CH: 9 ASSESSING THE RISK OF MATERIAL MISSTATEMENT

AUDIT RISK

- Auditors accept some level of risk or uncertainty in performing the audit function.

- The risk of material misstatement is a function of the susceptibility of the financial

statements as a whole or individual accounts to misstatement, including the risk that
the client’s controls may not be effective in preventing or detecting and cor-recting the
misstatements.

material misstatement exists at two levels:

- the overall financial statement level and
- the assertion level for classes of transactions and events and account balances, including
related disclosures.

Risk of Material Misstatement at the Overall Financial Statement Level

- refers to risks that relate pervasively to the financial statements as a whole and
potentially affect a number of different transactions and accounts.

as those risks increase the likelihood of risks of material misstatement across a number of
accounts and assertions for those accounts.

Exp:

- deficiencies in management’s integrity or competence

- ineffective oversight by the board of directors, or
- inadequate accounting systems and records

Risk of Material Misstatement at the Assertion Level

risk of material misstatement at the assertion level consists of two components:

 inherent risk and

- represents the auditor’s assessment of the susceptibility of an assertion to material
misstatement, before considering the effectiveness of the client’s internal controls
- may be higher for accounts whose valuations are dependent on complex calculations or
accounting estimates subject to significant estimation judgment.

 control risk
- represents the auditor’s assessment of the risk that a material misstatement could
occur in an assertion and not be prevented, or detected and corrected, on a timely
basis by the client’s internal controls.
 - may be higher if the client’s internal control procedures fail to include independent
review and verification by other client personnel of complex calculations used or
significant estimates developed to determine the valuation of an account balance
recorded in the client’s financial statements.

RISK ASSESSMENT PROCEDURES

Risk assessment procedures include the following:

1. Inquiries of management and others within the entity
2. Analytical procedures
3. Observation and inspection
4. Discussion among engagement team members
5. Other risk assessment procedures

Risk assessment procedures do not provide sufficient appropriate audit evidence to form an
audit opinion on the financial statements. Rather, they are used to assess the risk of material
misstatement and the required ex-tent of further audit procedures

Inquiries of Management and Others Within the Entity

- Auditors frequently interact with members of management and others with financial
reporting responsibilities to understand the entity and its environment and to learn
about the design and operation of internal controls.

inquiries of those charged with governance provide the auditor with important insights about
the overall governance oversight provided by the board of directors and others, which is an
important aspect of internal control.

AICPA

- suggest that inquiries of those charged with governance may be informative to the
auditor

PCAOB

- require the auditor to inquire of the audit committee or its equivalent about risks of
material misstatement.
Inquiries of internal audit personnel may provide use-ful information about key risks to the
business affecting not only financial reporting, but also operations and compliance with laws
and regulations that may increase the likelihood of material misstatements

- Both AICPA and PCAOB auditing standards require inquiry of internal audit personnel
when that function exists within the entity.

Analytical Procedures

- performance of analytical procedures may help the auditor identify unusual amounts,
ratios, or trends that might identify unusual trans-actions or events having audit
implications
- usually provide only a broad indication about whether a material misstatement exists.

Observation and Inspection

- Together, observation and inspection provide the auditor with a basis for understanding
internal controls, which is an important input for the assessment of the risk of material
misstatement

Discussions Among Engagement Team Members

- require the engagement partner and other key engagement team members to discuss
the susceptibility of the client’s financial statements to material misstatement.

including key members of the engagement team in discussions with the engagement partner,
all members of the engagement team become better informed about the potential for material
misstatement of the financial statements in specific areas of the audit assigned to them

Other Risk Assessment Procedures

- information obtained during the client acceptance or continuance evaluation process,

such as discussions with predecessor auditors or insights obtained from background
checks for new client engagements, may heighten the auditor’s awareness of the risks
of material misstatement

CONSIDERING FRAUD RISK

- the risk of not detecting a material misstatement due to fraud is higher than the risk of
not detecting a misstatement due to error.
Exp:

the auditor should inquire of management about their assessment of the risk that the financial
statements may be materially misstated due to fraud.

- should ask management to describe the frequency of management’s assess-ments and

the extent of their consideration of risks due to fraud, including discussion about
management’s processes that are designed to identify, respond to, and monitor the
risks of fraud in the organization.

*require the auditor to make inquiries of management and others within the entity about their
knowledge of any actual, suspected, or alleged fraud affecting the client and whether
management has communicated any information about fraud risks to those charged with
governance.

- risk of material misstatement due to fraud is made at both the financial statement level
and at the assertion level for classes of transactions and account balances, including
related disclosures.

IDENTIFICATION OF SIGNIFICANT RISKS

- auditing standards require the auditor to determine whether any of the risks identified
are, in the auditor’s professional judgment, a significant risk.

significant risk
- represents an identified and assessed risk of material misstatement that, in the auditor’s
professional judgment, requires special audit consideration.

Nonroutine Transactions

- transactions that are unusual, either due to size or nature, and that are infrequent in
occurrence.
Exp:

a retail client that normally sells its products through company-owned stores across the country
may decide to sell to a competitor………….terms of that transaction may be based on significant
negotiations that include various buy-back provisions and warranties that increase risks of
material misstatement related to revenue recognition and receivables collection.

- may increase the risk of material misstatement because they often involve a greater
extent of management intervention, including more reliance on manual versus
automated data collection and processing, and they can involve complex calculations or
unusual accounting principles not subject to effective internal controls due to their
infrequent nature.
 - Similar to related party transactions

Fraud Risk

- involves concealment, detecting material misstatements due to fraud is difficult

Matters That Require Significant Judgment

- require significant judgment because they include the development of accounting

estimates for which significant measurement uncertainty exists
- Classes of transactions or account balances that are based on the development of
accounting estimates often require significant judgment that is subjective or complex
because it is based on assumptions about future events.

AUDIT RISK MODEL

Audit Risk Model for Planning

helps auditors decide how much and what types of evidence to accumulate for each
relevant audit objective

Illustration Concerning Risks and Evidence

- The auditor assesses risks at the overall fi-nancial statement level and at the audit
objective level.
- consider differences in risk levels across various audit objectives within an individual
class of transactions.
 Planned Detection Risk

- the risk that audit evidence for an audit objective will fail to detect misstatements
exceeding performance materiality.

2 Key Points:

i) Planned detection risk determines the amount of substantive evidence that the au-
ditor plans to accumulate, inversely with the size of planned detection risk.

ii) Planned detection risk is dependent on the other three factors in the model. It will
change only if the auditor changes one of the other risk model factors.

Exp:

- the planned detection risk (PDR) of .05 means the auditor plans to accumulate evidence
until the risk of misstatements ex-ceeding performance materiality is reduced to 5
percent. If control risk (CR) were .50 instead of 1.0, planned detection risk (PDR) would
be .10, and planned evidence could therefore be reduced.
Inherent Risk

- measures the auditor’s assessment of the susceptibility of an assertion to material

misstatement, before considering the effectiveness of related internal controls

- Such assessments are typically based on discussions with management, knowledge of

the company, and results in audits of previous years.

Control Risk

- measures the auditor’s assessment of the risk that a material misstatement could occur
in an assertion and not be prevented, or detected and corrected, on a timely basis by
the client’s internal controls

- The more effective the internal controls, the lower the risk factor that can be assigned
to control risk.

i) the relationship between control risk and planned detection risk is inverse
ii) he relationship between control risk and substantive evidence is direct

Before auditors can set control risk at less than 100 percent, they must obtain an
understanding of internal control, evaluate how well it should function based on the
understanding, and test the internal controls for effectiveness

Acceptable Audit Risk

- a measure of how willing the auditor is to accept that the financial statements may be
materially misstated after the audit is completed and an unmodified opinion has been
issued.

- When auditors decide on a lower acceptable audit risk, they want to be more certain
that the financial statements are not materially mis-stated

0% = Certainty
100% = uncertainty

Audit assurance or any of the equivalent terms is the complement of acceptable audit risk, that
is, one minus acceptable audit risk.

2% acceptable audit risk = 98% audit assurance

- When employing the audit risk model, there is a direct relationship between ac-ceptable
audit risk and planned detection risk
 - an inverse relationship between acceptable audit risk and planned evidence

Distinction Among Risks in the Audit Risk Model

- acceptable audit risk, the auditor decides the risk the CPA firm is willing to take that the
financial statements are misstated after the audit is completed

ASSESSING ACCEPTABLE AUDIT RISK

- preferably during audit planning

- First, auditors decide engagement risk and then use engage-ment risk to modify
acceptable audit risk.

Impact of Engagement Risk on Acceptable Audit Risk

- risk that the auditor or audit firm will suffer harm after the audit is finished, even though
the audit report was correct.

closely related to client business risk

Factors Affecting Acceptable Audit Risk

The Degree to Which External Users Rely on the Statements

- Client’s size
- Distribution of ownership: interested parties include the SEC, financial analysts, and the
general public
- Nature and amount of liabilities

The Likelihood That a Client Will Have Financial Difficulties After the Audit Report Is Issued

- If a client is forced to file for bankruptcy or suffers a significant loss after completion of
the audit, auditors face a greater chance of being required to defend the quality of the
audit than if the client were under no financial strain

- in situations in which the auditor believes the chance of financial failure or loss is high
and a corresponding increase in engagement risk occurs, acceptable audit risk should be
reduced
 factors are good indicators of its increased probability

 Liquidity position
- if a client is constantly short of cash and working capital, it in-dicates a future problem in
paying bills.

 Profits (losses) in previous years

- the auditor should recognize the future solvency problems that the client is likely to
encounter.
- It is also important to consider the changing profits relative to the balance remaining in
retained earnings.

 Method of financing growth

- the more a client relies on debt as a means of financing, the greater the risk of financial
difficulty if the client’s operating success declines

 Nature of the client’s operations

- Certain types of businesses are inherently riskier than others

 Competence of management
- assess the ability of management as a part of the evaluation of the likelihood of
bankruptcy

The Auditor’s Evaluation of Management’s Integrity

- if a client has questionable integrity, the auditor is likely to assess a lower acceptable
audit risk

Making the Acceptable Audit Risk Decision

- it is easy to observe that the assessment of each of the factors is highly subjective,
meaning overall assessment of acceptable audit risk is also highly subjective

ASSESSING INHERENT RISK

Factors Affecting Inherent Risk

• Nature of the client’s business

• Results of previous audits
• Initial versus repeat engagement
• Related parties
• Complex or nonroutine transactions
• Judgment required to correctly record account balances and transactions
 • Makeup of the population
• Factors related to fraudulent financial reporting
• Factors related to misappropriation of assets

Nature of the Client’s Business

- inherent risk is most likely to vary from business to business for accounts such as
inventory, accounts and loans receivable, investments, and property, plant, and
equipment.

Results of Previous Audits

- Misstatements found in the previous year’s audit have a high likelihood of occurring
again in the current year’s audit, because many types of misstatements are systemic in
nature, and organizations are often slow in making changes to eliminate them.

Initial Versus Repeat Engagement

- Most auditors set a higher inherent risk in the first year of an audit and reduce it in
subsequent years as they gain more knowledge about the client.

Related Parties

- greater likelihood exists that they might be misstated or inadequately

Complex or Nonroutine Transactions

- Transactions that are unusual for a client, or involve lengthy or complex contracts, are
more likely to be incorrectly recorded than routine transactions because the client often
lacks experience recording them.

- Examples: fire losses, major property acquisitions, purchase of complex investments,

and restructuring charges resulting from discontinued operations.

Judgment Required to Correctly Record Account Balances and Transactions

- Many account balances, such as certain investments recorded at fair value

Makeup of the Population

- individual items making up the total popula-tion also affect the auditor’s expectation of
material misstatement.
Exp:

transactions with affiliated companies

amounts due from officers
cash disbursements made payable to cash

Factors Related to Fraudulent Financial Reporting and Misappropriation of Assets

- To satisfy the requirements of auditing standards, it is more important for the

auditor to assess the risks and to respond to them than it is to categorize them into a
risk type.

- The risk of fraud should be assessed for the entire audit as well as by cycle,
account, and objective

- The specific response to an identified risk of fraud can include revising assessments of
acceptable audit risk, inherent risk, and control risk

Making the Inherent Risk Decision

Assume that in the audit of inventory the auditor notes that

(1) a large number of misstatements were found in the previous year and
(2) inventory turnover has slowed in the current year.

Auditors will likely set inherent risk at a relatively high level (some will use 100 percent) for
each audit objective for inventory in this situation.

RELATIONSHIP OF RISKS TO EVIDENCE AND FACTORS INFLUENCING RISKS

there are two other ways that auditors can change the audit to respond to risks:

i) The engagement may require more experienced staff

ii) The engagement will be reviewed more carefully than usual.
 Audit Risk for Segments

- Some auditors use the same acceptable audit risk for all segments based on their
belief that at the end of the audit, financial statement users should have the same level
of assurance for every segment of the financial statements.

Relating Performance Materiality and Risks to Balance-Related Audit Objectives

- Although it is common in practice to assess inherent and control risks for each balance-
related audit objective, it is not common to allocate materiality to those objectives.
Measurement Limitations

- are highly subjective and are only approximations of reality.

To offset this measurement problem, many auditors use broad and subjective
measurement terms, such as low, medium, and high

In applying the audit risk model, auditors are concerned about both
over-auditing and under-auditing.

Revising Risks and Evidence

special care must be exercised when the auditor decides, on the basis of
accumulated evidence, that the original assessment of control risk or inherent risk was
understated or acceptable audit risk was overstated:

i) The auditor must revise the original assessment of the appropriate risk.
ii) auditor should consider the effect of the revision on evidence requirements, without
use of the audit risk model.

RELATIONSHIP OF RISK AND MATERIALITY TO AUDIT EVIDENCE

- materiality and risk in auditing are closely related and inseparable.

- If the statement eliminates either the risk or materiality portion, it is meaningless.