RISK ASSESSMENT AND INTERNAL CONTROL - AUDIT - CHAP 3 Flashcards
AUDIT -CHAP 3
AUDIT RISK
AUDIT RISK mean the risk that the auditor gives an inappropriate audit opinion when the FS ARE MATERIALLY MISSTATED .This means the auditor gives an unmodified opinion when the FS are materially misstated .AUDIT RISK is a function of ROMM & DETECTION RISK**
**CONSEQUENCES THE AUDITOR HAS TO FACE IF HE EXPRESSES AN INAPPROPRIATE AUDIT OPINION **
**The auditors reputation will get damaged He would invite regulatory action by professional body .He would also have to face probable legal action by intended users. **
**SA 200 states that *
**SA 200 states that the auditor shall obtain SAAE to reduce the audit risk to an acceptably low level to enable the auditor to draw reasonable conclusions on which to base the audit opinion **
**ROMM **
**SA 200 states that the ROMM is the risk that the FS are materially misstated prior to audit .This means that there is a probability of faruds and errors in the FS before audit **
WHAT IS MEANT BY MISSTATEMENT?
**MIstatement is the difference b/w ACPD of reportedFS item and the ACPD that is required for the item to be in accordance with the APPLICABLE FRF **
EXAMPLES OF MISSTATEMNETS
**1. Selection and application of inaapropriate accounting policy 2. Charging of an item of revenue expenditure into capital expenditure or vice versa 3. Overstating or understating of inventories 4. Overstating of trade receivables in Fs by not writing off irrecoverable bad debts 5. Differnce in disclosure of FS item vs its requirement in applicable FRF 6. Intentional booking of fake expense in the statement of P&L **
APPLICABLE FRF
**APPLICABLE FRF is the framework adopted for the preparation and presentation of FS that is the acceptable in view of the nature of the entity and objectives of FS or is required by law or regulation **
ROMM may exist at 2 levels . NAME THEM
**ROMM AT -1. The overall FS level -refers to the risk tht relate pervasively to FS as a whole and potentially affects many assertions 2. The assertion level - are assessed to determine the NTE of FAP necessary to obtain SAAE .This evidence enbales the auditor to express an opinion on the FS at an acceptably low level of AUDIT RISK **
**Components of ROMM
**The ROMM at assertion level comprises of Inherent Risk and Control risk . These risk exist independent of audit of FS . They are entitys risk . These risk areinfluenced by the entity . and not influenced by the auditor **
Inherent risk and control risk
Inherent risk is the suspectibility of class of transaction account balance disclosure to a misstatemnt that can be material either individually or when aggregated with other misstatements before consideration of any related controls .**control risk is the risk that the misstatements that could occur in an assertion about a class of transaction account balance and disclosure that can be material either individually or when aggregated with other misstatement , will not be prevented or detected and corrected on a timely basis by the entitys internal control **
IMP points on inherent risk
1. Inherent risk is higher for complex calculations 2. inherent risk factors are considered while designing TOC and substantive procedures 3. it is important to consider the reason for each identified inherent risk even if the risk is lower when designing toc and substantive procedures
**FACTORS TO BE EVALUATED TO ASSESS THE INHERENT RISK AT FS LEVEL **
**1. Integrity of the managemnt 2. Unusual pressure on mngmnt3. nature of the entity4. factors affecting the industry in which the entity operates 5. Mnagement experience knowledge changes in managemnet during the period **
EXAMPLES OF INHERENT RISK
1. An AS provides guidance on a complex issue which is not understood by the management . Thus recording of this issue in FS carries an inherent risk of being misstated 2. There are a large number of buziness failures in an industry .thus An entity operating in such a industry would carry an inherent risk of being misstated
RELATIONSHIP BETWEEN EFFICIENCY OF INTERNAL CONTROL AND CONTROL RISK
**Inverse Relationship when the efficiency of internal control is high the control risk is low and when the efficiency of internal control is low the control risk is high **
DETECTION RISK
DETECTION RISK is the risk that the procedures performed by the auditor to reduce the audit risk to an acceptably low level will not detect a misstatement that exists that could be material either individually or aggregated with other misstatements**The auditor can influence the detection riskInherent and control risk belong to the entity and can be influenced by the entity . Therefore the auditor must reduce the detection risk to keep the audit risk at low level .detection risk can be reduced by increasing the area of checking, testing larger sample size and includingcompetent and experienced people in engagement team **
detection risk comprises of -
- sampling risk - risk that the auditors conclusions based on the sample may be different from the conclusions if the entire population was subjected to the same audit procedure 2. Non sampling risk- refers to the risk that the auditor reaches an erroneous conclusion for any reason not related to sample .The auditor may reach an erroneous conclusion due to inappropriate audit procedure
what is not included in audit risk
**Audit is a technical term related to the process of auditing it does not includes business risk of auditor - like loss from litigation , adverse publicity or any events arising in connections with audit of fs **AUDIT RISK doesnot include the risk that the auditor expresses an opinion that fs are materiallymisstated when they are not. This risk is ordinarily insignificant
**ASSESSMENT OF RISK -A MATTER OF PROFESSIONAL JUDGEMENT **
1. Audit risk is a fn of ROMM nd DR 2. The assessment of audit risk is based on audit procedures to obtain information necessary for the purpose and the audit evidence obtained throughout the audit 3. The assessment of audit risk is a matter of professional judgement rather than a matter capable of precise measurement.4. The distinguishing feature of professional judgement expected of an auditor is that it is exercised by theauditor whose knowledge skills and experience have assisted him in developing the necessary competencies to acheieve reasonable judgement .
**COMBINED ASSESSMENT OF ROMM **
1. SA do not ordinarily refer to the inherent risk and control risk separately but to combined assessment of ROMM 2. However the auditor may seek to make a combined or separate assessment of inherent risk and control risk depending on the preffered audit techniques methodologies and practical comsiderations 3. the assessment of ROMM may be expressed in quantitative terms such as percenatges or non quantitative terms4. in any case the need for auditor to make appropriate risk assessment is more important than the different approaches by which they may be made.
SA 315
SA 315- IDENTIFYING AND ASSESSING THE ROMM THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT - the objective of the auditor is to identify and assess the ROMM whether due to fraud or error at assertion level and FS level, including the entitys internal control therey providing the auditor a basis for designing and implementing responses to assessed ROMM.This will help the auditor to reduce the audit risk to acceptably low level
FOR THE PURPOSE OF IDENTIFYING AND ASSESSING THE ROMM THE AUDITOR SHALL
1. Identify risk throughout the process of obtaining an understanding about the entity and its environment including the relevant control and by considering the class of transaction account balance disclosure in the FS 2. Assess the identified risk, and evaluate whether they relate more pervasively to FS as a whole and potentially affect many assertion 3. Relate the identified risk to what can go wrong at the assertion level taking account of relevant controls the auditor intends to test4. consider the likelihood of misstatement including the possibility of multiple misstatement and whether the potential misstatement is of such a magnitude that could result in material misstatement
what is RAP ?
RAP is obtaining an understanding of the entity and its environment including entitys internal control, identifying and assesing ROMM whether due to fraud or error at fs level and assertion level are defined as RAP.**RAP BY THEMSELVES DO NOT PROVIDE SAAE ON WHICH TO BASE THE AUDIT OPINION **THE RISK TO BE ASSESSD INCLUDES BOTH DUE TO FRAUD AND ERROR **
WHAT IS INCLUDED IN RAP ?
**1. INQUIRIES OF MANAGEMENT AND OTHERS WITHIN THE ENTITY 2. ANALYTICAL PROCEDURES 3. OBSERVATION AND INSPECTION **
Inquires of management and other within the entity - INCLUDED IN RAP
Much of the information obtained by the auditors enquiry is obtained from the mangement and those responsible for financial reporting The auditor may also obtain information or have a different perspective in identifying and ROMM THROUGH INQUIRIES OF others within the entity and through employes at different level of authority inquiries directed towards 1. internal audit personnel 2. employees 3. in house legal counsel4. risk management function 5. IS personnel 6. marketing / sale manager