Chapter 4 Textbook Questions
Control Risk
(1) A client fails to discover employee fraud on a timely basis because bank accounts are not reconciled monthly
Inherent Risk
(10) XYZ Company, a client, lacks sufficient working capital to continue operations.
Inherent Risk
(2) Cash is more susceptible to theft than an inventory of coal
Detection Risk
(3) Confirmation of receivables by an auditor fails to detect a material misstatement.
Control Risk
(4) Disbursements have occurred without proper approval.
Control Risk
(5) There is inadequate segregation of duties.
Detection Risk
(6) A necessary substantive audit procedure is omitted.
Inherent Risk
(7) Notes receivable are susceptible to material misstatement, assuming there is no related internal control
Inherent Risk
(8) Technological developments make a major product obsolete.
Inherent Risk
(9) The client is very close to violating debt covenants.
Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Engagement risk is the risk that the auditor is exposed to financial loss or damage to his or her professional reputation from litigation, adverse publicity, or other events arising in connection with financial statements audited and reported on. In simple terms, audit risk is the risk that an auditor will issue an unqualified opinion on materially misstated financial statements, while engagement risk relates to the auditor's exposure to financial loss and damage to his or her professional reputation.
Distinguish between audit risk and auditor's business risk (engagement risk).
Misstatements can result from errors or fraud. The term errors refers to unintentional misstatements of amounts or disclosures in financial statements. The term fraud refers to an intentional act by one or more among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. Thus, the primary distinction between errors and fraud is whether the misstatement was intentional or unintentional. Unfortunately, it is often difficult to determine intent. For example, the auditor detects a misstatement in an account that requires an estimate, such as bad debt expense; it may be difficult to determine whether the misstatement was intentional.
Distinguish between error and fraud.
Known misstatements are factual misstatements about which there is no doubt. For example, an auditor may test a sales invoice and determine that the prices applied to the products ordered are incorrect. Once the products are correctly priced, the amount of misstatement is known. In such cases, the auditor knows the exact amount of the misstatement. Likely misstatements are misstatements that • Arise from differences between the auditor's judgments concerning accounting estimates and management's estimates that the auditor considers unreasonable or inappropriate. • The auditor considers likely to exist based on a projection of misstatements identified in an audit sample.
Distinguish between factual, judgmental and projected misstatements.
Sampling risk refers to the fact that, in many instances, the auditor does not examine 100 percent of the class of transactions or account balance. Since only a subset of the population is examined, it is possible that the sample drawn is not representative of the population and a wrong conclusion may be made on the fairness of the account balance. Professional judgment errors (nonsampling risk) occur because an auditor may use an inappropriate audit procedure, fail to detect a misstatement when applying an appropriate audit procedure, or misinterpret an audit result.
Distinguish between sampling risk and professional judgment errors (non-sampling) risk.
Significant changes in the entity such as large acquisitions, reorganizations, or other unusual events Significant changes in the industry in which the entity operates Significant new products or services or significant new lines of business New locations Significant changes in the IT environment Operations in areas with unstable economies High degree of complex regulations
Give three examples of conditions and events that may indicate the existence of business risks.
Inherent risk and control risk differ from detection risk in that inherent risk and control risk exist independent of the audit; that is, the levels of inherent risk and control risk are functions of the client and its environment. The auditor has little control over these risks. The auditor can control detection risk through the scope (nature, timing, and extent) of the audit procedures performed. Thus, detection risk has an inverse relationship with inherent risk and control risk.
How do inherent risk and control risk differ from detection risk?
In understanding the entity and its environment, the auditor gathers knowledge about: (1) the nature of the entity; (2) industry, regulatory, and other external factors; (3) objectives strategies, and business risks; (4) entity performance measures; and (5) internal control.
In understanding the entity and its environment, the auditor gathers knowledge about which categories of information?
Entities generally face a broad array of business risks that may affect their operations, financial reporting, and compliance with laws and regulations. An entity within the coal mining industry may face business risks in compliance with a high degree of complex regulation because the environment in which the coal mining industry contains dangerous environments.
Many entities are subject to regulations by state and federal regulatory bodies, For example, the Environmental Protection Agency has a mission of protecting human health and the environment. What business risks would an entity face if they operated in the coal mining industry?
If Jackal determines that a number of the risks of material misstatements are pervasive to the overall financial statement, he should reconsider the overall audit approach and respond to such pervasive by • Emphasizing to the audit team the need to maintain professional skepticism in gathering and evaluating audit evidence. • Assigning more experienced staff or those with specialized skills or using specialists. • Providing more supervision. • Incorporating additional elements of unpredictability in the selection of audit procedures to be performed.
Marv Jackal, independent auditor, determines that a number of risks of material misstatement are pervasive to the overall financial statements. How should Jackal respond to such pervasive risks?
a) The entity's market characteristics (e.g., demand, capacity, etc.) and competition. a. The entity may be in a highly competitive market which can result in making harder to sell inventory and harder to make profit, so this would increase the risk of the business manipulating its earnings reported in the financial statements. b) The cyclical or seasonal activity in the entity's industry. a. Management may get pushed to misstate its assets like its merchandise and/or inventory due to a cyclical or seasonal activity. c) The speed of technology change related to the entity's products. a. Changes from technological advances may affect value of the entity's products and may affect its profitability, which may or may not lead management to fraudulent financial reporting. d) The supply availability and cost of the entity's raw materials and components. a. Management may change of the value of assets if supply becomes low, or management may increase the cost of raw materials and components to maintain high earning potential on its products.
Question 4-30
a) The auditor performs the following steps to assess fraud risks: a. Audit team members discuss the risks of material misstatement due to fraud b. Questioning the audit committee, management, and other personnel about their views on the fraud risks and how it should be addressed c. Consider any unusual/unexpected relationships that were identified when performing the analytical procedure of the planning process of the audit d. Understand the company's period-end closing process and evaluate its unexpected period-end adjustments e. Identify and assess the three fraud risk factors (fraud risk triangle) b) Fraud Risk Triangle - Three conditions are generally present when material misstatements due to fraud occur: a. (1) Incentive/Pressure: Employees and/or management have incentive or are pressured to commit fraud i. The great the pressure to commit fraud, the more likely an individual with rationalize the fraud to be acceptable. b. (2) Opportunity: Events and/or circumstances exist that create an opportunity for an individual to commit fraud i. Management has the ability to commit fraud because of it position in the entity. c. (3) Rationalization/Attitude: Some individuals rationalize the commitment of fraud while others have the attitude, character, or values allowing them to commit fraud.
Question 4-31
Standard setters developed the audit risk model as a planning and evaluation tool. Therefore, the model is only as good as the judgments and assessments used as inputs. Following are some limitations. First, since the auditor assesses inherent risk and control risk, such assessments may be higher or lower than the actual inherent risk and control risk that exist for the client. Second, the audit risk model does not consider the possibility of nonsampling risk (auditor error in assessing risk, choosing audit procedures, and evaluating results).
What are some limitations of the audit risk model?
The auditor performs the following steps to identify the risks of material misstatement due to fraud: • Discussion among the audit team members regarding the risks of material misstatement due to fraud. • Inquire of management and others about their views on the risks of fraud and how it is addressed. • Consider any unusual or unexpected relationships that have been identified in performing analytical procedures in planning the audit. • Understand the client's period-end closing process and investigate unexpected period-end adjustments.
What steps should an auditor perform to identify the risk of material misstatement due to fraud?
A company would institute a control policy that required mandatory vacations to allow management to observe if there is any noticeable change, for example, a marked increase in cash receipts, while another person is performing the duties. These controls also help lessen potential fraud caused by employees.
Why would a company institute a control policy that required mandatory vacations?