Chapter 4 Flashcards
Audit Risk
The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.
Consider multiple levels (overall f/s; account balances; footnote disclosure)
Assertion: risk in terms of account balances and disclosures.
Opinion goes to both overall f/s and account balances,but reasonably assured.
AR Model (AR = IR X CR X DR)
Inherent risk, Control risk, and Detection Risk.
IR X CR= RMM Risk of Materially Mistatement.
Inherent Risk (IR)
Risk due to the nature of the account (item). The susceptibility that an account balance or disclosure can be misstated due to the nature of the account.
Control Risk (CR)
The risk that the company’s internal control will not catch, prevent, correct, or detect a material misstatement.
Key point involving IR and CR (responsibility of each risk?)
IR and CR are clients risk!
As CR increases, testing should increase!
Detection Risk (DR)
The risk that the auditors will not detect a material misstatement. Our risk!
Can DR be reduced to zero?
rarely test 100% of balances
Sampling risk: the sample you take will not perfectly apply to the population.
Non sampling risk: we humans will make mistakes.
Inverse relationship between IR/CR and DR
Higher IR/CR, the (lower) risk you will detect something must get smaller.
Key Point about risk
Risk is always, ultimately, a matter of professional judgement. The model is a planning tool, can be quantitative or qualitative; helps us assess risk!
Two more Key Points related to achieved level of AR
If actual/achieved/level of AR is equal or less than planned/expected/acceptable, an unqualified/ ‘clean’ opinion can be issued.
If actual/achieved level of AR is greater than planned/expected/acceptable, additional work or qualified opinion will be necessary. (more tests, worse than expected).
Engagement Risk
The risk that the firm can be damaged monetarily or reputation by working with a troubled client. “Guilt by association”.
Risk Assessment Process (Figure 4-2)
The processes or ways the auditor obtains an understanding of the entity and its environment.
Methods of Gathering this Info (3 ways)
Inquiries of management and others. Analytical procedures. Observation or inspection.
What do you want to learn about! (5 items to consider)
Nature of the entity. Industry, regulatory, and external factors. Objectives, strategies, and business risk. Entity performance measures. Internal control.
Identify Business Risks
Usually the greater the business risk, usually the greater inherent risk and control risk.
Evaluate clients risk assessment process (Chapter 6)
How management responds to these business risks and obtain evidence of its implementation.
Assessing the risk of material misstatement (error and fraud)
Every misstatement is either due to an error or fraud).
Error: unintentional.
Fraud: intentional
Errors
Factual error: you goofed on the facts (hard entry).
Judgemental nature: disagreements on bad debts (soft entry).
Projected misstatements: extrapolation can wrong, sample not relative (soft entry).
Fraud
1.Financial reporting (fraud), (including deliberate incorrect accounting).
2. Misappropriation of assets-stealing and concealing it.
“Cooking the books”.
How/Where to look for fraud
Look at unusual relationships. Talk with management, audit team members, board and audit committee. understand how the client closes the books at the end of each quarter or year end. Remember professional skepticism!
Three conditions indicative of fraud (Fraud Risk Triangle)
Opportunity, Incentive, and Attitude. Usually need at least two of these!
Assess risk-how to “respond”
Need to look at both the Assertion Level and F/S level.
Assertion Level
- Determine what might go wrong.
2. Design audit procedures for the assertion level risks (do testing)(balances and F/S disclosure).
Financial Statement Level
- Are they pervasive? (if not, do step 1 of assertion level)
- Develop an overall response/perspective.
Examples of F/S Level (Assessment of risk)
Examples: Internal Control (entity wide), management expertise, general business risks.
Example of #2: maybe we need more experienced staff with special skills to address these whole significant risk. Or change predictability of timing of work.
Key point to remember in assessment of risk (Special Items)
“Special” items (large acquisitions, new business lines, economy;complex transactions; new accounting standards; non routine transactions, etc.)- almost always high risk!
Required to look at these transactions.
Document what you consider/did/discovered/rules
Fraud always starts significant and material till you are shown otherwise. Document rules: Clear, Complete, Concise. Someday you will have to replicate this work!
Communication about fraud
Management- one level above level that committed the fraud! We can not tell the SEC. Usually the client will tell you who to report to about fraud, do what the Audit Committee says!
