chapter 6 risk assessment

8/21/2019 Chapter 6 Risk Assessment

1/29

Chapter 6

Risk assessment


2/29

Audit risk Model Audit risk is the risk that the auditor expresses an

inappropriate audit opinion , when the financialstatement are materially misstated.

i.e. that they give an unmodified audit opinionwhen the financial statements contain a material

misstatement. It has three components

1) Inherent risk

2) Control risk3) Detection risk

Audit risk = Inherent risk * Control risk * Detection

risk


3/29

Audit risk components Inherent risk

Inherent risk is the risk of a material misstatement in the

financial statements because of the nature of the industry,entity or the nature of the item itself.(It has nothing to dowith control)

Control risk

is the risk that a misstatement that could occur and thatcould be material will not be prevented, or detected andcorrected on a timely basis by the entity's internal controls.

Detection risk

is the risk that the procedures performed by the auditor toreduce audit risk to an acceptably low level will not detect amisstatement that exists and that could be material.


4/29

Sampling and non Sampling risk Detection risk comprises sampling risk and non

sampling risk: Sampling risk

Sampling risk is the risk that the auditor's conclusionbased on a sample is different from the conclusion thatwould be reached if the whole population were tested.

In other words that means sample is not a truerepresentative of the population.

Non sampling risk Non sampling risk is the risk that the auditor's

conclusion is inappropriate for any other reason, e.g.the application of inappropriate procedures or the

failure to recognize a misstatement.


5/29

ISA 315 ISA 315 (Revised) Identifying and Assessing the Risks of

Material Misstatement Through Understanding the Entity and

its Environment which states : The objective of the auditor is to identify and assess the risk

of material misstatement, whether due to fraud or error, atthe financial statement and assertion levels, throughunderstanding the entity and its environment, including theentity's internal control , thereby providing a basis fordesigning and implementing responses to the assessed risksof material misstatement.

Why to understand

To identify and assess the risk of material misstatement infinancial statements

To enable the auditor design and perform further auditprocedures

For exercising judgment while setting materiality


6/29

What is a misstatement?

'A difference between the amount,

classification, presentation, or disclosure of a

reported financial statement itemand the

amount, classification, presentation, or

disclosure that is required for the item to be

in accordance with the applicable financial

reporting framework. Misstatements can arisefrom error or fraud.


7/29

Understanding the entity and its

environment (ISA 315)

What to understand In order to identify the risks of material misstatement

in the financial statements the auditor is required toobtain an understanding of: their clients their clients'

environments and their clients' internal controls. Thisgenerally includes:

1. relevant industry, regulatory and other externalfactors (including the financial reporting framework)

2. The nature of the entity, including:

its operations

its ownership and governance structures

the types of investment it makes

the way it is structured and financed


8/29

Understanding the entity and its

environment (ISA 315)

3.The entity's selection and application ofaccounting policies

4. The entity's objectives, strategies and related

business risks 5. The measurement and review of the entity's

financial performance

6. The internal controls relevant to the audit.


9/29

Sources of information The information used to obtain this understanding can

come from a wide range of sources, including: Information from your firm

Partners , managers , last year audit team , last yearaudit working file.

Information from external sources

Industries surveys , Companies house , internet , creditreference agencies

Information from client Observation , discussion , brochures

Information from you

Past experience


10/29

Risk assessment procedures

( How to understand )

Inquires from management

Observation and inspection

Analytical procedures (Question ) Prior period knowledge

Information from other engagements

undertaken for entity


11/29

Assess risk and identify significant risk

Assess risk what can go wrong at financial statement

and assertion level.

Significant risk

Those risks which require special attention .

1) Risk of fraud2) Its relationship with recent development

3) Degree of subjectivity in financial information

4) It is an unusual transaction5) The complexity of transaction

When auditor identifies risk he shall obtain anunderstanding of entity control relevant to that risk.


12/29

Responses to assessed risk (ISA 330) The auditor must amend the audit approach in

response to risk assessment.

They can achieve this by:

1) Assigning more experienced staff to risk areas

2) Increasing supervision levels3) Increasing the element of unpredictability in sample

selection

4) Changing the nature, timing and extent of procedures

5) Increasing the emphasis on substantive tests of detail

6) Emphasizing the need for maintaining professional

scepticism.


13/29

ISA 320 (Materiality )

Misstatements, including omissions, are considered

to be material if they, individually or in theaggregate, could reasonably be expected to

influence the economic decisions of users taken on

the basis of the financial statements Or

An item is said to be material if its omission or

misstatement can effect the decision of usersfinancial statements.


14/29

What is the significance of materiality?

The auditor is responsible for providing 'an opinion

on whether the financial statements are prepared,in all material respects, in accordance with anapplicable financial reporting framework.

If financial statements contain materialmisstatement they cannot be deemed to show atrue and fair view.

At planning stage of an audit , auditors set anacceptable materiality level to enable them todetect material misstatement. Materiality will beconsidered at the financial statement level and at

more specific transactions and balance level..


15/29

Setting materiality

The acceptable level will be calculated with

reference to figure available to them , ideally draft

accounts for the year or recent management

accounts, or if no such current figures are available ,

on budget figures.

The auditor also need to consider the cumulative

effect of immaterial error to see whether they are

material in total to the financial statements.


16/29

How is materiality determined? The guidance in ISA 320 states that the determination

of materiality is a matter of professional judgment and

that the auditor must consider:1) the circumstances surrounding the entity

2) both the size and nature of misstatements

3) the information needs of the users as a group.It is a subjective and potentially complex process andit is vital that materiality is considered in light of theclient's needs.

However, ISA 320 does recognize the need to establisha financial threshold to guide audit planning andprocedures. For this reason it does allow the use ofstandard benchmarks but only as a starting point. Theauditor must consider all of the factors listed above.


17/29

Traditional benchmark for materiality Traditional benchmarks include:

1% of revenue 5% 10% of profit before tax

1 2% of Total assets.

Note that these benchmarks do not come from the auditing

standards. Materiality is a matter of professional judgment. The above

are common benchmarks used, but different audit firms mayuse different benchmarks or a firm may use differentthresholds for each client.

In addition, materiality is not just a purely financial concern.Disclosures in the financial statements relating to possiblefuture legal claims, for example, could influence users'decisions and may be purely narrative. In this case a

numerical calculation is not relevant.


18/29

Performance materiality Materiality, as determined for the financial statements

as a whole, may not be the best guide in determining

the nature and extent of audit tests. For this reason,ISAs introduce a further concept: performancemateriality.

Performance materiality:

The amount set by the auditor at less than materialityfor the financial statements as a whole to reduce to anappropriately low level the probability that theaggregate of uncorrected and undetected

misstatements exceeds materiality for the financialstatements as a whole.

This reduces the risk that the auditor will fail to identifymisstatements that are material in combination.


19/29

ISA 240 (Auditor responsibility for fraud)

Fraud is an intentional act by one or more

individuals among management, those chargedwith governance, employees or third parties,involving the use of deception to obtain an illegaladvantage.

Fraud is a broad legal concept it is a criminal

activity. It is not the responsibility of the auditor toprove whether fraud has actually occurred, that is

the role of the country's legal system. The auditor'srole is to determine whether there is a materialmisstatement in the financial statements as a resultof fraud.


20/29


Fraud can be split into two types:

Fraudulent financial reportingdeliberatelymisstating the accounts to make the company lookbetter/worse than it actually is.

Misappropriation of assetsthe theft of the

companys assets such as cash or inventory, Misuse ofcompany assets and payment made to fictitiousemployees

The external auditor's responsibilities

The external auditor is responsible for obtainingreasonable assurance that the financial statements,taken as a whole, are free from material misstatement,whether caused by fraud or error. Therefore, theexternal auditor has some responsibility for consideringthe risk of material misstatement due to fraud


21/29


The external auditor's responsibilities

1) Maintain an attitude of professional scepticism. Thismeans that the auditor must recognize the possibilitythat a material misstatement due to fraud could occur,regardless of the auditor's prior experience of the

client's integrity and honesty.2) Identify and assess the risks of material misstatement

due to fraud.

3) Identify, through enquiry, how management assessesand responds to the risk of fraud.

4) Enquire of management, internal auditors and thosecharged with governance if they are aware of any

actual or suspected fraudulent activity.


22/29

ISA 240 (Auditor responsibility for fraud) Reporting the fraud

If the auditor identifies a fraud they must communicate the

matter on a timely basis to the appropriate level ofmanagement (i.e. those with the primary responsibility forprevention and detection of fraud).

If the suspected fraud involves management the auditor mustcommunicate the matter to those charged with governance. Ifthe auditor has doubts about the integrity of those chargedwith governance they should seek legal advice regarding anappropriate course of action.

In addition to these responsibilities the auditor must also

consider whether they have a responsibility to report theoccurrence of a suspicion to a party outside the entity. Whilstthe auditor does have an ethical duty to maintain

confidentiality, it is likely that any legal responsibility will takeprecedence. In these circumstances it is advisable to seek

legal advice.


23/29

ISA 250 (Laws and regulation ) Under ISA 250 Consideration of Laws and Regulations

in an Audit of Financial Statements, management have

a responsibility to ensure that the operations ofCompanies are conducted in accordance with theprovisions of laws and regulations. This includescompliance with laws and regulations that determine

amounts and disclosures in financial statements,including tax liabilities and charges.

Auditors are not responsible for preventing non-compliance with laws and regulations, and cannot beexpected to detect non-compliance with all laws andregulations. They have a responsibility to obtainreasonable assurance that the financial statements arefree from material misstatement, whether caused byfraud or error.


24/29

ISA 250 (Laws and regulation )Responsibilities of the auditor

Responsibility of auditor differs in relation to the two different

categories of laws and regulations identified below: Laws and regulations which have a DIRECT effect on the

determination of material amounts and disclosures in financialstatements. Here the auditor is responsible for obtaining sufficientappropriate audit evidence regarding compliance.

Laws and regulations which DO NOT HAVE A DIRECT EFFECT onthe determination of material amounts and disclosures in financialstatements, but may impact the entitys ability to continue totrade. Here the auditors responsibility is limited to specified auditprocedures to help identify non-compliance with those laws and

regulations that may have a material effect on the financialstatements. This includes inquiring with management whether theentity is in compliance with such laws and regulations, andinspecting correspondence with relevant licensing or regulatoryauthorities.


25/29

ISA 250 (Laws and regulation )Auditor also has a responsibility to remain alert, by

maintaining professional scepticism, to thepossibility that other audit procedures may bring

instances of identified or suspected non-compliance

with laws and regulations.


26/29

ISA 250 (Laws and regulation )Reporting of laws and regulation

1) As soon as practicable either communicate with thosecharged with governance.

2) However if auditor suspects the senior management

including BOD , are involved , he should report to next

higher level of authority such as audit committee ,

supervisory board.

3) If this does not exists or auditor believe his report will

not be acted upon is unsure who to report to heshould consider legal advice.

4) In case of money laundering ,it might be appropriative

to report the matter directly to the relevant authority.


27/29

Question 1 Nepco is a European company that manufactures high quality

computer components and assembles computer parts. It has

existed for some years and is part of a vertical supply chainfor a well known brand of computer hardware. Profits arecoming under increasing pressure from manufacturers in theFar East and Asia with lower labour costs, and from rising raw

material costs. Nepco is listed on a stock exchange. There ispressure from institutional investors for better returns in theform of dividends and the main institutional investors areconsidering selling a proportion of their shares in thecompany. The directors of Nepco are considering whether to

move into new market areas.

Nepco has good accounting and internal control systems.Inventory is material to the accounts, and there is a good setof permanent inventory records


28/29

Question 1 No yearend inventory count is conducted. Operational compliance

issues are important to Nepco as many countries have inflexiblequality standards and some projects are being held up because ofdifficulties in obtaining approval from regulators for newcomponents. All staff and directors of Nepco are remunerated (atleast in part) on a performance related basis, some with shareoptions. Staff are generally highly qualified and well paid.

This is your first year as auditors. Your firm has very littleexperience in this industry. External audit costs are tightlycontrolled and your firm has agreed to a budget that will allowvery little flexibility.

Required

Describe the risks relating to Nepco under the headings ofinherent risk, control risk and detection risk.

In the light of the risks identified in (a) above, list the matters towhich you will pay particular attention during the audit of Nepco

and explain the work you will perform in relation to them.

Q i 2


29/29

Question 2 You are an audit senior responsible for understanding

the entity and its environment and assessing the risk of

material misstatements for the audit of Rock Co for theyear ending 31 December 2012. Rock Co is a companylisted on a stock exchange. Rock Co is engaged in thewholesale import, manufacture and distribution of

basis cosmetics and toiletries for sale to a wide range ofstores, under a variety of different brand names. Youhave worked on the audit of this client for several yearsas an audit junior.

Required

Describe the information you will seek, andprocedures you will perform in order to understandthe entity and its environment and assess risk for theaudit of Rock Co for the year ending 31 December

2012

chapter 6 risk assessment

Documents