Chapter 7 - Risk Assessment and Inherent Risk Flashcards
What is audit risk?
It is the risk that an inappropriate or erroneous conclusion is made even when audit plans and procedures are in accordance to GAAP, but it is materially misstated.
What do we do if it is impossible to eliminate audit risk?
If it is impossible to eliminate audit risk you will collect sufficient appropriate audit evidence to reduce it to an acceptable level. It will then allow the auditor to draw a reasonable conclusion
What is the relationship of audit risk to the auditor?
Audit risk is related to the process of auditing. It is not the auditors business risk, such as loss from litigation or adverse publicity, that can arise as a result of an audit.
What are the two components of audit risk?
Audit risk is comprised of inherent risk, control risk, and detection risk. It is the foundation for all audits.
What are the two levels that RMM exists at?
- The overall financial statement level
- The assertion level for classes of transactions, account balances, and disclosures.
What is the risk of material misstatement at the financial statement level? What causes it?
Risks that relate perversely to the financial statements as a whole and potentially affect many assertions. Business risk, fraud, or deficiencies in the control environment.
What is the risk of material misstatement at the assertion level? What are the two components of RMM at the assertion level?
Refers to the risks that affect classes of transactions, account balances, and disclosures. Inherent risk and control risk.
What is inherent risk?
The susceptibility of an assertion relating to a class of transaction, account balance, or the disclosure before considering the effectiveness of the clients internal controls.
What is control risk?
It is the risk that a clients internal controls systems will not prevent or detect material misstatement in a timely manner.
Who does control risk and inherent risk belong too?
Control risk and inherent risk belong to the client, they are independent of the audit of the financial statements. Auditors have no control over these risks.
What precedes RMM at the assertion level?
The nature, timing, and extent of further audit procedures - These are the procedures that go beyond the risk assessment procedures as a response to RMM
What is detection risk?
It is the risk that the auditors procedures will not be effective in detecting a material misstatement when one exists. It is the only component that auditors are able to control.
What is the audit risk model?
It is a conceptual tool, not a precise formula, which helps the auditor plan their risk response. It is comprised of the following
AR = RMM * Detection Risk
RMM = Inherent Risk * Control Risk
What is the relationship between RMM and Detection risk?
There is an inverse relationship.
As RMM goes up, detection risk will go down as we will perform more substantive procedure ensuring we do not miss anything. They do this to make audit risk low
Ad RMM goes down, detection risk goes up as we perform less substantive procedures and focus more on the internal controls.
What are the two most common formulas for the audit risk model? What is the relationship between control risk and sufficient appropriate audit evidence?
Remember we always want the Audit Risk to be low, therefore these are common:
- Audit Risk (L) = Control Risk (H) * Inherent Risk (H) * Detection Risk (L) - More sufficient appropriate audit evidence
- Audit Risk (L) = Control Risk (L) * Inherent Risk (L) * Detection Risk (H) - less sufficient appropriate audit evidence.
There is a direct relationship. As the control risk goes up, sufficient appropriate audit evidence goes down, and vice versa.
How do we manage detection risk?
Essentially if the detection risk is high that means that the auditor will be relying on the internal controls and therefore does not care about the substantive testing rigorous processes lowering sample size, quality, etc. If the detection risk is low, this means that the auditor will be relying heavily on the substantive test procedures and thus place more of an emphasis on it.
What are relevant assertions? When are these assertions determined?
Relevant assertions are assertions about a class of transactions, account balances, or disclosures that are relevant when it has an identified RMM. Before considering the internal controls.
What are three ways to manage detection risk?
- Change the nature of the audit procedures - Use high quality evidence
- Change the timing of the audit procedures - Perform the audit procedure at the end of the year rather than during an interim period.
- Change the extent of the audit procedures - Use a large sample size
What does the audit risk model focus on? What are two practical ways auditors manage detection risk?
The audit risk model focuses on the adjustment of the further audit procedures.
1. Assigning more experienced staff to that area
2. Reviewing the completed audit tests more thoroughly.
How do we determine the existence of RMM? What is it?
We assess the inherent risk factors. Inherent risk factors are events or conditions that affect RMM before the consideration of controls. It may be quantitative or qualitative.
What are the five inherent risk factors. Briefly describe each one
- Complexity - The complexity and confusing nature of the accounting records
- Bias - Management skewing the information for their own benefit or fraud, they fail to remain neutral.
- Subjectivity - A misunderstanding of different method to apply an accounting framework or policy, the ability to prepare in an objective manner.
- Change - There was a change in an accounting policy, model, or environment
- Uncertainty - Management makes estimates on the basis of imprecise non comprehensive data
Are these factors assessed independently?
No, these factors are not assessed independently rather they are assessed as a whole, in a holistic manner.
What is the purpose of evaluating the nature and significance of the risks?
- Determine the overall risk response at the financial statement level. 2
- Design the further audit procedures that address the risks at the assertion level.
What are overall financial statement level risks?
These are risks that pervasively affect the financial statements as a whole or many different assertions.