Audit Risk

1
Chapter 4

• Audit Risk
• Risk comes from not knowing what youre doing
• "It takes 20 years to build a reputation and five
  minutes to ruin it. If you think about that,
  you'll do things differently."
• Warren
  Buffet, billionaire investor

3-1
2
Forms of Risk

• Environmental Risks
• Capital Availability
• Regulatory, Political, and Legal
• Financial Markets and Shareholder Relations
• Process Risks
• Operations Risk
• Empowerment Risk
• Information Processing / Technology Risk
• Integrity Risk
• Financial Risk
• Information for Decision Making
• Operational Risk
• Financial Risk
• Strategic Risk

3
Risk Analysis

Source Business Risk Assessment. 1998 The
Institute of Internal Auditors
4
Sources of Risk
4-4
5
Enterprise Risk Management (ERM)

• "process effected by an entity's board of
  directors, management and other personnel,
  applied in strategy setting and across the
  enterprise, designed to identify potential events
  that may affect the entity, and manage risks to
  within its risk appetite, to provide reasonable
  assurance regarding the achievement of entity
  objectives."
• COSO

6
Enterprise Risk Management
4-6
7
The ERM Framework

• Entity objectives can be viewed in the
• context of four categories
• Strategic
• Operations
• Reporting
• Compliance

8
ERM Framework

• ERM considers activities at all levels
• of the organization
• Entity-Level
• Division
• Subsidiary
• Business Unit

9
Enterprise Risk Management (ERM)

• Internal Environment
• Objective Setting
• Event Identification
• Risk Assessment
• Risk Response
• Control Activities
• Information Communication
• Monitoring

10
Internal Environment

• Establishes a philosophy regarding risk
  management
• Establishes the entitys risk culture.
• Considers all other aspects of how the
  organizations actions may affect its risk
  culture.

11
Objective Setting
Applied when management considers risks strategy
in setting objectives Risk Appetite how much
risk management and the board are willing to
accept Risk Tolerance --- acceptable level of
variation around objectives
12
Event Identification

• Identify those incidents, occurring internally or
  externally, that could affect strategy and
  achievement of objectives.
• Addresses how internal and external factors
  combine and interact to influence the risk
  profile.

13
Risk Assessment

• Allows an entity to understand the extent to
  which potential events might impact objectives.
• Assesses risks from two perspectives
• - Likelihood
• - Impact
• Used to assess risks and is normally also used to
  measure the related objectives.
• Employs a combination of both qualitative and
  quantitative risk assessment methodologies.
• Relates time horizons to objective horizons.
• Assesses risk on both an inherent and a residual
  basis.

14
Risk Response

• Identifies and evaluates possible responses to
  risk.
• Evaluates options in relation to entitys risk
  appetite, cost vs. benefit of potential risk
  responses, and degree to which a response will
  reduce impact and/or likelihood.
• Selects and executes response based on evaluation
  of the portfolio of risks and responses.

15
Control Activities

• Policies and procedures that ensure risk
  responses, as well as entity directives, are
  carried out.
• Occur throughout the organization -- all levels
  and in all functions.
• Include application and general information
  technology controls.

16
Information Communication

• Management identifies, captures, and communicates
  pertinent information in a form and timeframe
  that enables people to carry out their
  responsibilities.
• Communication occurs in a broader sense, flowing
  down, across, and up the organization.

17
Monitoring

• Effectiveness of the other ERM components
  monitored via
• Ongoing monitoring activities.
• Separate evaluations.
• A combination of the two.

18
Engagement Risk
An auditors exposureto financial loss
anddamage toprofessional reputation.
Local audit failure
19
Auditors Risk Responsibilities

• Audit Riskauditor will give unqualified opinion
  on misstated financial statements
• Management Fraud Riskmanagement intentionally
  misstates financial statements
• Fraudulent financial reporting
• Errors are unintentional misstatements or
  omissions of amounts or disclosures in financial
  statements.
• Auditors primary responsibility is to design
  procedures to provide reasonable assurance that
  frauds that materially misstate the financial
  statements are detected.

4-19
20
Overview of Types of Fraud Risk
4-20
21
General Categories of Errors and Frauds

• Invalid transactions are recorded.
• Valid transactions are omitted from the accounts.
• Unauthorized transactions are executed and
  recorded.
• Transaction amounts are inaccurate.
• Transactions are classified in the wrong
  accounts.
• Transaction accounting and posting is incorrect.
• Transactions are recorded in the wrong period.

4-21
22
Audit Risk
The risk that an auditor will issue an
unqualified opinion on materially misstated
financial statements.
23
Audit Risk

• Risk of
  Material Risk That the
• Audit Risk Misstatement
  Auditors Fail to
• 
  the Misstatement
• Inherent
  Control Detection
• Risk
  Risk Risk
• Inherent Risk--Risk of a material misstatement
  occurring in an assertion assuming no related
  internal controls.
• Control Risk--Risk that a material misstatement
  in an assertion will not be prevented or detected
  on a timely basis by the companys internal
  control.
• Detection Risk--Risk that the auditors
  procedures will lead them to conclude that a
  material misstatement does not exist in an
  assertion when in fact such misstatement does
  exist.

24
Inherent Risk

• Factors that affect inherent risk
• Nature of the client and its environment
• Nature of the particular financial statement
  element
• Business characteristics indicative of high
  inherent risk
• Inconsistent profitability of client
• Operating results highly sensitive to economic
  factors
• Going concern problems
• Large known and likely misstatements detected in
  prior audits
• Substantial turnover, questionable reputation, or
  inadequate accounting skills of management

25
Control Risk

• Likelihood that a material misstatement would not
  be caught by the clients internal controls
• Factors affecting control risk
• Environment in which the company operates
  (its control environment)
• Existence (or lack thereof) and effectiveness
  of control activities
• Monitoring activities (audit committee,
  internal audit function, etc.).

3-25
26
Detection Risk

• Risk that a material misstatement would not be
  caught by audit procedures
• Factors Affecting Detection Risk
• Nature, Timing, and Extent of Audit Procedures
• Sampling Risk --- Risk of choosing an
  unrepresentative sample.
• Nonsampling Risk --- Risk that the auditor may
  reach inappropriate conclusions based upon
  available evidence.

3-26
27
Detection Risk and the Nature, Timing, and Extent
of Audit Procedures
Lower Detection Risk Higher Detection Risk
Nature More effective tests. Less effective tests.
Timing Testing performed at year-end. Testing can be performed at Interim.
Extent More tests. Fewer tests.
28
Audit Risk Formula
AR IR CR DR AR
Audit Risk IR Inherent Risk CR Control
Risk DR Detection Risk
29
ARM Concepts

• Auditor cannot affect inherent risk or control
  risk. The auditor can only assess them.
• Auditor can only affect detection riskgenerally
  by examining more evidence.
• Detection risk is inversely related to control
  risk and inherent risk.
• Detection risk is inversely related to competence
  and reliability of evidence.

3-29
30
Audit Risk
31
Matrix Approach to ARM
4-31
32
Risk Assessment Process
4-32
33
Audit Procedures
Specific actsperformed by the auditorto gather
evidence to determineif specific assertions
arebeing met.
34
Types of Audit Procedures

• Risk Assessment --- To obtain an understanding
  of the client and its environment, including its
  internal control, to assess the risks of material
  misstatement
• Tests of Controls --- When appropriate, to test
  the operating effectiveness of controls in
  preventing material misstatements
• Substantive Tests --- To detect material
  misstatements at relevant assertion level.
  Substantive procedures include (a) analytical
  procedures, (b) tests of details of account
  balances, transactions and disclosures

35
Preliminary Analytic Procedures
RECORDED ACCOUNT BALANCE
ESTIMATED ACCOUNT BALANCE

• Attention directing
• Identify potential problem areas
• An organized approach
• A standard starting place to start examining the
  financial statements
• Describe the financial activities
• Identify unusual changes in relationships in the
  data
• Ask relevant questions
• What could be wrong?
• What legitimate reasons are there for these
  results?
• Cash flow analysis

4-35
36
Analytical Procedures (1 of 2)

• Steps
• Develop expectation of account (or ratio) balance
• Determine amount of difference that can be
  accepted without investigation
• Compare the companys account (ratio) with the
  expectation
• Investigate and evaluate significant differences
• Developing an Expectation
• Prior period information
• Anticipated results
• Relationships among elements of financial
  information within a period
• Industry information
• Relationships between financial information and
  relevant nonfinancial data.

37
Analytical Procedures (2 of 2)

• Types of Expectations
• Trend analysis --- analyze changes in accounts of
  a company over time
• Ratio analysis --- compare relationships between
  two or more financial statement accounts or
  comparisons of account balances to nonfinancial
  data
• Liquidity (e.g., Current Ratio)
• Leverage (e.g., Debt to Equity)
• Profitability (e.g., Gross Profit Percentage)
• Activity (e.g., Inventory Turnover)

38
Ratio Analysis Approaches

• Horizontal --- Review ratios over time
• Cross Sectional --- Analyze ratios of similar
  firms at a point in time
• Vertical --- Analyze relationships within a
  period
• Common size statements prepared
• Other Methods
• Regression analysis, reasonableness test

39
Types of Analytical Procedures
Trend Analysis
Ratio Analysis
Reasonableness Analysis
40
Short-Term Liquidity Ratios
Current Ratio
Quick Ratio
Operating Cash Flow Ratio
41
Activity Ratios
Receivables Turnover
Days Outstanding in Accounts Receivable
Inventory Turnover
Days of Inventory on Hand
42
Profitability Ratios
Gross Profit Percentage
Profit Margin
Return on Assets
Return on Equity
43
Coverage Ratios
Debt to Equity
Times Interest Earned
44
Audit Procedures forObtaining Audit Evidence
Inspectionof Records and Documents
Recalculation
Observation
Inquiry
Scanning
Inspectionof TangibleAssets
Confirmation
Reperformance
AnalyticalProcedures
45
Common Audit Procedures
46
Substantive Procedures

• Analytical Procedures
• Tests of Details
• Tests of account balances
• Tests of classes of transactions
• Tests of disclosures
• One may change the scope of audit procedures by
  changing the (NTE, or re-ordered as NET)
• Nature (type and form)
• Timing (when performed)
• Extent (quantity of evidence obtained)

47
Identifying Potential Misstatements
48
Types of Transactions

• Routine
• Recurring financial statement activities recorded
  in the accounting records in the normal course of
  business
• Lower inherent risk
• Nonroutine
• Involve activities that occur only periodically
  such as the taking of physical inventories
• High inherent risk
• Estimation transactions
• Activities that create accounting estimates
• Higher inherent risk

49
Auditing Fair Values -- FABS 157

• Level 1 inputs of observable quoted prices in
  active markets for identical assets or
  liabilities
• Level 2 inputs of observable quoted prices,
  generally for similar assets or liabilities in
  active markets
• Level 3 inputs that are unobservable for the
  assets or liability

50
Related Party Transactions

• Disclosure requirements must be met
• Primary challenge --- identifying undisclosed
  Related Party Transactions
• Determine Related Parties
• Inquiries of management
• Review SEC filings, stockholders listings and
  conflict-of-interest statements

51
Basic Approaches to Auditing Accounting Estimates

• Review and test managements process for
  developing the estimate.
• Independently develop an estimate to compare to
  managements estimate.
• Review subsequent events or transactions bearing
  on the estimate.

52
Audit Documentation
Auditors principal record of theaudit
procedures performed, evidence obtained,and
conclusions reached.
53
Purposes of Audit Documentation

• Nature, Timing and Extent of work performed
• Professional Judgments
• Basis for Conclusion
• Facilitates Planning, Performance and Supervision
• Provides Basis for Review

54
Sufficiency of Audit Documentation

• Sufficient to
• Enable an experienced auditor to understand the
  work performed and the significant conclusions
  reached
• Identify who performed and reviewed the work
• Show that the accounting agree or reconcile to
  the financial statements
• Include all significant audit findings and the
  actions taken to address them

55
Permanent Files
These files are intended to contain data of a
historical or continuing nature pertinent to the
current audit.
56
Current Files
Audit Program
General Information
Working Trial Balance
Adjusting and Reclassification Entries
Supporting Schedules
57
Types of Working Papers

• Audit Administrative Working Papers
• Working Trial Balance
• Lead Schedules
• Adjusting Journal and Reclassification Entries
• Supporting Schedules
• Analysis of a Ledger Account
• Reconciliations
• Computational Working Papers
• Corroborating Documents

58
Characteristics of Good Audit Documentation

• Heading which includes the clients name,
  explanatory title, and balance sheet date
• Initials of the auditor who prepared the
  documentation and date completed
• Initials of the reviewer and date review
  completed
• Description of the tests performed and the
  findings
• Assessment of tests which indicate material
  misstatement in an account
• Tick marks and legend indicating work performed
  by the auditor
• Index to identify the location of papers
• Cross-reference to related documentation

59
ORGANIZATION OF WORKING PAPERS

• Should be organized in such a way that any
  member of the audit team (and others) can find
  the audit evidence that supports each financial
  statement account.

60
(No Transcript)
61
(No Transcript)
62
Format of Audit Documentation
Heading
Client name Title of the working paper Clients
year-end date
Indexing andcross-referencing
Tick marks
63
Audit Documentation Review

• Hierarchical Review Process
• Reviewers Include
• New auditors
• Supervisory personnel
• Engagement supervisors and quality reviewers
• Successor auditor
• Inspection teams
• Others including advisors engaged by the audit
  committee or parties to an acquisition

64
Other Issues Related to Audit Documentation

• Ownership
• Auditors maintain ownership, even after
  auditor-client relationship is over.
• Confidentiality
• Only can be made public with permission, or
  if subpoenaed, or as part of a peer review of
  firm practices, or as part of an ethics
  investigation of firm personnel.
• Sarbanes-Oxley Act of 2002 requiresaudit
  documentation to be retained for sevenyears from
  the completion date of the engagement.

65
Engagement Completion Document (AS 3)

• Include all significant findings or issues.
• Include items identified during interim review.
• Must have completed all necessary procedures and
  obtained sufficient evidence before report
  release date.
• Documentation should be complete (documentation
  completion date) no more than 60 days after
  report release date.

66
Documentation Retention (AS 3)

• Five years from report release date.
• If no reportfrom last day of fieldwork
• Additions/Amendments
• Documentation may not be deleted or discarded
  after report release date.
• Additions must indicate
• Date the information was added,
• Name of preparer
• Reason

67
End of Chapter 4