Ch.6 Risk Flashcards
What does CAS 200 outline?
It deals with the independent auditor’s overall responsibility when conducting an audit of the financial statements, including:
- RMM
- SAA
- Forming opinions
What is Audit Risk?
Risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.
It is comprised of both risk of material misstatement and detection risk.
Note: Audit risk stays constant throughout the audit, but inherent and control risks are assesed during the audit and then the practioner dervies an acceptable detection risk.
What is the Audit Risk Model?
AR = RMM x DR
AR = Audit Risk
RMM = IR x CR
IR = Inherent risk - general and fraud risk at the OFSL and the assertion level
CR = Control risks - control risks at the OFSL and assertion level
DR = Detection risk (based on the reliance on substantive procedures)
Note: CAS 315.34 - if you do not plan to testing the operating effetiveness of controls, the assessment of RMM is the same as the assessment of the IR
What are some factors that can increase inherent risk at the OFSL level?
- Poor financial health (non-going concern)
- significant market competition that is driving down prices and pressuring cost structures (may cause pressure to overstate earnings)
- company that have never been audited before
- upcoming purchase or sale of the company (inherent bias to make the financial statements look more favourable)
- imposition of more stringent regulations on the industry nd the company
- IPO, issuance of new debt or bank covenants
- employees with reliance on net income for compensation (bonuses)
What are the different types of controls?
There are direct controls - controls precise enough to address risks of material msistatement at the assertion level
Indirect controls - controls that support direct controls
Note: Auditors are required to obtain an understanding of each of the 5 compnents of internal controls (even if the audit is primary substantive):
- Control environment
- entity’s risk assessment process
- the entity’s process to monitor the system of internal control
- the information system and communication
- control activities
What are some examples of control risk factors that can increase RMM at the OFSL level?
- Outdated GL system that is no longer supported by the software system
- lack of segregation of duties
- lack of internal audit function
- lack of general computer controls (password, firewalls, encryption, virus protection, backup system, etc.
- poor attitude towards control or little important on control systems
- management override of controls
- lack of policies
- lack of system documentation
Meanwhile there are factors that can increase risk, what are some factors that can decrease risk?
Anything of the opposite before, for example:
private, fewer users of the financial statements, etc.
What are some procedures you can implement to address RMM at the OFSL level?
- Emphasize professional skepticism to the audit team
- assigning more experienced staff to the audit team
- increasing supervision of the audit
- adding elements of unpredictability in audit procedures
- if the company has multiple locations/braches, increasing the number of locations/branches to be tested.
What is RMM at the Assertion level?
This is assessed at the transaction, account balance, and presentation and disclosure level.
The risks associated with these can specifically be attributed to an account.
For these accounts, the RMM must be split into inherent and control risks and address the relevant assertions and the related classes of transactions.
What are the types of qualitative and quantitative inherent risks?
Qualitative inherent risks related to the preparation of information required for financial reporting framework include:
- complexity
- subjectivity
- change
- uncertainty
- susceptibility to misstatement due to management bias or other fraud risk factors insofar as they affect inherent risk
Factors may include:
- industry, nature of business, characteristic of account balances or class of transactions
What does CAS 240 address?
Auditors responsibilities related to fraud in an audit of financial statements
