Transcript Slide 1
Chapter 4 Audit Risk and Business Risk LO1 - Define the Nature of Risk In this chapter, we will look at three critical components of risk that affect the audit approach and audit outcome 1. Engagement risk - comes with association with a specific client 2. Financial reporting risk - those that relate directly to the recording transactions and the presentation of the financial statements 3. Audit risk - risk an auditor may provide an unqualified opinion on financial statements that are materially misstated Each of these components can be managed. The effectiveness of risk management processes will determine whether the company continues to exist LO3 - The link between Risk & Control Controls are implemented to mitigate against risks. Controls vary and not only include financial controls e.g. bank reconciliation but also includes policy controls which ensue that certain operational procedures and standards are maintained/ LO4 - Review Risk Factors Affecting the Audit 1. Engagement Risk Risk auditors incur by being associated with a particular client Risk is high whenever there is increased likelihood that Auditor is associated with a failed client Financial statements contain material misstatement that the auditor fails to find These conditions increase the likelihood that the auditor will be sued Client Acceptance or Retention Decision Perhaps the most important audit decision A number of factors affect this decision, but most important involve Quality of the client's corporate governance Client's financial health Risk Factors Affecting the Audit - Corporate Governance The key factors an auditor will analyze include Management integrity Independence and competence of the audit committee and board Quality of ERM and controls Regulatory and reporting requirements Participation of key stakeholders Existence of related party transactions Management integrity - information sources Predecessor auditor Other professionals Other auditors within the audit firm News media and web searches Public databases Preliminary interviews with management Audit committee members Inquiries of federal regulatory agencies Private investigation firms Risk Factors Affecting the Audit Financial Health of the Organization There are a number of reasons why the auditor needs to evaluate a potential client's financial health: The auditor will most likely be sued if a client declares bankruptcy Investors and creditors who have lost money will look for recovery Attorneys will claim the financial statements were misstated and the auditors should have known they were misstated The auditor also needs to understand the financial health in order to: Assess management's motivation to misstate the financial statements Identify areas that are likely to be misstated Identify account balances that appear unusual Risk Factors Affecting the Audit - Other Factors Affecting Engagement Risk The auditor should evaluate the company's economic prospects to help ensure that Important areas will be investigated The company will likely stay in business High-risk companies are generally characterized by Inadequate capital Lack of long-run strategic and operational plans Low cost entry into the market Dependence on limited product offerings Dependence on technology subject to obsolescence Instability of future cash flows History of questionable accounting practices Previous inquiries by the SEC or other regulatory agencies Review Risk Factors Affecting the Audit 2. Financial Reporting Risk Financial reporting risk is influenced by The company's financial health The quality of the company's internal controls The complexity of the company's transactions and financial reporting Management's motivation to misstate the financial statements These factors are interrelated The auditor will gather information on these issues through reviews of previous audits, or by talking with the predecessor auditor LO5 - Accepting New Clients: Auditing Standards on Auditor Changes SAS 84 requires a successor auditor to initiate discussions with the predecessor to discuss the reasons for the change in auditors Because of the confidentiality rule, the successor must first obtain client permission to talk with predecessor The successor is particularly interested in factors that bear on Management integrity Disagreements with management on any substantive auditing or accounting issues The predecessor's understanding of the reasons for the change Any communications between the predecessor and management or audit committee regarding fraud, illegal acts or internal control matter Accepting New Clients: Engagement Letter – see page 108-109 The auditor and client should have a mutual understanding of the audit process The auditor should prepare an engagement letter to clarify the responsibilities and expectations of each party, and to summarize and document this understanding including the Nature of the services to be provided Timing of those services Expected fees and basis on which they will be billed (fixed fee, hourly rates) Auditor responsibilities including the search for fraud Client responsibilities including preparing information for the audit Need for any other services to be performed by the firm Define Materiality The auditor is expected to plan and perform an audit that provides reasonable assurance that material misstatements will be detected The FASB defines materiality as the "magnitude of an omission or misstatement of accounting information that, in light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement" Materiality has three significant dimensions: Size of the misstatement (dollar amount) Circumstances - some things are viewed more critically than others User impact - impact on potential users and the type of judgments made Comment on Materiality Determination of materiality is situation specific Although this makes determination more difficult, it allows the auditor to adjust the rigor of the audit to reflect the risk of the engagement The lower the dollar amount of set materiality, the more rigorous the examination Most firms have guidelines for setting materiality Guidelines usually involve applying percentages to some base e.g. Revenue, Assets, Pre-Tax income Guidelines may also be based on nature of the industry or other factors Auditors initially set planning materiality for the statements as a whole, and then allocate this to individual accounts based on their susceptibility to misstatement LO6 – 3. Audit Risk Audit risk is the risk than an auditor may issue an unqualified opinion on materially misstated financial statements The auditor assesses engagement risk first, then sets audit risk Audit risk is inversely related to engagement risk If the auditor accepts a client with high engagement risk The auditor must conduct a more rigorous audit. The auditor does this is by setting audit risk at a low level If the auditor accepts a client with low engagement risk The auditor can afford to set audit risk at a higher level Review the Audit Risk Model The auditor sets desired audit risk based on assessed engagement risk AR = IR x CR x DR AR = Audit Risk, IR = Inherent Risk, CR = Control Risk DR = Detection Risk The audit risk model allows the auditor to consider the following: Complex or unusual transactions are more likely to recorded in error than are simple or recurring transactions Management may be motivated to misstate earnings or assets Better internal controls mean a lesser likelihood of misstatement The amount and persuasiveness of audit evidence gathered should vary directly with the likelihood of material misstatements Explain the Audit Risk Model Inherent Risk - Susceptibility of transactions to be recorded in error Inherent risk is higher for some items: Complex transactions are more likely to be misstated than simple transactions Estimated balances more likely to be misstated than fact based balances The auditor assesses inherent risk Control Risk - Risk client controls will fail to prevent or detect a misstatement The quality of controls often varies between classes of transactions The auditor assesses control risk Explain the Audit Risk Model - 2 Environment Risk - inherent and control risks combined Detection risk - risk audit procedures will fail to detect material misstatements. It reflects the likelihood of material misstatements occurring Relates to the effectiveness of audit procedures and their application Detection risk is controlled by the auditor and is an integral part of audit planning The level of detection risk set directly determines the rigor of the substantive audit work performed LO7 - Audit Risk Model AR = IR x CR x DR Audit risk is set inversely to the assessed level of engagement risk After audit risk is set, the auditor assesses inherent and control (environment) risks The auditor sets detection risk INVERSELY to environment risk Example, if the auditor is examining transactions with high inherent risk, or weak controls, the auditor will set a low detection risk Audit Risk Model (cont’d) Low detection risk means a low probability of NOT detecting material misstatements To achieve low detection risk, the auditor will have to perform more rigorous substantive testing For example, larger sample sizes, more reliable forms of evidence, assign more experienced auditors, closer supervision, greater year-end (rather than interim) testing The audit risk model shows that the amount, nature, and timing of audit procedures depends on the level of audit risk an auditor assumes, and the level of client-related risks Audit Risk Model: Limitations Inherent risk is difficult to formally assess Audit risk is subjectively determined The model treats each risk component as separate and independent when clearly, this is not the case Audit technology is not so precise that each component can be accurately assessed Because of these limitations, many auditors use the audit risk model as a functional, rather than mathematical, model Preliminary Financial Statement Review: Techniques & Expectations Auditors use analytical procedures to develop expectations of account balances These expectations are compared to recorded book values to identify misstatements Sources of data commonly used: Financial information for prior periods Expected or planned results from budgets and forecasts Comparison of linked accounts (such as interest expense and debt) Ratios of financial information (such as common-size financial statements) Company and industry trends Relevant non-financial information Preliminary Financial Statement Review: Techniques & Expectations Techniques commonly used Trend analysis Comparative financial statements (horizontal analysis) Common-sized financial statements (vertical analysis) Ratio analysis The results of analytical procedures are placed in context when auditors compare client results to the client's prior performance, industry data, or client expectations (budgets and forecasts) Projected Key Ratios Current ratio Quick Ratio Gross Margin Income before taxes Inventory Turnover Receivable turnover Account balances ( '000) Inventory Current assets Net Income Sales Unaudited Percentage of change 1.50 1.00 28.70% 7.50% 2.85 3.00 1.52 0.98 27.80% 10.00% 2.82 3.00 1.33 (2.00) (3.14) 33.33 (1.05) 0.00 1,500 4,496 270 6,000 1,650 4,646 360 6,000 10.00 3.34 33.33 0.00 LO9 - Comment on Risk Analysis & Conduct of the Audit The risk approach means auditors must understand the company and its risks as a basis for determining which account balances should be directly tested and which can be corroborated by analytical procedures Linkage to direct tests of account balances If the auditor concludes there is a high risk of material misstatement s/he must Set materiality at an appropriate level Use procedures appropriate for the level risk to examine the account balance Comment on Risk Analysis & Conduct of the Audit Quality of accounting principles used The auditor is required to assess the appropriateness of the accounting methods used by management Guidelines to evaluate "appropriateness" include: Representational faithfulness - does the accounting reflect the economic substance of the transactions Consistency of application of GAAP Accounting estimates - based on proven models, reconciled to actual results, based on valid economic reasons?