6 Risk assessment Flashcards
What attitude must the auditor carry out audit?
with an attitude of professional scepticism, exercise professional judgement and comply with ethical requirements.
Define Professional scepticism
Professional scepticism is an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence.
Define Professional judgement
Professional judgement is the application of relevant training, knowledge and experience in making informed decisions about the courses of action that are appropriate in the circumstances of the audit engagement.
Professional scepticism requires the auditor to be alert to:
• Audit evidence that contradicts other audit evidence obtained • Information that brings into question the reliability of documents and responses to enquiries to be used as audit evidence • Conditions that may indicate possible fraud • Circumstances that suggest the need for audit procedures in addition to those required by ISAs
Professional judgement is required in the following areas:
• Materiality and audit risk • Nature, timing and extent of audit procedures • Evaluation of whether sufficient appropriate audit evidence has been obtained • Evaluating management’s judgements in applying the applicable financial reporting framework • Drawing conclusions based on the audit evidence obtained
What approach o auditors follow to auditing ISAs
risk-based approach
An audit risk is likely to the ___
financial statements
Define Audit risk
Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. It is a function of the risk of material misstatement (inherent risk and control risk) and the risk that the auditor will not detect such misstatement (detection risk).
Audit risk = __risk × __risk × __risk
Audit risk = Inherent risk × control risk × detection risk
Inherent risk
Inherent risk is the susceptibility of an assertion to a misstatement that could be material individually or when aggregated with other misstatements, assuming there were no related internal controls
Control risk
Control risk is the risk that a material misstatement, that could occur in an assertion and that could be material, individually or when aggregated with other misstatements, will not be prevented or detected and corrected on a timely basis by the entity’s internal control.
Detection risk
Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatement
One way to decrease detection risk is to increase sample sizes. T/F
True
increasing sample sizes and carrying out more work is not the only way to manage detection risk. why?
This is because detection risk is a function of the effectiveness of an audit procedure and of its application by the auditor
Although increasing sample sizes or doing more work can help to reduce detection risk, the following actions can also improve the effectiveness and application of procedures and therefore help to reduce detection risk:
• Adequate planning • Assignment of more experienced personnel to the engagement team • The application of professional scepticism • Increased supervision and review of the audit work performed
Define Materiality
Materiality for the financial statements as a whole and performance materiality must be calculated at the planning stages of all audits. The calculation or estimation of materiality should be based on experience and judgement. Materiality for the financial statements as a whole must be reviewed throughout the audit and revised if necessary.
ISA 320 does not define materiality (in relation to the financial statements as a whole) but notes that while it may be discussed in different terms by different financial reporting frameworks the following are generally the case:
(a) Misstatements are considered to be material if they, individually or in aggregate, could reasonably be expected to influence the economic decisions of users. (b) Judgements about materiality are made in the light of surrounding circumstances, and are affected by the size and nature of a misstatement or a combination of both. (c) Judgements about matters that are material to users of financial statements are based on a consideration of the common financial information needs of users as a group.
The materiality level will impact on the auditor’s decisions relating to:
• How many items to examine • Which items to examine • Whether to use sampling techniques • What level of misstatement is likely to result in a modified audit opinion
Conforming amendments to ISA 320 published in 2015 make it clear that auditors must consider the risks of material misstatement in qualitative disclosures. In doing so, the auditor should consider:
• The circumstances of the entity (eg any business acquisitions or disposals during the period) • The applicable financial reporting framework (eg new qualitative disclosures may be required by a new financial reporting standard) • Qualitative disclosures that are important to the users of the financial statements because of the nature of the entity (eg liquidity risk disclosures for a financial institution)
The following factors may affect the identification of an appropriate benchmark:
• Elements of the financial statements (eg assets, liabilities, equity, revenue, expenses) • Whether there are items on which users tend to focus • Nature of the entity, industry and economic environment • Entity’s ownership structure and financing • Relative volatility of the benchmark
Define performance materiality
Performance materiality is the amount or amounts set by the auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole. Performance materiality also refers to the amount or amounts set by the auditor at less than the materiality level or levels for particular classes of transactions, account balances or disclosures.
As you can see, determining performance materiality is very much dependent on the auditor’s professional judgement. In summary, it is affected by:
• The nature and extent of misstatements identified in prior audits • The auditor’s understanding of the entity • Result of risk assessment procedures
Materiality has qualitative aspects give examples
• Law, regulation or the applicable financial reporting framework affect users’ expectations regarding the measurement or disclosure of certain items (for example, related party transactions, and the remuneration of management and those charged with governance). • Some disclosures are key disclosures in relation to the industry in which the entity operates (for example, research and development costs for a pharmaceutical company). • Attention is sometimes focused on a particular aspect of the entity’s business that is separately disclosed in the financial statements (for example, a newly acquired business).
ISA 320 requires the following to be documented:
• Materiality for the financial statements as a whole • Materiality level or levels for particular classes of transactions, account balances or disclosures if applicable • Performance materiality • Any revision of the above as the audit progresses
Why do we need an understanding? what does ISA 315 say about this?
ISA 315 (Revised) Identifying and assessing the risks of material misstatement through understanding the entity and its environment states that the objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, through understanding the entity and its environment, including the entity’s internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement
OBTAINING AN UNDERSTANDING OF THE ENTITY AND ITS ENVIRONMENT Why is this important?
– To identify and assess the risks of material misstatement in the financial statements – To enable the auditor to design and perform further audit procedures – To provide a frame of reference for exercising audit judgement, for example, when setting audit materiality
OBTAINING AN UNDERSTANDING OF THE ENTITY AND ITS ENVIRONMENT What is important?
– Industry, regulatory and other external factors, including the applicable financial reporting framework – Nature of the entity, including operations, ownership and governance, investments, structure and financing – Entity’s selection and application of accounting policies – Objectives and strategies and related business risks that might cause material misstatement in the financial statements – Measurement and review of the entity’s financial performance – Internal control
OBTAINING AN UNDERSTANDING OF THE ENTITY AND ITS ENVIRONMENT How do we go about obtaining this information?
– Enquiries of management, appropriate individuals within the internal audit function and others within the entity – Analytical procedures – Observation and inspection – Prior period knowledge
– Client acceptance or continuance process – Discussion by the audit team of the susceptibility of the financial statements to material misstatement – Information from other engagements undertaken for the entity
In addition to the sources shown in the diagram above, the auditor will refer to the following to help in obtaining an understanding of the entity and its environment.
• The permanent audit file where information of continuing importance to the audit is kept • Audit working papers from the previous year’s audit file • Information from the client’s website • Publications or websites related to the industry the client operates in
A combination of the following procedures should be used to obtain an understanding:
• Enquiries of management, internal auditors and others within the entity • Analytical procedures • Observation and inspection
