RISK ASSESSMENT AND INTERNAL CONTROL - AUDIT - CHAP 3 Flashcards
AUDIT -CHAP 3
AUDIT RISK
AUDIT RISK mean the risk that the auditor gives an inappropriate audit opinion when the FS ARE MATERIALLY MISSTATED .This means the auditor gives an unmodified opinion when the FS are materially misstated .AUDIT RISK is a function of ROMM & DETECTION RISK**
**CONSEQUENCES THE AUDITOR HAS TO FACE IF HE EXPRESSES AN INAPPROPRIATE AUDIT OPINION **
**The auditors reputation will get damaged He would invite regulatory action by professional body .He would also have to face probable legal action by intended users. **
**SA 200 states that *
**SA 200 states that the auditor shall obtain SAAE to reduce the audit risk to an acceptably low level to enable the auditor to draw reasonable conclusions on which to base the audit opinion **
**ROMM **
**SA 200 states that the ROMM is the risk that the FS are materially misstated prior to audit .This means that there is a probability of faruds and errors in the FS before audit **
WHAT IS MEANT BY MISSTATEMENT?
**MIstatement is the difference b/w ACPD of reportedFS item and the ACPD that is required for the item to be in accordance with the APPLICABLE FRF **
EXAMPLES OF MISSTATEMNETS
**1. Selection and application of inaapropriate accounting policy 2. Charging of an item of revenue expenditure into capital expenditure or vice versa 3. Overstating or understating of inventories 4. Overstating of trade receivables in Fs by not writing off irrecoverable bad debts 5. Differnce in disclosure of FS item vs its requirement in applicable FRF 6. Intentional booking of fake expense in the statement of P&L **
APPLICABLE FRF
**APPLICABLE FRF is the framework adopted for the preparation and presentation of FS that is the acceptable in view of the nature of the entity and objectives of FS or is required by law or regulation **
ROMM may exist at 2 levels . NAME THEM
**ROMM AT -1. The overall FS level -refers to the risk tht relate pervasively to FS as a whole and potentially affects many assertions 2. The assertion level - are assessed to determine the NTE of FAP necessary to obtain SAAE .This evidence enbales the auditor to express an opinion on the FS at an acceptably low level of AUDIT RISK **
**Components of ROMM
**The ROMM at assertion level comprises of Inherent Risk and Control risk . These risk exist independent of audit of FS . They are entitys risk . These risk areinfluenced by the entity . and not influenced by the auditor **
Inherent risk and control risk
Inherent risk is the suspectibility of class of transaction account balance disclosure to a misstatemnt that can be material either individually or when aggregated with other misstatements before consideration of any related controls .**control risk is the risk that the misstatements that could occur in an assertion about a class of transaction account balance and disclosure that can be material either individually or when aggregated with other misstatement , will not be prevented or detected and corrected on a timely basis by the entitys internal control **
IMP points on inherent risk
1. Inherent risk is higher for complex calculations 2. inherent risk factors are considered while designing TOC and substantive procedures 3. it is important to consider the reason for each identified inherent risk even if the risk is lower when designing toc and substantive procedures
**FACTORS TO BE EVALUATED TO ASSESS THE INHERENT RISK AT FS LEVEL **
**1. Integrity of the managemnt 2. Unusual pressure on mngmnt3. nature of the entity4. factors affecting the industry in which the entity operates 5. Mnagement experience knowledge changes in managemnet during the period **
EXAMPLES OF INHERENT RISK
1. An AS provides guidance on a complex issue which is not understood by the management . Thus recording of this issue in FS carries an inherent risk of being misstated 2. There are a large number of buziness failures in an industry .thus An entity operating in such a industry would carry an inherent risk of being misstated
RELATIONSHIP BETWEEN EFFICIENCY OF INTERNAL CONTROL AND CONTROL RISK
**Inverse Relationship when the efficiency of internal control is high the control risk is low and when the efficiency of internal control is low the control risk is high **
DETECTION RISK
DETECTION RISK is the risk that the procedures performed by the auditor to reduce the audit risk to an acceptably low level will not detect a misstatement that exists that could be material either individually or aggregated with other misstatements**The auditor can influence the detection riskInherent and control risk belong to the entity and can be influenced by the entity . Therefore the auditor must reduce the detection risk to keep the audit risk at low level .detection risk can be reduced by increasing the area of checking, testing larger sample size and includingcompetent and experienced people in engagement team **
detection risk comprises of -
- sampling risk - risk that the auditors conclusions based on the sample may be different from the conclusions if the entire population was subjected to the same audit procedure 2. Non sampling risk- refers to the risk that the auditor reaches an erroneous conclusion for any reason not related to sample .The auditor may reach an erroneous conclusion due to inappropriate audit procedure
what is not included in audit risk
**Audit is a technical term related to the process of auditing it does not includes business risk of auditor - like loss from litigation , adverse publicity or any events arising in connections with audit of fs **AUDIT RISK doesnot include the risk that the auditor expresses an opinion that fs are materiallymisstated when they are not. This risk is ordinarily insignificant
**ASSESSMENT OF RISK -A MATTER OF PROFESSIONAL JUDGEMENT **
1. Audit risk is a fn of ROMM nd DR 2. The assessment of audit risk is based on audit procedures to obtain information necessary for the purpose and the audit evidence obtained throughout the audit 3. The assessment of audit risk is a matter of professional judgement rather than a matter capable of precise measurement.4. The distinguishing feature of professional judgement expected of an auditor is that it is exercised by theauditor whose knowledge skills and experience have assisted him in developing the necessary competencies to acheieve reasonable judgement .
**COMBINED ASSESSMENT OF ROMM **
1. SA do not ordinarily refer to the inherent risk and control risk separately but to combined assessment of ROMM 2. However the auditor may seek to make a combined or separate assessment of inherent risk and control risk depending on the preffered audit techniques methodologies and practical comsiderations 3. the assessment of ROMM may be expressed in quantitative terms such as percenatges or non quantitative terms4. in any case the need for auditor to make appropriate risk assessment is more important than the different approaches by which they may be made.
SA 315
SA 315- IDENTIFYING AND ASSESSING THE ROMM THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT - the objective of the auditor is to identify and assess the ROMM whether due to fraud or error at assertion level and FS level, including the entitys internal control therey providing the auditor a basis for designing and implementing responses to assessed ROMM.This will help the auditor to reduce the audit risk to acceptably low level
FOR THE PURPOSE OF IDENTIFYING AND ASSESSING THE ROMM THE AUDITOR SHALL
1. Identify risk throughout the process of obtaining an understanding about the entity and its environment including the relevant control and by considering the class of transaction account balance disclosure in the FS 2. Assess the identified risk, and evaluate whether they relate more pervasively to FS as a whole and potentially affect many assertion 3. Relate the identified risk to what can go wrong at the assertion level taking account of relevant controls the auditor intends to test4. consider the likelihood of misstatement including the possibility of multiple misstatement and whether the potential misstatement is of such a magnitude that could result in material misstatement
what is RAP ?
RAP is obtaining an understanding of the entity and its environment including entitys internal control, identifying and assesing ROMM whether due to fraud or error at fs level and assertion level are defined as RAP.**RAP BY THEMSELVES DO NOT PROVIDE SAAE ON WHICH TO BASE THE AUDIT OPINION **THE RISK TO BE ASSESSD INCLUDES BOTH DUE TO FRAUD AND ERROR **
WHAT IS INCLUDED IN RAP ?
**1. INQUIRIES OF MANAGEMENT AND OTHERS WITHIN THE ENTITY 2. ANALYTICAL PROCEDURES 3. OBSERVATION AND INSPECTION **
Inquires of management and other within the entity - INCLUDED IN RAP
Much of the information obtained by the auditors enquiry is obtained from the mangement and those responsible for financial reporting The auditor may also obtain information or have a different perspective in identifying and ROMM THROUGH INQUIRIES OF others within the entity and through employes at different level of authority inquiries directed towards 1. internal audit personnel 2. employees 3. in house legal counsel4. risk management function 5. IS personnel 6. marketing / sale manager
ANALYTICAL PROCEDURES - INCLUDED IN RAP
**1. ANAP performed as RAP may identify aspects of the entity which the auditor was unaware and may assist the auditor in assessing the ROMM in order to provide a basis for designing and implementing responses to assessd risk **2.ANAP performed as RAP may include both financial and non financial information **3.Anap may help identify existence of unusual transaction or events and amounts , ratios , trends that may indicate matters that have audit implications .Unusual or unexpected relationships that are identifiesd may assist the auditor in identifying the ROMM Especially ROMM due to fraud **4 However when such anp uses data aggregated at high levl the reesukts of those anap provide only a broad and initial indication about whether the MMS exists **5 accordingly in such cases consideration of OI that has been gathered when identifying ROMM ** + TOGETHER WITH THE RESULTS of SUCH ANAP may help the auditor in understanding and evaluating the results of ANAP. **
Observation and inspection included in RAP
Obseravtion and inspection may support inquiries of management and others within the entity and may also provide information about the entity and its environment examples -1. the entitys operation 2. the entitys premises and plant facilities 3. Reports prepared by managemnt such as quaterly managemnt reports and interim financial reports and TCWG - minutes of bod meeting 4. documents such as business plans and strategies records and internal control manuals
INFORMATION OBTAINED BY PERFORMING RAP MAY BE USED AS AUDIT EVIDENCE
**Information obtained by performing RAP and other related activities may be used by the auditor as audit evidence to support assessment of ROMM **IN addition the auditor may obtain evidence about class of transactiona ccount balance and disclosure and related assertion ajnd about operating effectiveness of controls even though such procedures were not specifically planned as SUBSTANTIVE PROCEDURES OR TEST OF CONTROL **The audiotr may choose to perform substantive procedures or test of control concurrently with RAP BECAUSE IT IS EFFICIENT TO DO SO **
MEANING OF INTERNAL CONTROL
INTERNAL CONTROL IS DEFINED AS1. the process designed implemented maintained 2. by TCWG , MANAGEMENT, and other personnel3. to provide reasonable assurance about the acheivement of an entitys objective 4. with regard to - relaibility of FR - Safeguarding of Assets- Effectiveness and efficiency of operations - complaince with applicable laws and regulation**
PURPOSE OF IC -
**IC is designed implemented and maintained to address identified business risk that threaten the acheivement of any of the entitys objective that concern 1. relaibility of FR 2. Safeguarding of Asset 3. Effectiveness and efficiency of control operations 4. compliance with applicable laws and regualtion **
BENIFITS OF UNDERSTANDING IC
- Identifying type of potential misstatement 2. identifying factors affecting risk of material misstatement 3. Determining the NTE of FAP
LIMITATION OF IC
1. Internal control can provide only reasonable assurance Internal control, no matter how effective, can provide an entity with only reasonable assurance about achieving the entity’s financial reporting objectives. The likelihood of their achievement is affected by inherent limitations of internal control. 2. Human judgment in decision-making Realities that human judgment in decision-making can be faulty and that breakdowns in internal control can occur because of human error. For example, there may be an error in the design of, or in the change to, a control. **3 Lack of understanding the purpose- Equally, the operation of a control may not be effective, such as where information produced for the purposes of internal control (for example, an exception report) is not effectively used because the individual responsible for reviewing the information does not understand its purpose or fails to take appropriate action. **4 Collusion among People Additionally, controls can be circumvented by the collusion of two or more people or inappropriate management override of internal control. For example, management may enter into side agreements with customers that alter the terms and conditions of the entity’s standard sales contracts, which may result in improper revenue recognition. Also, edit checks in a software program that are designed to identify and report transactions that exceed specified credit limits may be overridden or disabled. **5 Judgements by Management-Further, in designing and implementing controls, management may make judgments on the nature and extent of the controls it chooses to implement, and the nature and extent of the risks it chooses to assume. **6 Limitations in case of Small Entities Smaller entities often have fewer employees due to which segregation of duties is not practicable. However, in a small owner-managed entity, the owner-manager may be able to exercise more effective oversight than in a larger entity. This oversight may compensate for the generally more limited opportunities for segregation of duties. On the other hand, the ownermanager may be more able to override controls because the system of internal control is less structured. This is taken into account by the auditor when identifying the risks of material misstatement due to fraud.
**Components of IC **
**1. CONTROL ENVIRONMENT 2. CONTROL ACTIVITES 3. MONITORING OF CONTROL4. THE INFORMATION SYSTEM, RELATED BUZ ACTIVITIES RELEVANT TO FR AND COMMUNICATION5. ENTITYS RAP **
AS A PART OF OBTAINING AN UNDERSTANDING OF THE CONTROL ENVIRONMENT WHAT THE AUDITOR SHALL EVALUATE
The auditor shall evaluate whether 1. management has created and maintained a culture of honesty and ethical behviour 2. The strengths in the control environment elemnts collectively provide an appropriate foundation for other components of IC
