chapter 6 risk assessment
TRANSCRIPT
-
8/21/2019 Chapter 6 Risk Assessment
1/29
Chapter 6
Risk assessment
-
8/21/2019 Chapter 6 Risk Assessment
2/29
Audit risk Model Audit risk is the risk that the auditor expresses an
inappropriate audit opinion , when the financialstatement are materially misstated.
i.e. that they give an unmodified audit opinionwhen the financial statements contain a material
misstatement. It has three components
1) Inherent risk
2) Control risk3) Detection risk
Audit risk = Inherent risk * Control risk * Detection
risk
-
8/21/2019 Chapter 6 Risk Assessment
3/29
Audit risk components Inherent risk
Inherent risk is the risk of a material misstatement in the
financial statements because of the nature of the industry,entity or the nature of the item itself.(It has nothing to dowith control)
Control risk
is the risk that a misstatement that could occur and thatcould be material will not be prevented, or detected andcorrected on a timely basis by the entity's internal controls.
Detection risk
is the risk that the procedures performed by the auditor toreduce audit risk to an acceptably low level will not detect amisstatement that exists and that could be material.
-
8/21/2019 Chapter 6 Risk Assessment
4/29
Sampling and non Sampling risk Detection risk comprises sampling risk and non
sampling risk: Sampling risk
Sampling risk is the risk that the auditor's conclusionbased on a sample is different from the conclusion thatwould be reached if the whole population were tested.
In other words that means sample is not a truerepresentative of the population.
Non sampling risk Non sampling risk is the risk that the auditor's
conclusion is inappropriate for any other reason, e.g.the application of inappropriate procedures or the
failure to recognize a misstatement.
-
8/21/2019 Chapter 6 Risk Assessment
5/29
ISA 315 ISA 315 (Revised) Identifying and Assessing the Risks of
Material Misstatement Through Understanding the Entity and
its Environment which states : The objective of the auditor is to identify and assess the risk
of material misstatement, whether due to fraud or error, atthe financial statement and assertion levels, throughunderstanding the entity and its environment, including theentity's internal control , thereby providing a basis fordesigning and implementing responses to the assessed risksof material misstatement.
Why to understand
To identify and assess the risk of material misstatement infinancial statements
To enable the auditor design and perform further auditprocedures
For exercising judgment while setting materiality
-
8/21/2019 Chapter 6 Risk Assessment
6/29
What is a misstatement?
'A difference between the amount,
classification, presentation, or disclosure of a
reported financial statement itemand the
amount, classification, presentation, or
disclosure that is required for the item to be
in accordance with the applicable financial
reporting framework. Misstatements can arisefrom error or fraud.
-
8/21/2019 Chapter 6 Risk Assessment
7/29
Understanding the entity and its
environment (ISA 315)
What to understand In order to identify the risks of material misstatement
in the financial statements the auditor is required toobtain an understanding of: their clients their clients'
environments and their clients' internal controls. Thisgenerally includes:
1. relevant industry, regulatory and other externalfactors (including the financial reporting framework)
2. The nature of the entity, including:
its operations
its ownership and governance structures
the types of investment it makes
the way it is structured and financed
-
8/21/2019 Chapter 6 Risk Assessment
8/29
Understanding the entity and its
environment (ISA 315)
3.The entity's selection and application ofaccounting policies
4. The entity's objectives, strategies and related
business risks 5. The measurement and review of the entity's
financial performance
6. The internal controls relevant to the audit.
-
8/21/2019 Chapter 6 Risk Assessment
9/29
Sources of information The information used to obtain this understanding can
come from a wide range of sources, including: Information from your firm
Partners , managers , last year audit team , last yearaudit working file.
Information from external sources
Industries surveys , Companies house , internet , creditreference agencies
Information from client Observation , discussion , brochures
Information from you
Past experience
-
8/21/2019 Chapter 6 Risk Assessment
10/29
Risk assessment procedures
( How to understand )
Inquires from management
Observation and inspection
Analytical procedures (Question ) Prior period knowledge
Information from other engagements
undertaken for entity
-
8/21/2019 Chapter 6 Risk Assessment
11/29
Assess risk and identify significant risk
Assess risk what can go wrong at financial statement
and assertion level.
Significant risk
Those risks which require special attention .
1) Risk of fraud2) Its relationship with recent development
3) Degree of subjectivity in financial information
4) It is an unusual transaction5) The complexity of transaction
When auditor identifies risk he shall obtain anunderstanding of entity control relevant to that risk.
-
8/21/2019 Chapter 6 Risk Assessment
12/29
Responses to assessed risk (ISA 330) The auditor must amend the audit approach in
response to risk assessment.
They can achieve this by:
1) Assigning more experienced staff to risk areas
2) Increasing supervision levels3) Increasing the element of unpredictability in sample
selection
4) Changing the nature, timing and extent of procedures
5) Increasing the emphasis on substantive tests of detail
6) Emphasizing the need for maintaining professional
scepticism.
-
8/21/2019 Chapter 6 Risk Assessment
13/29
ISA 320 (Materiality )
Misstatements, including omissions, are considered
to be material if they, individually or in theaggregate, could reasonably be expected to
influence the economic decisions of users taken on
the basis of the financial statements Or
An item is said to be material if its omission or
misstatement can effect the decision of usersfinancial statements.
-
8/21/2019 Chapter 6 Risk Assessment
14/29
What is the significance of materiality?
The auditor is responsible for providing 'an opinion
on whether the financial statements are prepared,in all material respects, in accordance with anapplicable financial reporting framework.
If financial statements contain materialmisstatement they cannot be deemed to show atrue and fair view.
At planning stage of an audit , auditors set anacceptable materiality level to enable them todetect material misstatement. Materiality will beconsidered at the financial statement level and at
more specific transactions and balance level..
-
8/21/2019 Chapter 6 Risk Assessment
15/29
Setting materiality
The acceptable level will be calculated with
reference to figure available to them , ideally draft
accounts for the year or recent management
accounts, or if no such current figures are available ,
on budget figures.
The auditor also need to consider the cumulative
effect of immaterial error to see whether they are
material in total to the financial statements.
-
8/21/2019 Chapter 6 Risk Assessment
16/29
How is materiality determined? The guidance in ISA 320 states that the determination
of materiality is a matter of professional judgment and
that the auditor must consider:1) the circumstances surrounding the entity
2) both the size and nature of misstatements
3) the information needs of the users as a group.It is a subjective and potentially complex process andit is vital that materiality is considered in light of theclient's needs.
However, ISA 320 does recognize the need to establisha financial threshold to guide audit planning andprocedures. For this reason it does allow the use ofstandard benchmarks but only as a starting point. Theauditor must consider all of the factors listed above.
-
8/21/2019 Chapter 6 Risk Assessment
17/29
Traditional benchmark for materiality Traditional benchmarks include:
1% of revenue 5% 10% of profit before tax
1 2% of Total assets.
Note that these benchmarks do not come from the auditing
standards. Materiality is a matter of professional judgment. The above
are common benchmarks used, but different audit firms mayuse different benchmarks or a firm may use differentthresholds for each client.
In addition, materiality is not just a purely financial concern.Disclosures in the financial statements relating to possiblefuture legal claims, for example, could influence users'decisions and may be purely narrative. In this case a
numerical calculation is not relevant.
-
8/21/2019 Chapter 6 Risk Assessment
18/29
Performance materiality Materiality, as determined for the financial statements
as a whole, may not be the best guide in determining
the nature and extent of audit tests. For this reason,ISAs introduce a further concept: performancemateriality.
Performance materiality:
The amount set by the auditor at less than materialityfor the financial statements as a whole to reduce to anappropriately low level the probability that theaggregate of uncorrected and undetected
misstatements exceeds materiality for the financialstatements as a whole.
This reduces the risk that the auditor will fail to identifymisstatements that are material in combination.
-
8/21/2019 Chapter 6 Risk Assessment
19/29
ISA 240 (Auditor responsibility for fraud)
Fraud is an intentional act by one or more
individuals among management, those chargedwith governance, employees or third parties,involving the use of deception to obtain an illegaladvantage.
Fraud is a broad legal concept it is a criminal
activity. It is not the responsibility of the auditor toprove whether fraud has actually occurred, that is
the role of the country's legal system. The auditor'srole is to determine whether there is a materialmisstatement in the financial statements as a resultof fraud.
-
8/21/2019 Chapter 6 Risk Assessment
20/29
ISA 240 (Auditor responsibility for fraud)
Fraud can be split into two types:
Fraudulent financial reportingdeliberatelymisstating the accounts to make the company lookbetter/worse than it actually is.
Misappropriation of assetsthe theft of the
companys assets such as cash or inventory, Misuse ofcompany assets and payment made to fictitiousemployees
The external auditor's responsibilities
The external auditor is responsible for obtainingreasonable assurance that the financial statements,taken as a whole, are free from material misstatement,whether caused by fraud or error. Therefore, theexternal auditor has some responsibility for consideringthe risk of material misstatement due to fraud
-
8/21/2019 Chapter 6 Risk Assessment
21/29
ISA 240 (Auditor responsibility for fraud)
The external auditor's responsibilities
1) Maintain an attitude of professional scepticism. Thismeans that the auditor must recognize the possibilitythat a material misstatement due to fraud could occur,regardless of the auditor's prior experience of the
client's integrity and honesty.2) Identify and assess the risks of material misstatement
due to fraud.
3) Identify, through enquiry, how management assessesand responds to the risk of fraud.
4) Enquire of management, internal auditors and thosecharged with governance if they are aware of any
actual or suspected fraudulent activity.
-
8/21/2019 Chapter 6 Risk Assessment
22/29
ISA 240 (Auditor responsibility for fraud) Reporting the fraud
If the auditor identifies a fraud they must communicate the
matter on a timely basis to the appropriate level ofmanagement (i.e. those with the primary responsibility forprevention and detection of fraud).
If the suspected fraud involves management the auditor mustcommunicate the matter to those charged with governance. Ifthe auditor has doubts about the integrity of those chargedwith governance they should seek legal advice regarding anappropriate course of action.
In addition to these responsibilities the auditor must also
consider whether they have a responsibility to report theoccurrence of a suspicion to a party outside the entity. Whilstthe auditor does have an ethical duty to maintain
confidentiality, it is likely that any legal responsibility will takeprecedence. In these circumstances it is advisable to seek
legal advice.
-
8/21/2019 Chapter 6 Risk Assessment
23/29
ISA 250 (Laws and regulation ) Under ISA 250 Consideration of Laws and Regulations
in an Audit of Financial Statements, management have
a responsibility to ensure that the operations ofCompanies are conducted in accordance with theprovisions of laws and regulations. This includescompliance with laws and regulations that determine
amounts and disclosures in financial statements,including tax liabilities and charges.
Auditors are not responsible for preventing non-compliance with laws and regulations, and cannot beexpected to detect non-compliance with all laws andregulations. They have a responsibility to obtainreasonable assurance that the financial statements arefree from material misstatement, whether caused byfraud or error.
-
8/21/2019 Chapter 6 Risk Assessment
24/29
ISA 250 (Laws and regulation )Responsibilities of the auditor
Responsibility of auditor differs in relation to the two different
categories of laws and regulations identified below: Laws and regulations which have a DIRECT effect on the
determination of material amounts and disclosures in financialstatements. Here the auditor is responsible for obtaining sufficientappropriate audit evidence regarding compliance.
Laws and regulations which DO NOT HAVE A DIRECT EFFECT onthe determination of material amounts and disclosures in financialstatements, but may impact the entitys ability to continue totrade. Here the auditors responsibility is limited to specified auditprocedures to help identify non-compliance with those laws and
regulations that may have a material effect on the financialstatements. This includes inquiring with management whether theentity is in compliance with such laws and regulations, andinspecting correspondence with relevant licensing or regulatoryauthorities.
-
8/21/2019 Chapter 6 Risk Assessment
25/29
ISA 250 (Laws and regulation )Auditor also has a responsibility to remain alert, by
maintaining professional scepticism, to thepossibility that other audit procedures may bring
instances of identified or suspected non-compliance
with laws and regulations.
-
8/21/2019 Chapter 6 Risk Assessment
26/29
ISA 250 (Laws and regulation )Reporting of laws and regulation
1) As soon as practicable either communicate with thosecharged with governance.
2) However if auditor suspects the senior management
including BOD , are involved , he should report to next
higher level of authority such as audit committee ,
supervisory board.
3) If this does not exists or auditor believe his report will
not be acted upon is unsure who to report to heshould consider legal advice.
4) In case of money laundering ,it might be appropriative
to report the matter directly to the relevant authority.
-
8/21/2019 Chapter 6 Risk Assessment
27/29
Question 1 Nepco is a European company that manufactures high quality
computer components and assembles computer parts. It has
existed for some years and is part of a vertical supply chainfor a well known brand of computer hardware. Profits arecoming under increasing pressure from manufacturers in theFar East and Asia with lower labour costs, and from rising raw
material costs. Nepco is listed on a stock exchange. There ispressure from institutional investors for better returns in theform of dividends and the main institutional investors areconsidering selling a proportion of their shares in thecompany. The directors of Nepco are considering whether to
move into new market areas.
Nepco has good accounting and internal control systems.Inventory is material to the accounts, and there is a good setof permanent inventory records
-
8/21/2019 Chapter 6 Risk Assessment
28/29
Question 1 No yearend inventory count is conducted. Operational compliance
issues are important to Nepco as many countries have inflexiblequality standards and some projects are being held up because ofdifficulties in obtaining approval from regulators for newcomponents. All staff and directors of Nepco are remunerated (atleast in part) on a performance related basis, some with shareoptions. Staff are generally highly qualified and well paid.
This is your first year as auditors. Your firm has very littleexperience in this industry. External audit costs are tightlycontrolled and your firm has agreed to a budget that will allowvery little flexibility.
Required
Describe the risks relating to Nepco under the headings ofinherent risk, control risk and detection risk.
In the light of the risks identified in (a) above, list the matters towhich you will pay particular attention during the audit of Nepco
and explain the work you will perform in relation to them.
Q i 2
-
8/21/2019 Chapter 6 Risk Assessment
29/29
Question 2 You are an audit senior responsible for understanding
the entity and its environment and assessing the risk of
material misstatements for the audit of Rock Co for theyear ending 31 December 2012. Rock Co is a companylisted on a stock exchange. Rock Co is engaged in thewholesale import, manufacture and distribution of
basis cosmetics and toiletries for sale to a wide range ofstores, under a variety of different brand names. Youhave worked on the audit of this client for several yearsas an audit junior.
Required
Describe the information you will seek, andprocedures you will perform in order to understandthe entity and its environment and assess risk for theaudit of Rock Co for the year ending 31 December
2012