AUDITING: A RISK ANALYSIS APPROACH

1
AUDITING A RISK ANALYSIS APPROACH
5th edition
Larry F. Konrath
Electronic Presentation
by Harold O. Wilson
2
CHAPTER 5
AUDIT PLANNING
Assessment of Inherent Risk Materiality
3
AUDIT RISK DEFINED

• Audit Risk The risk that the auditor may
  unknowingly fail to appropriately modify his/her
  opinion on financial statements that are
  materially misstated.

II
What are the odds I didnt detect a material
misstatement?
4
Material Misstatements (MM)

• Errors Unintentional mistakes of omission or
  commission (e.g., improper data processing ,
  unrecorded transactions).
• Irregularities (fraud) Intentional omissions or
  commissions leading to misstatements and/or
  misrepresentations (e.g., improper reporting,
  misappropriations of assets, concealments,
  falsified documents).

5
Professional Responsibility

• Audit design must provide reasonable assurance
  of detecting MM.
• Risk materiality must be considered in
  planning and evaluating the audit.
• Assessment of the risk of MM must be made (and
  documented).

6
Auditor must

• Assess risks potential areas of both
  unintentional and intentional MM.
• Document responses to such (e.g., revisions of
  audit programs).
• Perform tests evaluate results.
• Communicate conclusions to audit committees,
  etc., as considered necessary.

Never communicate such to just one person!
7
INHERENT RISK (IR)

• Inherent risk The susceptibility of an
  assertion to being a MM, assuming that there
  are no related controls.
• If there were no internal controls, i.e., the
  only variables were the competence and integrity
  of personnel, the odds of a MM would appear to
  be quite high!
• Conservative approach Assess IR as 100!

8
CONTROL RISK (CR)

• Control risk The probability of the occurrence
  of a MM (i.e., a lack of prevention) and
  remaining undetected on a timely basis by the
  entitys internal controls. (The odds that the
  prescribed internal controls fail to work!)
• Together, IR and CR determine the pre- audit
  probability that the financial statements are
  materially misstated!

9
A note on Control Risk
An extensive IC system reduces the probability
of MM thus, the presumption is that the more
extensive the controls, the less the audit
testing needed to reach the professional, but
unofficial, required level of 95 confidence
in the fairness of the financial statements.
10
A note on Control Risk
Initially, CR is subjectively assessed based on
prescribed internal controls. As the audit
testing progresses, CR is revised
(either statistically or subjectively) as the
auditor evaluates the extent and effectiveness
of the internal controls. If the control risk
is high, say over 45, perhaps the client is
not yet ready to be audited! Rework needed?
11
DETECTION RISK (DR)

• Detection risk The probability that the auditor
  fails to detect a MM that exists in an
  assertion.
• DR determines exact audit procedures and the
  sample sizes selected in the auditors attempt
  to ascertain the state of the universe under
  examination.
• Auditors should attempt to quantify IR, CR and
  DR, i.e., audit risk (AR).

12
QUANTIFYING AUDIT RISK

• Audit risk (AR) The joint probability of IR,
  CR and DR

AR IR x CR x DR
The acceptable, but unofficial, risk level for an
auditor to take is presumed to be about 5.
If so, the product of the above should be .05 or
less. Note To keep AR lt 5 may be either
impractical or uneconomical in a given case.
13
Example

• Assume AR .05 (required in a specific case)
• IR 1.00 (ultra-conservative)
• CR .30 (initially seen as weak)

AR IR x CR x DR
The Detection Risk becomes the variable now
controllable by the auditor, and it, in turn, is
a function of a controllable sample size!
14
Maximum Allowable Detection Risk f(AR, IR,
CR)

• DR AR / (IR x CR) .05 / (1.0 x
  .30) .17

The auditor, in selecting a sample size, must
test until DR .17 or less, using some form of
statistical sampling mathematics. To test
beyond that point is overauditing.
15
MATERIALITY and its IMPACT ON AUDIT EVIDENCE

• Materiality An amount that would affect the
  decisions of a reasonably informed user of the
  information.
• Quantitative Factors (absolute amount, impacts
  on interpretations, ratios, etc.)
• Qualitative Factors (nature, impact, intent,
  industry, legalities, ethics, etc.)
• Suggesting AJEs to the client in light of
  materiality thresholds aggregates!

16
MATERIALITY and its IMPACT ON AUDIT EVIDENCE

• Planning stage
• Nature, timing, extent of evidence
• Conducting the audit
• Is misstatement material?
• Evaluation of audit results

17
Individual vs. Aggregate

• Individual is the impact of a single error or
  irregularity on the financial statements
• Aggregate is the total effect of two or more
  errors, each of which is not material by itself

18
Setting Aggregate Materiality
Function of Internal Control

• Effective internal controls
• Relatively high aggregate materiality
• Weak internal controls
• Relatively low aggregate materiality
• Threshold can be raised or lowered as audit
  progresses

19
AUDIT RISK, AUDIT EVIDENCE and MATERIALITY

• Important relationship
• Understanding necessary to meet the requirements
  of
• Professional skepticism a questioning attitude,
  prompting a critical assessment of audit
  evidence.
• Due Care

20
AUDIT RISK, AUDIT EVIDENCE and MATERIALITY (cont)

• If audit risk is high because of high control
  risk and/or high inherent risk
• Aggregate materiality should be low
• Greater amounts of evidence are necessary
• If audit risk is low because of low control risk
  and/or low inherent risk
• Aggregate materiality may be high
• Lesser amounts of evidence are necessary

21
ANALYSIS OF INHERENT RISK

• Affected by
• The auditors fraud assessment
• Understanding of the business
• Considered in
• Preliminary phases of audit planning
• Study of business industry
• Application of analytical procedures

22
ANALYSIS OF INHERENT RISK (cont)

• Preliminary audit planning phase
• Inquiry of client personnel
• Planned use of client personnel
• Client acceptance decision

23
ANALYSIS OF INHERENT RISK (cont)

• Study of the business industry
• Information concerning
• the economy
• Information concerning
• the business
• Information concerning
• the business

24
Notes on Inherent Risk

• Auditor suspicions of intent to have misleading
  financial reporting or asset misappropriations
  (i.e., fraud) is an overall influence on the IR
  assessment.
• Industry complexity or uncertainty also
  influences audit planning programs.
• Careful interviewing may give clues to client
  attitudes, pressures, problems, contingencies,
  high risk areas.

25
Notes on Inherent Risk

• Studies of the business, the industry, the
  economy, and/or the client may lead to declining
  the engagement.
• Losing confidence in the client should lead to
  withdrawal from the engagement.

Note Clients are not likely to be inconsistent
with their industry!
26
Indicators of errors or fraud.

• Abnormal ratios trends?
• Complications with IRS?
• Significant related party transactions?
• Compensation tied to performance?
• Unusual accounting/GAAP applications?

27
Indicators of Forces on Earnings

• Intense competition
• Sluggish economy
• Excessive debt
• Dependence on a single
• product/customer

28
RISK ANALYSIS SOURCES

• Although evidence and clues emerge as the audit
  progresses, sources of inputs for audit attention
  are ever-present, such as
• Management inquiry
• Auditors current and prior workpapers
• Permanent files
• Predecessor audit correspondence, contact
• Analytical procedures
• Industry guides/GAAP

29
Risk-driven vs. Procedure-driven Audits

• Risk-drivenaudit risk is considered
• Procedures-drivenfollow standard audit report
  without focusing on risk

GAAS requires risk-driven!
30
Preliminary Audit Programs

• Should reflect
• Client discussions
• Study of business industry
• Analytical procedures
• Study of internal control

31
Note Time Budgets Staffing

• Experience is required to estimate when an
  overall opinion might be reached, after a
  pre-audit conference with the client, in light of
  the nature of the client, and
• Inherent risks fraud potential
• Prescribed internal controls
• Prior audit results, timing, etc.
• Experience of the staff expertise required
• Scheduling demands of various types
• Fairness to the client, in light of the above

32
End of Chapter 5