Chapter 7 - Class
Transcript of Chapter 7 - Class
-
8/12/2019 Chapter 7 - Class
1/30
Canadian Excell ence
ChapterAssessingRisks and
InternalControl
-
8/12/2019 Chapter 7 - Class
2/30
Canadian Excell ence
Learning Objectives
1. Describe the
conceptual audit risk
model and its
components, and
explain its usefulnessand limitations in
conducting the audit.
2. Explain how auditors
assess the auditeesbusiness risk through
strategic analysis and
business process
analysis.
3. Outline the
relationships among
business processes,
accounting
processes/cycles andmanagements
general purpose
financial statements.
-
8/12/2019 Chapter 7 - Class
3/30
Canadian Excell ence
Learning Objectives
4. Illustrate how businessrisk analysis is used in apreliminary assessmentof the risk that fraud orerror has led to materialmisstatement at theoverall financialstatement level.
5. Describe the basiccomponents of internalcontrol; control
environment,managements riskassessment process,information systems andcommunication, controlactivities and monitoring.
6. Explain how the auditorsunderstanding of anorganizations internalcontrol helps to assessthe risk that its financial.statements aremisstated.
7. Apply and integrate thechapter topics to analyzea practical auditingsituation / case /
scenario.
-
8/12/2019 Chapter 7 - Class
4/30
Canadian Excell ence
Audit Risk Assessment
Auditing is fundamentally a risk management
process.
Audit risk is related to information risk that
financial statements are materially misstated.
Auditors strive to lower audit risk by performing audit
work that gives a high level of assurance that statements
are correct.
Auditors need to assess risk in audit related terms;
inherent risk, control risk and detection risk.
-
8/12/2019 Chapter 7 - Class
5/30
Canadian Excell ence
Inherent Risk
The probability of material misstatement
occurring in transactions entering the
accounting system or being in the account
balances is inherent risk. Auditors do not create or control inherent risk.
Auditors only try to assess its magnitude based on prior
experience, management bias, and nature of the
transactions.
The auditor will consider the characteristics of the clientsbusiness, types of transactions, and effectiveness of
accountants.
-
8/12/2019 Chapter 7 - Class
6/30
Canadian Excell ence
Internal Controls
Internal controls are a key component of an
organizations overall risk management
framework.
When we adapt a controls approach, auditors
evaluate or assess probability of control
failures to detect material misstatements.
Auditors assess the effectiveness of controls
This is known as controls testing: procedures
used in the control risk assessment.
-
8/12/2019 Chapter 7 - Class
7/30
Canadian Excell ence
Control Risk
The risk that the clients internal control
system will not prevent or detect a material
misstatement is control risk.
Auditors do notcreate or control the control risk;they simply evaluate or assess probability of failure
to detect material misstatements.
Assessment is based on study and evaluation of
the companys control system.
-
8/12/2019 Chapter 7 - Class
8/30
Canadian Excell ence
Control Risk
Control risk assessment provides only an
indirect assessment of monetary
misstatements in the financial statements.
Control testing or compliance testing are detailedprocedures used to assess control risk.
Control risk should not be assessed so low that
auditors rely entirely on controls, and do no
substantive work.
-
8/12/2019 Chapter 7 - Class
9/30
Canadian Excell ence
Risk of Material Misstatement (RMM)
Inherent Risk
Control risk
High Moderate/Low
LowModerate/LowRisk that is not
Significant
SignificantRisk
Higher Lower
Auditor will make an
assessment of IR and
CR, which is called
RMM
-
8/12/2019 Chapter 7 - Class
10/30
Canadian Excell ence
Detection Risk
The risk that any material misstatement that
has not been corrected by the clients internal
control will not be detected by the auditor.
Auditors can control this risk by conductingsubstantive (balance audit) tests.
Substantive tests include audit of details of transactions
and balances, and analytical procedures applied to dollar
amounts in the accounts.
-
8/12/2019 Chapter 7 - Class
11/30
Canadian Excell ence
Audit Risk
The probability that an auditor will fail to
express a reservation that financial
statements are materially misstated is audit
risk. Audit risk is greater if there is poor planning or
poor execution of the audit.
Audit risk is dependent on user reliance.
Audit risk is also applied to individual accountbalances and disclosures.
-
8/12/2019 Chapter 7 - Class
12/30
Canadian Excell ence
Audit Risk Model
AR = IR x CR x DR Be wary! Its not a straightcalculation!
Audit risk will occur when:
a material misstatement has been made in the
transactions or balances (inherent risk),
and internal controls fail to detect or correct themisstatement (control risk), and
audit procedures also fail to detect the
misstatement (detection risk).
Auditors want to hold audit risk to a
relatively low level
-
8/12/2019 Chapter 7 - Class
13/30
Canadian Excell ence
How Materiality and Audit Risk are
Related
The materiality and audit risk decisions main
impact on the audit is on the extent of audit
evidence that needs to be gathered during the
audit: Nature, timing and extent of audit procedures.
-
8/12/2019 Chapter 7 - Class
14/30
Canadian Excell ence
Business Risk and extension of the Audit
Risk Model
Business risk is an event of action that will
adversely affect an organizations ability to
achieve its objectives and execute its
strategies. Auditors need to assess the ways that business
risk affects the risk of material misstatement in
financial statements.
-
8/12/2019 Chapter 7 - Class
15/30
Canadian Excell ence
Business Risk-Based Approach to Auditing
The business risk-based approach to auditing
requires the auditor to understand the
auditees business risks, managements
strategy for addressing those risks, and thebusiness processes it uses to implement the
strategy.
- Assess entitys risk assessment process
-
8/12/2019 Chapter 7 - Class
16/30
Canadian Excell ence
Business Risk Analysis
There are two parts of business analysis:
1. Strategic analysis, and
2. Business process analysis.
- At the end of the business analysis, the auditor
should be able to determine if there are any
weaknesses in the clients risk management
process that could lead to misstatement on the
financial statements.
-
8/12/2019 Chapter 7 - Class
17/30
Canadian Excell ence
Strategic Analysis
Gain an understanding from senior client
management about:
business objectives,
key strategies employed to meet those objectives,
and
risks that threaten achievement of those
objectives.
-
8/12/2019 Chapter 7 - Class
18/30
Canadian Excell ence
Business Process Analysis
Management will minimize risks through well-
designed business processes.
Business process analysis deepens the
auditors understanding of the clients
operations.
It may also highlight risks and possible note
disclosures.
-
8/12/2019 Chapter 7 - Class
19/30
Canadian Excell ence
Accounting Processes and the Financial
Statements
Recap There are two important points to
remember about client financial statements:
Management is responsible for preparing them,
and they contain managements assertions
about economic actions and events.
The financial statement numbers are produced
by the company's accounting system and are
summarized on the trial balance.
-
8/12/2019 Chapter 7 - Class
20/30
Canadian Excell ence
Managements Financial Statements
To simplify the audit plan, auditors typically
group the accounts into several accounting
processes.
(1) revenues and collection (2) acquisition and expenditure
(3) production and conversion
(4) finance and investment
Can you identify which FS accounts are
linked to each process?
-
8/12/2019 Chapter 7 - Class
21/30
Canadian Excell ence
Internal Control Components
Internal control is defined as the process
designed, implemented, and maintained by
management to provide reasonable assurance
about: the reliability of financial reporting,
effectiveness and efficiency of operations, and
compliance with applicable laws and regulations.
-
8/12/2019 Chapter 7 - Class
22/30
Canadian Excell ence
Internal Control Components
Internal control consists of the following:
a. the control environment,
b. the entitys risk assessment process,
c. the information system and business processes
relevant to financial reporting and
communication,
d. control activities, and
e. the monitoring of controls.
-
8/12/2019 Chapter 7 - Class
23/30
Canadian Excell ence
Internal Control Components
Components (a) (b) (c) and (e) operate at the
company level, and are referred to as
management controls.
Control activities (d) are controls over processes,
applications, and transactions.
-
8/12/2019 Chapter 7 - Class
24/30
Canadian Excell ence
Control Environment
The control environment is characterized by
management attitudes, structure, effective
communication of control objectives and
supervision of personnel and activities. Tone at the top.
Board of directors, particularly the audit committee
should be considered.
-
8/12/2019 Chapter 7 - Class
25/30
Canadian Excell ence
Control Environment
Elements of control environment (CAS 315):
- Communication and enforcement of integrity and
ethical values
- Commitment to competence
- Participation of those charged with governance
- Managements philosophy and operating style
- Organizational structure
- Assignment of authority and responsibility
- Human resource policies and practices
-
8/12/2019 Chapter 7 - Class
26/30
Canadian Excell ence
Risk Assessment Process
The risk assessment process is how
management identifies risks related to
misstatements in the financial statements.
Management will also evaluate the significanceand likelihood of those risks, and decide how to
manage those risks efficiently and effectively.
-
8/12/2019 Chapter 7 - Class
27/30
Canadian Excell ence
Information System, Business Processes
and Communication
Information system consists of infrastructure,
software, people, procedures and data. An
information system has procedures to:
identify and record all valid transactions,
describe transactions in a manner that permits properclassification,
measure the value of transactions,
determine the time period in which transactions should be
reported, and
Present the transactions properly in the financial statements.
Communication may take such forms as policy
manuals and can be made electronically, orally, and
through the actions of management.
-
8/12/2019 Chapter 7 - Class
28/30
Canadian Excell ence
Control Activities
Controls are policies and procedures that
ensure the achievement of the entitys goals,
including financial reporting goals.
Controls can be categorized as either general
controls or as application controls.
General controls relevant to the audit include
performance reviews.
Application controls include checks on
accuracy, completeness, and authorization of
transaction processing.
-
8/12/2019 Chapter 7 - Class
29/30
Canadian Excell ence
Monitoring of Controls
Managements monitoring of controls includes
considering whether they are operating as
intended.
Monitoring may include reviews of reconciliations,
internal audit evaluations, and legal department
evaluations of compliance.
Controls are modified as required to accommodate
changes in business conditions.
-
8/12/2019 Chapter 7 - Class
30/30
Canadian Excell ence
How Internal Control Relates to the RMM
To assess the risk of material misstatement at
the financial statement level, the auditor needs
a detailed knowledge of internal control
components relevant to financial reporting. Gained mainly by making enquiries of clients
personnel, analytical procedures, observation and
inspection, PY information, discussion amongst
engagement team.