Planning and Risk Assessment (1)

Question 1

Why understanding the client is important

The knowledge of the client’s business can be used to: (4)

Answer 1

1. Assess the level of risk posed by this client.

   Example: A client operates in the technology sector, which is highly competitive and prone to rapid changes. Understanding this helps the auditor recognize the increased risk of financial misstatements due to market volatility and the need for aggressive revenue recognition policies.

2. Assess the controls in place to reduce the level of audit risk

   Example: If a client in the retail industry uses advanced inventory management systems and regularly conducts internal audits, the auditor can assess these controls to determine their effectiveness in mitigating the risk of inventory misstatements. Strong controls could reduce the auditor's reliance on extensive substantive testing.

3. Identify any further significant risks

   Example: A client in the manufacturing sector relies on a single supplier for key raw materials. Understanding this business dependency allows the auditor to identify supply chain risk as a significant factor that could impact production and financial performance, prompting further examination.

4. Plan an appropriate, efficient audit.

   Example: For a client in the hospitality industry experiencing rapid expansion, the auditor can plan audit procedures that focus on new locations and significant capital expenditures. This ensures that the audit covers areas with higher risk of material misstatement, making the audit more efficient and targeted.

Question 2

1. An overview of audit and risks

3 steps (3,1,1)

Answer 2

1. Risk Assessment

• Understand the client
• Identify risk & strategy
• Assess risk & materiality

2. Respond to risks identified

• Execute & evidence

3. Reporting

• Form an opinion

Question 3

Risk Assessment: (I) Understanding The Audit Client

Identify places of potential misstatements at 3 different levels

First Level is called?
What questions does it raise? (7)

Second Level is called?
What pressures is it concerning? (5)

Third Level is called?
It concerns? (2)

Answer 3

Entity Level

• What does the client do? (Nature of business)
• Where is the business done? (Geographical spread)
• Regulation – Accounting policy
• Who are the key customers?
• Who are the key stakeholders?
• Competence of key staff?
• Are suitable systems and controls in place? – Management decisions

Industry Level:

• Competition: Evaluating the client’s competitive environment.
• Reputation: Considering the client’s market reputation.
• Demand for goods/services: Understanding market demand.
• Shareholder expectations: Factoring in what shareholders want.
• Other pressures: Analyst expectations and other external pressures.

Broader Economic Level

• Interest rates & Foreign exchange rates: Assessing the impact of economic factors.
• Government support & regulation: Considering regulatory and policy impacts.

Question 4

Risk Assessment: (I) Understanding The Client

Sources of information: (3 types, 4,4,3)

Answer 4

External:

• companies house,
• banks,
• credit reference agencies,
• government statistics

Client:

• discussions with management,
• board minutes,
• previous financial statements,
• budgets

Prior knowledge:

• audit files,
• engagement team members,
• communication with previous auditors.

Question 5

Engagement Risk

What is vital in order to perform an effective audit?
What might higher risk mean?
Define engagement risk

What 3 types of risk can engagement risk be divided into?

What is the first risk associated with (2)
Risk results from (2)

What is the second risk?
4 points concerning it?

What is the third risk?

Answer 5

• It is vital to analyse the risk posed by acceptance of a particular client, in order to perform an effective audit.
• Higher risk may mean more audit evidence is required.
• The overall risk associated with an audit engagement is called engagement risk.

Engagement risk can be subdivided into three separate types of risk:

(i) client’s business risk

This is the risk associated with conditions, circumstances, events that impair management’s ability to do business:

• Profitability: How likely it is for the company to remain profitable.
• Survival: The company’s ability to continue operating, considering economic conditions, competition, and internal management challenges.

Risk results from:

• Actions and inactions
• Inappropriate objectives & strategies

(ii) auditor’s business risk

This is the auditor’s exposure to loss or injury to professional practice from litigation, adverse publicity or other events arising in connection with financial statements audited and reported on.

• Business risk may exist even if no misstatements
• May audit correctly, but still be sued
• Auditor’s business risk cannot be directly controlled by the auditor BUT
• It can be reduced by careful consideration of the acceptance and continuance of clients.

(iii) audit risk

This is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.

The audit risk model is widely used to help understand audit risk:

AR is a function of  IR, CR, DR
		    AR  =  IR X CR X DR

where:

AR=audit risk
IR=inherent risk
CR=control risk
DR=detection risk.

Question 6

Audit Risk

What is IR?
3 levels?

What is CR? (2)
Examples (3)

What is DR?
4 points about it?

Answer 6

(i) Inherent Risk

Auditor’s assessment of the likelihood that information in the financial statements will be materially misstated, regardless of the internal controls.

Industry or Sector Level:

• Assessing risks specific to the industry, like oil exploration, which might have unique regulatory, environmental, or market risks.

Entity Level:

• Evaluating risks particular to the company itself, such as being a takeover target, which might affect management decisions, financial stability, and reporting.

Balance Level:

• Examining risks associated with specific account balances, like historical stock or cash discrepancies, which could impact overall financial accuracy.

(ii) Control Risk

What the client does to reduce the inherent risks, e.g. put in place appropriate information and internal control systems:

If measures have been taken, and they are effective, control risk will be lower.

E.g.

• Oil Exploration: Implementing controls over measurement to ensure accuracy.
• Takeover Target: Ensuring consistency in policies to avoid discrepancies.
• Previous Stock/Cash: Using physical controls to secure assets and prevent fraud.

(iii) Detection Risk

The risk that audit procedures won’t pick up any material errors in the financial statements.

This is under the auditor’s control, and determined by the extent of inherent and control risk.

Generally the auditor will want the overall Audit Risk to be low, so if Inherent Risk and Control Risk are high, will force Detection Risk low by performing more tests.

Remember: AR = IR x CR x DR

These are elements of detection risk:

Sampling risk

• audit gives incorrect opinion because sample chosen for testing does not reflect the population as a whole.

Non-sampling risk

• auditor gives incorrect opinion for any other reason, e.g. the test chosen was inappropriate for the risk, or the auditor did not understand the client’s business, etc.

Question 7

Materiality - Judgement

Materiality is a matter of ________________:

An amount that ‘could influence the economic decisions of users’ is _____________, depending on the user.

An audit does not attempt to give _____________ assurance, but ‘_____________’ assurance

Materiality can be _______________ or _______________

Answer 7

Materiality is a matter of judgement:

An amount that ‘could influence the economic decisions of users’ is subjective, depending on the user.

An audit does not attempt to give absolute assurance, but ‘reasonable’ assurance

Materiality can be quantitative or qualitative

Question 8

Materiality at 3 Levels

What is the first level? (5 small points)
Second level (5)
Third level (3)

Answer 8

1. Planning Level

Decide what to consider as material at the start of an audit:

• Which accounts have changed the most
• Consider an amount above which is material

Plan an audit. Collect evidence

• Auditors can change preliminary assessment of materiality

2. Entire financial statements level

• errors or irregularities
• individually or in aggregate
• not presented fairly according to framework (IFRS)

Assess materiality @ different levels, for example:

• Profit & loss statement
• Revenues & expenses
• Profit
  Balance sheet
• Assets
• Liabilities

3. Account Balance Level

• Assess materiality at different classes or account levels: E.g. sales
• Again, consider nature and size of materiality. May be immaterial individually but material to the FS as a whole.
• Aggregated with other misstated account balances

Question 9

2. Materiality And Risk

What is the overall materiality level (3)
Tolerable Error (2)

Answer 9

• The overall materiality level is a measure of precision of the audit of the financial statements
• Higher audit risk, lower materiality set.
• A low materiality figure implies high risk for that particular category, and vice versa.

Materiality concerns the financial statements in total; tolerable error is the amount of materiality allocated to an account or class of transactions.

Common benchmarks are 2-15% of the account