Title: AUDITING: A RISK ANALYSIS APPROACH
1AUDITING A RISK ANALYSIS APPROACH
5th edition
Larry F. Konrath
Electronic Presentation
by Harold O. Wilson
2CHAPTER 5
AUDIT PLANNING
Assessment of Inherent Risk Materiality
3AUDIT RISK DEFINED
- Audit Risk The risk that the auditor may
unknowingly fail to appropriately modify his/her
opinion on financial statements that are
materially misstated.
II
What are the odds I didnt detect a material
misstatement?
4Material Misstatements (MM)
- Errors Unintentional mistakes of omission or
commission (e.g., improper data processing ,
unrecorded transactions). - Irregularities (fraud) Intentional omissions or
commissions leading to misstatements and/or
misrepresentations (e.g., improper reporting,
misappropriations of assets, concealments,
falsified documents).
5Professional Responsibility
- Audit design must provide reasonable assurance
of detecting MM. - Risk materiality must be considered in
planning and evaluating the audit. - Assessment of the risk of MM must be made (and
documented).
6Auditor must
- Assess risks potential areas of both
unintentional and intentional MM. - Document responses to such (e.g., revisions of
audit programs). - Perform tests evaluate results.
- Communicate conclusions to audit committees,
etc., as considered necessary.
Never communicate such to just one person!
7 INHERENT RISK (IR)
- Inherent risk The susceptibility of an
assertion to being a MM, assuming that there
are no related controls. - If there were no internal controls, i.e., the
only variables were the competence and integrity
of personnel, the odds of a MM would appear to
be quite high! - Conservative approach Assess IR as 100!
8 CONTROL RISK (CR)
- Control risk The probability of the occurrence
of a MM (i.e., a lack of prevention) and
remaining undetected on a timely basis by the
entitys internal controls. (The odds that the
prescribed internal controls fail to work!) - Together, IR and CR determine the pre- audit
probability that the financial statements are
materially misstated!
9A note on Control Risk
An extensive IC system reduces the probability
of MM thus, the presumption is that the more
extensive the controls, the less the audit
testing needed to reach the professional, but
unofficial, required level of 95 confidence
in the fairness of the financial statements.
10A note on Control Risk
Initially, CR is subjectively assessed based on
prescribed internal controls. As the audit
testing progresses, CR is revised
(either statistically or subjectively) as the
auditor evaluates the extent and effectiveness
of the internal controls. If the control risk
is high, say over 45, perhaps the client is
not yet ready to be audited! Rework needed?
11 DETECTION RISK (DR)
- Detection risk The probability that the auditor
fails to detect a MM that exists in an
assertion. - DR determines exact audit procedures and the
sample sizes selected in the auditors attempt
to ascertain the state of the universe under
examination. - Auditors should attempt to quantify IR, CR and
DR, i.e., audit risk (AR).
12QUANTIFYING AUDIT RISK
- Audit risk (AR) The joint probability of IR,
CR and DR
AR IR x CR x DR
The acceptable, but unofficial, risk level for an
auditor to take is presumed to be about 5.
If so, the product of the above should be .05 or
less. Note To keep AR lt 5 may be either
impractical or uneconomical in a given case.
13Example
- Assume AR .05 (required in a specific case)
- IR 1.00 (ultra-conservative)
- CR .30 (initially seen as weak)
AR IR x CR x DR
The Detection Risk becomes the variable now
controllable by the auditor, and it, in turn, is
a function of a controllable sample size!
14Maximum Allowable Detection Risk f(AR, IR,
CR)
- DR AR / (IR x CR) .05 / (1.0 x
.30) .17
The auditor, in selecting a sample size, must
test until DR .17 or less, using some form of
statistical sampling mathematics. To test
beyond that point is overauditing.
15MATERIALITY and its IMPACT ON AUDIT EVIDENCE
- Materiality An amount that would affect the
decisions of a reasonably informed user of the
information. - Quantitative Factors (absolute amount, impacts
on interpretations, ratios, etc.) - Qualitative Factors (nature, impact, intent,
industry, legalities, ethics, etc.) - Suggesting AJEs to the client in light of
materiality thresholds aggregates!
16MATERIALITY and its IMPACT ON AUDIT EVIDENCE
- Planning stage
- Nature, timing, extent of evidence
- Conducting the audit
- Is misstatement material?
- Evaluation of audit results
17Individual vs. Aggregate
- Individual is the impact of a single error or
irregularity on the financial statements - Aggregate is the total effect of two or more
errors, each of which is not material by itself
18Setting Aggregate Materiality
Function of Internal Control
- Effective internal controls
- Relatively high aggregate materiality
- Weak internal controls
- Relatively low aggregate materiality
- Threshold can be raised or lowered as audit
progresses
19AUDIT RISK, AUDIT EVIDENCE and MATERIALITY
- Important relationship
- Understanding necessary to meet the requirements
of - Professional skepticism a questioning attitude,
prompting a critical assessment of audit
evidence. - Due Care
20AUDIT RISK, AUDIT EVIDENCE and MATERIALITY (cont)
- If audit risk is high because of high control
risk and/or high inherent risk - Aggregate materiality should be low
- Greater amounts of evidence are necessary
- If audit risk is low because of low control risk
and/or low inherent risk - Aggregate materiality may be high
- Lesser amounts of evidence are necessary
21ANALYSIS OF INHERENT RISK
- Affected by
- The auditors fraud assessment
- Understanding of the business
- Considered in
- Preliminary phases of audit planning
- Study of business industry
- Application of analytical procedures
22ANALYSIS OF INHERENT RISK (cont)
- Preliminary audit planning phase
- Inquiry of client personnel
- Planned use of client personnel
- Client acceptance decision
23ANALYSIS OF INHERENT RISK (cont)
- Study of the business industry
- Information concerning
- the economy
- Information concerning
- the business
- Information concerning
- the business
24Notes on Inherent Risk
- Auditor suspicions of intent to have misleading
financial reporting or asset misappropriations
(i.e., fraud) is an overall influence on the IR
assessment. - Industry complexity or uncertainty also
influences audit planning programs. - Careful interviewing may give clues to client
attitudes, pressures, problems, contingencies,
high risk areas.
25Notes on Inherent Risk
- Studies of the business, the industry, the
economy, and/or the client may lead to declining
the engagement. - Losing confidence in the client should lead to
withdrawal from the engagement.
Note Clients are not likely to be inconsistent
with their industry!
26Indicators of errors or fraud.
- Abnormal ratios trends?
- Complications with IRS?
- Significant related party transactions?
- Compensation tied to performance?
- Unusual accounting/GAAP applications?
27Indicators of Forces on Earnings
- Intense competition
- Sluggish economy
- Excessive debt
- Dependence on a single
- product/customer
28RISK ANALYSIS SOURCES
- Although evidence and clues emerge as the audit
progresses, sources of inputs for audit attention
are ever-present, such as - Management inquiry
- Auditors current and prior workpapers
- Permanent files
- Predecessor audit correspondence, contact
- Analytical procedures
- Industry guides/GAAP
29Risk-driven vs. Procedure-driven Audits
- Risk-drivenaudit risk is considered
- Procedures-drivenfollow standard audit report
without focusing on risk
GAAS requires risk-driven!
30Preliminary Audit Programs
- Should reflect
- Client discussions
- Study of business industry
- Analytical procedures
- Study of internal control
31Note Time Budgets Staffing
- Experience is required to estimate when an
overall opinion might be reached, after a
pre-audit conference with the client, in light of
the nature of the client, and - Inherent risks fraud potential
- Prescribed internal controls
- Prior audit results, timing, etc.
- Experience of the staff expertise required
- Scheduling demands of various types
- Fairness to the client, in light of the above
32 End of Chapter 5