SU 05 Audit risk and materiality Flashcards
Audit risk
the risk the auditor may not catch materially misstated financials (due to either error or fraud)
Materiality threshold
the acceptable level of misstatment/ the amount of error that can be allowed in an audit
Audit risk assessment types
Technical risk assessment
non-technical risk assessment
Technical risk assessment
Quantitative risk assessment
auditor “must assess risk associated with a client, to design nature, timing, and extent of audit procedures to be employed”
now generally build into the software
Non-technical risk assessment
Qualitative risk assessment, generally from an understanding of internal controls
Risk assessment procedures used to gain an understanding of the entity
- inquiries
- analytical procedures
- inspection and observation
what does the non-technical initial assessment of a potential audit client include
1) observation and inspection of
- control environment and activities
- documents and reports
- walk through for observation
- inspect prior period information if verified as current/ relevant
- nature of the entity (business plans/ objectives
2) analytical procedures
3) inquiries
- management, internal auditors, lawyers etc
what does the initial assessment of a potential audit client result in
preliminary risk determination
general idea of risk level leads to determination of materiality threshold
Equation for audit risk
Audit risk = RMM x DR
RMM = risk of material misstatement
DR = detection risk
AKA audit risk model
Detection risk
the risk that substantive audit procedures will miss a material misstatement
expressed by a percentage indicating the amount of detection risk that can be tolerated
the only part of the audit equation that can be directly affected by the audit firm
Factors of detection risk
- effectiveness of audit procedures
- how well audit procedures are carried out by the auditor
Relationship between risk of material misstatement and detection risk
Inverse - as RMM rises, DR must be kept lower
Direct connections
aka positive - related elements rise or fall together
Inverse connections
aka negative - move in opposite directions
Components of RMM
RMM = IR x CR
IR = inherent risk
CR = control risk
Inherent risk
the susceptibility of an assertion to material misstatement if no controls are in place
largely a factor of the business environment?
Control risk
the risk that internal controls in place will not prevent or detect a material misstatement in a timely manner
management responsibility
Expanded Audit risk equation
AR = IR x CR x DR
Audit risk = inherent risk x control risk x detection risk
detection risk equations
DR = AR / RMM or DR = AR / (IR x CR)
Components of detection risk
DR = TD x AP
TD = test of details
AP = risk of substantive analytical procedures
When is materiality considered in an audit
- balances
- transaction classes
- disclosures
- financial statements overal
Materiality threshold
amount of misstatement that is tolerable at a given level, must in aggregate be less than the materiality threshold for the financial statements as a whole
Tolerable misstatement
the amount of inaccuracy that can be tolerated
aggregated small misstatements may together exceed overall tolerable materiality, ergo tolerable misstatement must be less than materiality by some safety margin
why might misstatements below the materiality threshold still be material misstatements?
there may be qualitative considerations, including:
- management integrity or bias
- cumulative affect
- effect of specific regulations
types of misstatements
- identified misstatements
- likely misstatements
- errors
- fraud
evidence of likely misstatements may come from
- differences in auditor vs management estimates
- other evidence collected during audit
scienter
having intent
related to fraud
what parts of the audit use analytical procedures
- planning stage (initial risk assessment)
- substantive procedures state
- final stage (overall view of the audit)
Sources of data for analytical procedures
- financial information from past comparable periods
- anticipated results (forecasts/ estimates)
- relationships among data
- comparable industry data
- relationship between financial and non-financial data
Current ratio
current assets/ current liabilities
Quick ratio (acid test ratio)
(Current assets - inventory)/ current liabilities
Receivables turnover
net sales/ average net receivables
Days sales in receivables
365, 360 or 300 / receivables turnover
Inventory turnover
COGS/ average inventory
Days sales in inventory
365, 360, or 300 / inventory turnover
Debt-to-equity ratio
total debt/ total equity
Total asset turnover
net sales / total assets
Return on equity
net income / total equity
Gross margin percentage
(net sales - COGS) / net sales
Net operating margin percentage
operating income ./ net sales
Cost of good sold ratio
COGS / net sales
Times interest earned
(Net income + interest expense + income tax expense) / interest expense
Control environment
- organizational structure
- assigned authority and responsibility (checking for existence of incompatible job responsibilities)
internal control activities that must be assessed
- information processing controls
- access controls
Methods of auditing through the computer
- test data
- parallel simulation
- integrated test facility (ITF)
- Embedded audit module (EAM)
Test data computer auditing
auditor compares how the system calculates data to manual calculations
Parallel simulation
same data run through auditor’s computer and clients system to ensure it comes out the same
Integrated test facility
run dummy transactions through the client’s systems to check results and controls
Embedded Audit modules
continuous monitoring with an audit module embedded in the client computer system
Auditor’s responsibility regarding fraud
Provide REASONABLE assurance that financials are free from material misstatement due to error or fraud
Who has primary responsibility to prevent/ deter/ detect fraud
Management and those charged with governance (board)
Fraud Triangle
- Incentives/ pressures
- opportunity
- rationalization
Fraud pentagon
- revised fraud triangle more focused on middle to upper management
- Pressure
- Opportunity
- Rationalization
- Arrogance
- Competence
Types of financial statement related fraud
- Fraudulent financial reporting (intended to deceive users of FS)
- Misappropriation of assets
Defalcation
per investopedia: “the theft, misuse, or misappropriation of money or funds held by an official trustee, or other senior-level fiduciary. “
form of embezzlement
Fraud risk assessment actions required to combat fraud
- Planning: discussion of risks with key personnel on audit
- brainstorming possible fraud that might be a risk for the client
- Assess the client’s risk factor
- continuously monitor for fraud throughout engagement
- adjust procedures to respond to fraud/ high fraud risk
- DOCUMENT IN WORKPAPERS
Fraud-related items that must be discussed
- management overrides
- improper revenue recognition
- significant accounting estimates
- significant unusual transactions
What must be documented in audit workpapers in re fraud
- planning discussions
- procedures to assess fraud risk
- identified risks
- Management override assessment and responses
- responses to any fraud concerns
- any fraud related communications
must answer any questions raised in the documentation
Common skimming schemes
(theft of incoming sales)
- on- site employees
- remote salespeople
- mailroom theft
- check-for-cash substitutions
What is the auditor’s responsibility regarding detecting client fraud
- supposed to watch for non-compliance by client
- only REQUIRED to watch for issues that have a direct and material effect on financials (not all aspects, not indirect aspects)
- must assess RMM for non-compliance
- must inquire of management about compliance with laws and regulations - requires a management representation that there are no legal or regulatory violations
Management representation letter
- bullet points of all the facts that management has represented to the auditor
- auditor supplies to management and management signs
