internal controls fail to prevent or detect the misstatement once it has occurred - The misstatement remains undiscovered by the auditor
Three things that must happen for a material misstatement to affect financial statements
- Internal control factors - Other factors
Two types of perceived opportunities
True
When analytical procedures use data aggregated at a high level, the results of those analytical procedures only provide a broad initial indication about whether a material misstatement may exist. T/F?
- determining the nature, timing and extent of risk assessment procedures - identifying and assessing the risk of material misstatements - determining the nature, timing and extent of further audit procedures
When materiality should be considered
True
When the auditor has concluded that the presumption that there is a risk of material misstatement due to fraud related to revenue recognition is not applicable in the circumstances of the engagement, the auditor shall document the reasons for that conclusion. T/F?
Reasonable assurance
Which is stated in the first paragraph of the auditor's responsibility, informs the reader that there is some level of risk that the audit did not detect all material misstatements
True
With respect to compliance with laws and regulations, if management does not provide satisfactory information that it is in fact in compliance, the auditor would consult with the entity's lawyer about the application of the laws and regulations to the circumstances and the possible effects on the financial statements. T/F?
The risk that the misstatement will not be detected by the auditor
[1-Pr(Da)]
The risk that the misstatement will not be detected by the entity
[1-Pr(De)]
The auditor
___________ is ultimately concerned only with risks that may affect the financial statements