Chapter 16 McGraw-Hill/IrwinCopyright © 2010 The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 4 Risk Assessment McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All...
-
Upload
malcolm-riley -
Category
Documents
-
view
227 -
download
2
Transcript of Chapter 4 Risk Assessment McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All...
Chapter 4
Risk Assessment
McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Engagement Risk
An auditor’s exposureto financial loss and
damage toprofessional reputation.
Client and thirdparty lawsuits
Negativepublicity
LO# 2
Local auditfailure …
4-2
Audit Risk
The risk that an auditor expresses an unqualified opinion on materially
misstated financial statements.
The risk that an auditor expresses an unqualified opinion on materially
misstated financial statements.
Financial statementlevel
Individual accountbalance or class
of transactions level
LO# 1
4-3
The Audit Risk Model
Audit Risk = IR × CR × DR
Inherent risk and control risk:Risk of material misstatement
Nonsamplingrisk
Nonsamplingrisk
Samplingrisk
Samplingrisk
Detection risk:Risk that auditor will not detect misstatements
Inappropriate audit procedure Fail to detect when using
appropriate audit procedure Misinterpreting audit results
LO# 2
4-4
Using the Audit Risk Model
Set a planned level of audit risk such that an opinion can be issued on the financial statements.
Assess the risk of material misstatement (IR x CR).
Use the audit risk equation to solve for the appropriate level of detection risk:
Set a planned level of audit risk such that an opinion can be issued on the financial statements.
Assess the risk of material misstatement (IR x CR).
Use the audit risk equation to solve for the appropriate level of detection risk:
AR = IR × CR × DR
DR = AR
IR × CR
Auditors use this level of detection risk to design audit procedures that will reduce audit risk to an acceptable level.
LO# 3
4-5
Relationship of the Entity’s Business Risks to the Audit Risk Model
Figure 4-1
LO# 3
4-6
Using the Audit Risk ModelLO# 3
Qualitative terms may also be used in the audit risk model.Qualitative terms may also be used in the audit risk model.
4-7
Limitations of theAudit Risk Model
PreliminaryAssessmentLevel of Risk
Actualor AchievedLevel of Risk
LO# 3
+ / –
The audit risk model is a planning tool, but it has some limitations that must be considered when the model is used to revise an audit plan or to evaluate audit results.
• The desired level of audit risk may not actually be achieved.
• It does not consider potential auditor error.
• There is no way of knowing what the preliminary level of risk actually was.
The audit risk model is a planning tool, but it has some limitations that must be considered when the model is used to revise an audit plan or to evaluate audit results.
• The desired level of audit risk may not actually be achieved.
• It does not consider potential auditor error.
• There is no way of knowing what the preliminary level of risk actually was.
4-8
The Auditor’s RiskAssessment Process
Auditors need toidentify business risks andunderstand the potential
misstatements thatmay result.
Business risksare risks that result from
significant conditions, events,circumstances or actions thatimpair management’s ability
to execute strategies.
LO# 4
4-9
The Auditor’s Risk Assessment ProcessFigure 4-2 An Overview of the Auditor’s Assessment of Business Risks and the Risk of
Material Misstatements
LO# 4
4-10
Auditor’s Risk Assessment Procedures(How do we gather this evidence?)
Inquiries of Management, Other Entity Personnel, and
Others Outside the Entity
Inquiries of Management, Other Entity Personnel, and
Others Outside the Entity
AnalyticalProcedures
Observationand Inspection
LO# 4
4-11
LO# 4
Understanding the Entityand Its Environment
4-12
Understanding the Entityand Its Environment
Industry, Regulatory, and External
Factors
Nature ofthe Entity
InternalControl
Objectives, Strategies,and Business Risks
Entity PerformanceMeasures
LO# 4
4-13
Nature of the Entity The entity’s organizational structure and
management personnel. The sources of funding of the entity’s
operations and investment activities, including the entity’s capital structure, noncapital funding, and other debt instruments.
The entity’s investments. The entity’s operating characteristics,
including its size and complexity. The sources of the entity’s earnings,
including the relative profitability of key products and services.
Key supplier and customer relationships.
LO# 4
4-14
Industry, Regulatory, and Other External Factors
LO# 4
4-15
Understanding the Entityand Its Environment
LO# 4
4-16
Examples of misstatements include:
An inaccuracy in gathering or processing data from which financial statements are prepared.
A difference between the amount of a reported financial statement account and the amount that would have been reported under GAAP.
The omission of a financial statement element, account, or item.
An incorrect accounting estimate arising from an oversight or misinterpretation of facts.
Examples of misstatements include:
An inaccuracy in gathering or processing data from which financial statements are prepared.
A difference between the amount of a reported financial statement account and the amount that would have been reported under GAAP.
The omission of a financial statement element, account, or item.
An incorrect accounting estimate arising from an oversight or misinterpretation of facts.
LO# 5
Assessing the Risk of Material Misstatement Due to Error or Fraud
4-17
Errors are unintentional misstatements: Mistakes in gathering or processing financial data used
to prepare financial statements. Unreasonable accounting estimates arising from
oversight or misinterpretation of facts. Mistakes in the application of accounting principles
relating to amount, classification, manner of presentation, or disclosure.
Errors are unintentional misstatements: Mistakes in gathering or processing financial data used
to prepare financial statements. Unreasonable accounting estimates arising from
oversight or misinterpretation of facts. Mistakes in the application of accounting principles
relating to amount, classification, manner of presentation, or disclosure.
LO# 5
Assessing the Risk of Material Misstatement Due to Error or Fraud
4-18
Fraud involves intentional misstatements. The fraud risk identification process includes: Sources of information about possible
fraud― Communications among the audit team Inquires of management and others Analytical procedures Unexpected period-end adjustments
Fraud involves intentional misstatements. The fraud risk identification process includes: Sources of information about possible
fraud― Communications among the audit team Inquires of management and others Analytical procedures Unexpected period-end adjustments
LO# 6
Assessing the Risk of Material Misstatement Due to Error or Fraud
4-19
Fraud involvesintentional misstatements.
Fraud involvesintentional misstatements.
Fraudulentfinancial reporting
Fraudulentfinancial reporting
Misappropriationof assets
Misappropriationof assets
LO# 6
Assessing the Risk of Material Misstatement Due to Error or Fraud
4-20
Fraudulent financial reporting includes acts such as the following: Manipulation, falsification, or alteration of
accounting records or supporting documents used to prepare financial statements.
Misrepresentation in, or intentional omission from, the financial statements of events, transactions, or significant information.
Intentional misapplication of accounting principles relating to amount, classification, manner of presentation, or disclosure.
LO# 6
Assessing the Risk of Material Misstatement Due to Error or Fraud
4-21
Misappropriation of assets involves the theft of an entity’s assets to the extent that financial statements are misstated.
Misappropriation of assets involves the theft of an entity’s assets to the extent that financial statements are misstated.
Stealing assets
Embezzlingcash received
Paying forgoods and services
not received by the company
LO# 6
Assessing the Risk of Material Misstatement Due to Error or Fraud
Examples include:
4-22
Three conditions usuallyexist when fraud occurs.
Three conditions usuallyexist when fraud occurs.
Incentive orpressure to
perpetrate fraud
Incentive orpressure to
perpetrate fraud
Opportunityto carry out
the fraud
Opportunityto carry out
the fraud
Attitude orrationalizationto justify fraud
Attitude orrationalizationto justify fraud
LO# 6
Assessing the Risk of Material Misstatement Due to Error or Fraud
(Fraud Triangle)
4-23
Financial stabilityor profitabilityis threatened
Financial stabilityor profitabilityis threatened
Excessive pressurefor management to
meet third partyexpectations
Excessive pressurefor management to
meet third partyexpectations
Management’s personalfinancial situation
is threatened
Management’s personalfinancial situation
is threatened
LO# 6
Fraudulent Financial ReportingRisk Factors Relating to Incentive/Pressure include:
Assessing the Risk of Material Misstatement Due to Error or Fraud
(See Table 4-4)
4-24
Ineffectivemonitoring ofmanagement
Ineffectivemonitoring ofmanagement
Nature of the Industry or entity’s
operations
Nature of the Industry or entity’s
operations
Deficientinternalcontrol
Deficientinternalcontrol
Complex or unstable organizational
structure
Complex or unstable organizational
structure
LO# 6
Fraudulent Financial ReportingRisk Factors Relating to Opportunities include:
Assessing the Risk of Material Misstatement Due to Error or Fraud
(See Table 4-5)
4-25
Risk Factors Relating to Attitudes/Rationalizations
(See Table 4-6)
Poor communicationchannels for reportinginappropriate behavior
Poor communicationchannels for reportinginappropriate behavior
Weak ethicalstandards formanagement
behavior
Weak ethicalstandards formanagement
behavior
Committing to aggressive or
unrealistic forecasts
Committing to aggressive or
unrealistic forecasts
Use ofinappropriate accounting
based on materiality
Use ofinappropriate accounting
based on materiality
LO# 6
Fraudulent Financial ReportingRisk Factors Relating to Attitudes/Rationalizations include:
4-26
LO# 6
Assessing the Risk of Material Misstatement Due to Error or Fraud
4-27
Auditor’s Response tothe Risk Assessment (See Figure 4-3)
Financial statement level risks
Develop an overallresponse.
Determine what can go wrongat the account or assertion level.
LO# 7
Assess the risk of material misstatement at the financial statement and assertion levels.
Do these risks relate
pervasively to the financialstatements?
Design audit procedures for
assertion level risks.
Assertion level risks
Yes
No
4-28
Auditor’s Response to the Risk Assessment
LO# 7
To respond appropriately to financial statement level risks, the auditor may do the following: Emphasize to the audit team the need to maintain
professional skepticism. Assign more experienced staff or those with
specialized skills. Provide more supervision. Incorporate additional elements of unpredictability in
the selection of audit procedures.
4-29
Evaluation of AuditTest Results
At the completion of the audit, the auditor should consider: 1. Whether the accumulated results of audit procedures affect the
assessments of the entity’s business risk and the risk of material misstatement, and
2. Whether the total misstatements cause the financial statements to be materially misstated.
THEN …
If the financial statements are materially misstated, the auditor should: 1. Request management to eliminate the material misstatement, or 2. If management does not make needed adjustments, the auditor
should issue a qualified or adverse opinion.
At the completion of the audit, the auditor should consider: 1. Whether the accumulated results of audit procedures affect the
assessments of the entity’s business risk and the risk of material misstatement, and
2. Whether the total misstatements cause the financial statements to be materially misstated.
THEN …
If the financial statements are materially misstated, the auditor should: 1. Request management to eliminate the material misstatement, or 2. If management does not make needed adjustments, the auditor
should issue a qualified or adverse opinion.
LO# 8
4-30
Evaluation of AuditTest Results
If the auditor determines that the misstatement is or may be the result of fraud, and has determined that the effect could be material, the auditor should: Attempt to obtain audit evidence to determine whether, in fact,
material fraud has occurred and, if so, its effect. Consider the implications for other aspects of the audit. Discuss the matter and the approach to further investigation with
an appropriate level of management that is at least one level above those involved in committing the fraud and with senior management.
If appropriate, suggest that the client consult with legal counsel. Consider withdrawing from the engagement.
If the auditor determines that the misstatement is or may be the result of fraud, and has determined that the effect could be material, the auditor should: Attempt to obtain audit evidence to determine whether, in fact,
material fraud has occurred and, if so, its effect. Consider the implications for other aspects of the audit. Discuss the matter and the approach to further investigation with
an appropriate level of management that is at least one level above those involved in committing the fraud and with senior management.
If appropriate, suggest that the client consult with legal counsel. Consider withdrawing from the engagement.
LO# 8
4-31
Documentation of theAuditor’s Risk Assessment
The auditor should document: Discussions among engagement personnel. Procedures performed to identify and assess the risks
of material misstatement due to fraud. Risks of identified material misstatement due to fraud
and a description of the auditor’s response to the risks. Fraud risks or other conditions that result in additional
audit procedures. The nature of the communications about fraud made to
management, the audit committee, and others.
The auditor should document: Discussions among engagement personnel. Procedures performed to identify and assess the risks
of material misstatement due to fraud. Risks of identified material misstatement due to fraud
and a description of the auditor’s response to the risks. Fraud risks or other conditions that result in additional
audit procedures. The nature of the communications about fraud made to
management, the audit committee, and others.
LO# 9
4-32
Communications about Fraud
Whenever the auditor has found evidence that a fraud may exist, that matter should be brought to the attention of an appropriate level of management. Fraud involving senior management and fraud that causes a material misstatement of the financial statement should be reported directly to the audit committee of the board of directors.
The auditor should reach an understanding with the audit committee regarding the expected nature and extent of communications about misappropriations perpetrated by lower-level employees.
Whenever the auditor has found evidence that a fraud may exist, that matter should be brought to the attention of an appropriate level of management. Fraud involving senior management and fraud that causes a material misstatement of the financial statement should be reported directly to the audit committee of the board of directors.
The auditor should reach an understanding with the audit committee regarding the expected nature and extent of communications about misappropriations perpetrated by lower-level employees.
LO# 10
4-33
The disclosure of fraud to parties other than the client’s senior management and its audit committee ordinarily is not part of the auditor’s responsibility and ordinarily would be precluded by the auditor’s ethical and legal obligations of confidentiality, except when the following conditions exist: To comply with certain legal and regulatory requirements. To a successor auditor when the successor makes inquiries of
the predecessor auditor about the client. In response to a subpoena. To a funding agency or other specified agency in accordance
with requirements for the audits of entities that receive governmental financial assistance.
The disclosure of fraud to parties other than the client’s senior management and its audit committee ordinarily is not part of the auditor’s responsibility and ordinarily would be precluded by the auditor’s ethical and legal obligations of confidentiality, except when the following conditions exist: To comply with certain legal and regulatory requirements. To a successor auditor when the successor makes inquiries of
the predecessor auditor about the client. In response to a subpoena. To a funding agency or other specified agency in accordance
with requirements for the audits of entities that receive governmental financial assistance.
LO# 10
Communications about Fraud
4-34