Ch 4 Risk Assessment Flashcards
Audit Risk
risk that the auditor expresses an inappropriate audit opinion when the FSs are materially misstated.
At the assertion level, audit risk consists of
The risk that the relevant assertions related to the class of transaction, account balance, or disclosure contain misstatements that could be material to the FSs
(risk of MM = IR x CR)
The risk that the auditor will not detect such misstatements (detection risk)
Inherent risk (IR)
The susceptibility of an assertion in an account or disclosure to a misstatement due to error or fraud that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.
Control risk (CR)
The risk that a misstatement that could occur in an assertion about an account or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control.
The levels of inherent risk and control risk are functions of
the entity and its environment- auditor has no control
Combination of IR & CR defined as risk of
material misstatement (RMM)
material misstatement (RMM)
The risk that the financial statements are materially misstated prior to the audit.
this is a client risk bc stems from decisions made by entity like what kinds of business transactions to engage in and how much to invest in internal controls
Detection risk (DR)
The risk that the procedures performed by the auditor will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
Determined by the effectiveness of the audit procedures and how well the procedures are applied by auditor
Audit risk model
AR = RMM x DR where RMM = (IR x CR)
Engagement risk
The risk that the auditor is exposed to financial loss or damage to his or her professional reputation from litigation, adverse publicity, or other events arising in connection with financial statements audited and reported on.
3 steps in auditors use of audit risk model at assertion level
(1) set a planned level of audit risk
(2) assess the risk of MM
(3) determine the appropriate level of detection risk
Risk Assessment
the identification, analysis, and management of risks relevant to the preparation of financial statements that are fairly presented in conformity with GAAP.
Business risks
A risk resulting from significant conditions, events, circumstances, and actions or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies or from the setting of inappropriate objectives and strategies.
Audit data analytics
Using analysis, modeling, and visualization to discover and analyze patterns, anomalies, and other information in data in the context of the audit.
Analytical procedures
Evaluations of financial information made through analysis of plausible relationships among both financial and nonfinancial data.
Errors
Unintentional misstatements or omissions of amounts or disclosures.
Fraud
An intentional act by one or more among management, those charged with governance, employees, or third parties, involving the use of deception that results in a misstatement in the financial statements.
Auditors understanding of the entity and its environment includes knowledge about these categories
Nature of entity
Selection and application of accounting principles
Industry, regulatory, and other external factors
Objectives, strategies, related business risks
Entity performance measures
System of internal control
Misstatements due to errors or fraud include
an error in gathering or processing data from which FS are prepared
an omission of an account or disclosure, including inadequate or incomplete disclosures required to meet disclosure objectives of certain financial reporting frameworks as applicable
a FS disclosure that is not presented in accordance with GAAP
an incorrect accounting estimate arising from overlooking or clearly misinterpreting facts
judgements of management concerning account estimates that the auditor considered unreasonable or the selection or application of accounting policies that the auditor considers inappropriate
an inappropriate classification, aggregates or disaggregation of information
the omission of a disclosure necessary for the FS to achieve fair presentation beyond disclosures specifically required by the framework
Factual misstatements
These are misstatements about which there is no doubt.
For example, an auditor may test a sales invoice and determine that the prices applied to the products ordered are incorrect. Once the products are correctly priced, the amount of misstatement is known. In such cases, the auditor knows the exact amount of the misstatement.
Judgmental misstatements
These are misstatements that arise from the judgments of management concerning accounting estimates that the auditor considers unreasonable or the selection or application of accounting policies that the auditor considers inappropriate.
Projected misstatements
These are the auditor’s best estimate of misstatements in populations, involving the projection of misstatements identified in an audit sample to the entire population from which the sample was drawn.
Fraud classified into 2 types
(1) misstatements resulting from fraudulent financial reporting
(2) misstatements resulting from misappropriation of assets
The fraud risk assessment process
discussion among audit team regarding risks of MM due to fraud
inquiries of mgmt, audit committee, and other about their views on the risks of fraud and how it’s addressed
identification and assessment of fraud risk factors
consideration of any unusual or unexpected relationships that have been identified in performing analytical procedures in planning the audit
understanding of the entity’s period-end closing process and investigating unexpected period-end adjustments
Inherent risk and control risk differ from detection risk in that inherent risk and control risk are
Functions of the client and its environment, while detection risk is not
On the basis of audit evidence gathered and evaluated, an auditor decides to increase the assessed level of control risk from that originally planned. To achieve an overall audit risk level that is substantially the same as the planned audit risk level, the auditor would
Decrease planned detection risk
The acceptable level of detection risk is inversely related to the
Assurance provided by substantive tests
Which of the following would an auditor most likely use in determining the auditor’s preliminary judgment about materiality?
The entity’s financial statements of the prior year
The risk that an auditor will conclude, based on substantive tests, that a material error does not exist in an account balance when, in fact, such error does exist is referred to as
Detection risk
When an auditor increases the assessed level of control risk because certain control activities were determined to be ineffective, the auditor most likely would increase the
extent of substantive tests of details)
Which of the following audit risk components may be assessed in quantitative terms?
Control risk, Detection risk, Inherent risk
yes yes yes
In a financial statement audit, inherent risk is evaluated to help an auditor assess which of the following?
The susceptibility of an assertion to material misstatement assuming there are no related controls.
An auditor finds several errors in the financial statements that the client prefers not to correct. The auditor determines that the errors are not material in the aggregate. Which of the following actions by the auditor is most appropriate?
Document errors in the summary of uncorrected errors, and document the conclusion that the errors are not material in the aggregate.
Which of the following is a definition of control risk?
The risk that material misstatements will not be prevented or detected on a timely basis by employees acting in the normal course of their assigned duties
Which of the following concepts are pervasive in the application of auditing standards?
materiality and audit risk
The existence of audit risk is recognized by the statement in the auditor’s standard report that the auditor:
obtains reasonable assurance about whether the financial statements are free of material misstatement.
Risk of material misstatement refers to a combination of which two components of the audit risk model?
inherent risk and control risk
As lower acceptable levels of both audit risk and materiality are established, the auditor should plan more work on individual accounts to:
find smaller errors.
Which of the following characteristics most likely would heighten an auditor’s concern about the risk of intentional manipulation of financial statements?
Management places substantial emphasis on meeting earnings projections.
Which of the following is a misappropriation of assets?
An employee of a consumer electronics store steals 12 CD players.
Auditing standards require auditors to make certain inquiries of management regarding fraud. Which of the following inquiries is required?
whether management has any knowledge of fraud that has been perpetrated on or within the entity
Which of the following is an example of fraudulent financial reporting?
Company management falsifies the inventory count, thereby overstating ending inventory and understating cost of sales.
When is a duty to disclose fraud to parties other than the entity’s senior management and its audit committee most likely to exist?
in response to inquiries from a successor auditor
Which of the following is correct concerning required auditor communications about fraud?
Fraud that involves senior management should be reported directly by the auditor to the audit committee regardless of the amount involved.
