Transcript Chapter 7 Planning the Audit: Identifying and Responding to the

AUDITING
A RISK-BASED APPROACH TO
CONDUCTING A QUALITY AUDIT
9th Edition
Karla M. Johnstone | Audrey A. Gramling | Larry E. Rittenberg
CHAPTER 7
PLANNING THE AUDIT: IDENTIFYING AND
RESPONDING TO THE RISKS OF MATERIAL
MISSTATEMENT
Copyright © 2014 South-Western/Cengage Learning
LEARNING OBJECTIVES
1.
2.
3.
4.
Define the concept of material misstatement and
discuss the importance of materiality judgments in
the audit context
Identify the risks of material misstatement and
describe how they relate to audit risk and detection
risk
Assess factors affecting inherent risk
Assess factors affecting control risk
7-2
Copyright © 2014 South-Western/Cengage Learning
LEARNING OBJECTIVES
5.
6.
Use preliminary analytical procedures and
brainstorming to identify areas of heightened risk of
material misstatement
Describe how auditors make decisions about
detection risk and audit risk
7-3
Copyright © 2014 South-Western/Cengage Learning
LEARNING OBJECTIVES
7.
8.
Respond to the assessed risks of material
misstatement and plan the procedures to be
performed on an audit engagement
Apply the frameworks for professional decision
making and ethical decision making to issues
involving materiality, risk assessment, and risk
responses
7-4
Copyright © 2014 South-Western/Cengage Learning
THE AUDIT OPINION FORMULATION
PROCESS
7-5
Copyright © 2014 South-Western/Cengage Learning
PROFESSIONAL JUDGMENT IN CONTEXT - RISKS
ASSOCIATED WITH FINANCIAL STATEMENT
MISSTATEMENTS
• Risk: Expresses uncertainty about events and/or their
outcomes having a material effect on the organization
• According to ISA 315 the risks:
• Are associated with operational and financial reporting
decisions
• Are sometimes hard to quantify and are judgmental in nature
• Are present but the organization does not have material
misstatements, thus making it difficult for auditors to know
when a risk factor truly is leading to a material misstatement
for their particular clients
7-6
Copyright © 2014 South-Western/Cengage Learning
PROFESSIONAL JUDGMENT IN CONTEXT - RISKS
ASSOCIATED WITH FINANCIAL STATEMENT
MISSTATEMENTS
• What conditions would cause these types of risks to
lead to a material misstatement in the financial
statements? (LO 1, 2, 3, 4, 5)
• What types of risks do these examples represent?
(LO 2, 3, 4)
• How do these risks affect detection risk and audit
risk? (LO 2, 7)
7-7
Copyright © 2014 South-Western/Cengage Learning
LEARNING OBJECTIVE 1
DEFINE THE CONCEPT OF MATERIAL MISSTATEMENT
AND DISCUSS THE IMPORTANCE OF MATERIALITY
JUDGMENTS IN THE AUDIT CONTEXT
ASSESSING MATERIALITY
• Misstatement: An error, either intentional or
unintentional, that exists in a transaction or financial
statement account balance
• Essential to understand materiality in the context of
designing and conducting a quality audit
7-9
Copyright © 2014 South-Western/Cengage Learning
ASSESSING MATERIALITY
Materiality
• Magnitude of an omission or misstatement
of accounting information that, in view of
surrounding circumstances, makes it
probable that the judgment of a
reasonable person relying on the
information would have been changed or
influenced by the omission or misstatement
7-10
Copyright © 2014 South-Western/Cengage Learning
ASSESSING MATERIALITY
• According to ISA 320,
Materiality in Planning
and Performing an
Audit
• Auditors’ judgments
about materiality should
be made based on a
consideration of
information needs of
users as an overall group
• According to the
Supreme Court of the
United States
• Fact should be viewed by
reasonable investors as
having significantly
altered total mix of
information made
available
7-11
Copyright © 2014 South-Western/Cengage Learning
MATERIALITY GUIDANCE
• Audit firms provide auditors with:
• Specific written guidance
• Decision aids
• Levels considered by auditors
• Materiality for the financial statements as a whole
• Performance materiality for particular classes of
transactions, account balances, or disclosures
7-12
Copyright © 2014 South-Western/Cengage Learning
MATERIALITY GUIDANCE
• Performance materiality: Amount set by auditor at
less than materiality level for financial statements as
a whole or for particular classes of transactions,
account balances, or disclosures
• Used to:
• Assess risks of material misstatement
• Determine the nature, timing, and extent of audit
procedures
7-13
Copyright © 2014 South-Western/Cengage Learning
MATERIALITY GUIDANCE
• Tolerable misstatement: Amount of misstatement in
an account balance that the auditor could tolerate
and still not judge underlying account balance to be
materially misstated
• Clearly trivial amount (posting materiality)
• Inconsequential, whether:
• Taken individually or in the aggregate
• Judged by any criteria of size, nature, or circumstances
7-14
Copyright © 2014 South-Western/Cengage Learning
SEC VIEWS ON MATERIALITY
• Criticisms of the auditing profession
• Netting material misstatements
• Not applying materiality concept to swings in
accounting estimates
• Consistently passing on individual adjustments that
may not be considered material
7-15
Copyright © 2014 South-Western/Cengage Learning
SEC VIEWS ON MATERIALITY
• Qualitative reasons for considering quantitatively
small misstatement material
• Hiding failure to meet analysts’ consensus
expectations
• Changing a loss into income, or vice versa
• Concerning a segment playing significant role in
operations or profitability
• Affecting compliance with regulatory requirements
• Affecting compliance with loan covenants
• Effecting the increases in management’s
compensation
Copyright © 2014 South-Western/Cengage Learning
7-16
SITUATIONS NECESSITATING CHANGE
IN MATERIALITY JUDGMENTS
• Initial materiality judgments were based on
estimated or preliminary financial statement
amounts, which are different from the audited
amounts
• Financial statement amounts initially used in the
making of materiality judgments have changed
7-17
Copyright © 2014 South-Western/Cengage Learning
CHANGES IN MATERIALITY
JUDGMENTS
• Auditors make professional judgments about size of
material misstatements providing a basis for:
• Determining nature and extent of risk assessment
procedures
• Identifying and assessing risks of material
misstatement
• Determining nature, timing, and extent of tests of
controls and substantive audit procedures
7-18
Copyright © 2014 South-Western/Cengage Learning
LEARNING OBJECTIVE 2
IDENTIFY THE RISKS OF MATERIAL
MISSTATEMENT AND DESCRIBE HOW THEY
RELATE TO AUDIT RISK AND DETECTION RISK
EXHIBIT 7.1 - RISKS RELEVANT TO AN
AUDIT
7-20
Copyright © 2014 South-Western/Cengage Learning
RISK OF MATERIAL MISSTATEMENT
• Exists at the financial statement level and assertion
level
• Categories of risk within these levels
• Inherent risk
• Control risk
• Risk of material misstatement high - Auditor accepts
less audit risk
• Risk of material misstatement lower - Auditor
accepts more audit risk
7-21
Copyright © 2014 South-Western/Cengage Learning
RISK OF MATERIAL MISSTATEMENT
• Detection risk: Level of audit effort that auditor will
expend on engagement depends on level of
detection risk
When risk of
material
misstatement is
higher
Detection risk is set
lower
Increase in
evidence obtained
through
substantive audit
procedures
7-22
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE - WHAT MAKES
A RISK SIGNIFICANT?
• AU-C 315:
• Whether the risk is a risk of fraud
• Whether the risk is related to recent significant economic,
accounting, or other developments and, requires specific
attention
• Complexity of transactions
• Whether the risk involves transactions with related parties
• Degree of subjectivity in measurement of financial
information related to risk
• Whether the risk involving significant transactions outside
normal course of business
7-23
Copyright © 2014 South-Western/Cengage Learning
LEARNING OBJECTIVE 3
ASSESS FACTORS AFFECTING INHERENT RISK
FACTORS FOR ASSESSMENT OF INHERENT RISK
AT THE ASSERTION LEVEL AT A HIGHER LEVEL
• Account represents an asset that can be easily stolen
• Account balance made up of complex transactions
• Account balance requires a high level of estimation
to value
• Account balance subject to adjustments that are not
in the ordinary processing routine
• Account balanced composed of a high volume of
nonroutine transactions
7-25
Copyright © 2014 South-Western/Cengage Learning
BUSINESS RISKS
• Inherent risk at financial statement level that affects
business operations and potential outcomes of
organizational activities
• Factors affecting such risk
•
•
•
•
Overall economic climate
Technological changes
Competitor actions
Geographic locations of suppliers
7-26
Copyright © 2014 South-Western/Cengage Learning
FACTORS FOR ASSESSMENT OF INHERENT
RISK OF OPERATIONS AT HIGHER LEVEL
• Lack of expertise to deal with changes in industry
• Uncertain likelihood of successful introduction of
new product and acceptance by market
• Information technology being incompatible across
systems
• Expansion of business for which demand not
accurately estimated
• Implementation of incomplete business strategy
• New regulatory requirements increase legal exposure
7-27
Copyright © 2014 South-Western/Cengage Learning
FACTORS FOR ASSESSMENT OF INHERENT
RISK OF OPERATIONS AT HIGHER LEVEL
• Alternative products, services, competitors, or
providers posing a threat to current business
• Significant supply chain risks
• Complex production and delivery processes
• Mature and declining industry
• Inability to control costs with possibility of
unforeseen costs
• Producing products that have multiple substitutes
7-28
Copyright © 2014 South-Western/Cengage Learning
SOURCES OF INFORMATION FOR
ASSESSING BUSINESS RISKS
• Management inquiries
• Review of client’s
budget
• Tour of client’s plant
and operations
• Review government
regulations and client’s
legal obligations
• Knowledge
management systems
• Online searches
• Review of SEC filings
• Company Web sites
• Economic statistics
• Professional practice
bulletins
• Stock analysts’ reports
• Company earnings calls
7-29
Copyright © 2014 South-Western/Cengage Learning
INHERENT RISK AT FINANCIAL STATEMENT
LEVEL - FINANCIAL REPORTING RISKS
• When assessing this risk, auditors consider all items
on a company’s financial statements that are
subjective and based on judgment
• Inherent risk at the financial statement level is affected
by:
• Competence and integrity of management
• Potential incentives to misstate the financial statements
7-30
Copyright © 2014 South-Western/Cengage Learning
SOURCES OF INFORMATION
REGARDING MANAGEMENT INTEGRITY
• Predecessor auditor
• Other professionals in business community
• Other auditors within audit firm
• News media and Web searches
• Public databases
• Preliminary interviews with management
• Audit committee members
• Inquiries of federal regulatory agencies
• Private investigation firms
7-31
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE - AN EXAMPLE OF
INHERENT RISK AT FINANCIAL STATEMENT LEVEL
• Former CFO of Maxim Integrated Products was held
liable for securities fraud for engaging in a scheme to
backdate stock option grants
• Aided Maxim’s failure to maintain accurate accounting
records, resulting in inaccurate financial reporting
• Management integrity was a fundamental problem
leading to this fraud
• Assessing management integrity is no easy task
7-32
Copyright © 2014 South-Western/Cengage Learning
FACTORS FOR ASSESSMENT OF INHERENT RISK OF
FINANCIAL REPORTING AT HIGHER LEVEL
• Discrepancies in
accounting records
• Unusual relationships
between auditor and
management
• Lack of management
competence
• Company history of
meeting analyst estimates
or high earnings growth
expectations
• An impending initial
public offering of stock
• Disagreements over
financial reporting with
prior auditors
• Auditor resignation
• Unusual transactions with
outsiders or significant
related party transactions
7-33
Copyright © 2014 South-Western/Cengage Learning
FACTORS FOR ASSESSMENT OF INHERENT RISK OF
FINANCIAL REPORTING AT HIGHER LEVEL
• Transactions for which
most of the revenue or
expense is recognized at
inception of transaction
• Financial results that
seem too good to be true
• Complex business
arrangements that serve
little practical purpose
• Evasiveness from
management regarding
questions about financial
statements
• Insistence by CEO or CFO
to be present at all
meetings
• Accounting methods
appearing to favor form
over substance
7-34
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE - APPLICATION OF ACCOUNTING
PRINCIPLES AND RELATED DISCLOSURES
• Auditor needs to:
• Determine whether management’s decisions are
appropriate and consistent with financial reporting
framework
• Develop expectations about appropriate disclosures
that are necessary
• Compare those expectations to disclosures made by
management in assessing inherent risks
7-35
Copyright © 2014 South-Western/Cengage Learning
LEARNING OBJECTIVE 4
ASSESS FACTORS AFFECTING CONTROL RISK
CONTROL RISK
• Relates to susceptibility that a misstatement will not
be prevented or detected on a timely basis by
internal control system
• It’s assessment can be made at:
• Overall financial statement level
• Account or assertion level
7-37
Copyright © 2014 South-Western/Cengage Learning
ASSESSING FACTORS AFFECTING
CONTROL RISK
• Poor controls in specific countries or locations
• Difficulty gaining access to the organization or
determining the controllers of the organization
• Little interaction between senior management and
operating staff
• Weak tone at the top leading to a poor control
environment
• Inadequate accounting staff and information systems
7-38
Copyright © 2014 South-Western/Cengage Learning
ASSESSING FACTORS AFFECTING
CONTROL RISK
• Growth of organization exceeding accounting system
infrastructure
• Disregard of regulations for prevention of illegal acts
• No internal audit function, or lack of respect for
internal audit function by management
• Weak design, implementation, and monitoring of
internal controls
• Lack of supervision of accounting personnel
7-39
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE - LACK OF OVERSIGHT AS A
CONTROL WEAKNESS LEADS TO EMBEZZLEMENT
• Rita Crundwell and the City of Dixon, Illinois
• $50+ million fraud
• Auditors need to be aware of weak internal controls
and negative consequences for a client’s financial
statements
• Control risk assessment as high means a need to
perform additional substantive procedures
• Assessment of control risk as low means a need to test
those controls for operational efficiency
7-40
Copyright © 2014 South-Western/Cengage Learning
TECHNIQUES TO UNDERSTANDING
MANAGEMENT’S RISK ASSESSMENT
• Understand processes used by the board and
management to manage risk
• Review risk-based approach used by internal audit
function with its director and audit committee
• Interviewing management about:
•
•
•
•
Risk approach
Risk preferences
Risk appetite
Relationship of risk analysis to strategic planning
7-41
Copyright © 2014 South-Western/Cengage Learning
TECHNIQUES TO UNDERSTANDING
MANAGEMENT’S RISK ASSESSMENT
• Review outside regulatory reports
• Review company policies and procedures
• Review company compensation schemes
• Review prior years’ work
• Determine how management and board:
• Monitor risk
• Identify changes in risk
• React to mitigate, manage, or control the risk
7-42
Copyright © 2014 South-Western/Cengage Learning
LEARNING OBJECTIVE 5
USE PRELIMINARY ANALYTICAL PROCEDURES AND
BRAINSTORMING TO IDENTIFY AREAS OF
HEIGHTENED RISK OF MATERIAL MISSTATEMENT
PRELIMINARY ANALYTICAL
PROCEDURES
Developing an expectation
Determining when the difference between
auditor’s expectation and client’s records
would be significant
Computing that difference
Following up on significant differences
7-44
Copyright © 2014 South-Western/Cengage Learning
TYPES OF ANALYTICAL TECHNIQUES
• Trend analysis: Based on the history of changes in
the account, year-to-year comparisons of:
•
•
•
•
•
Account balances
Graphic presentations
Analysis of financial data
Histograms of ratios
Projections of account balances
7-45
Copyright © 2014 South-Western/Cengage Learning
TYPES OF ANALYTICAL TECHNIQUES
• Ratio analysis: Identifies significant differences
between the client results and a norm or between
auditor expectations and actual results
• Identifies potential audit problems that may be found
in ratio changes between years
7-46
Copyright © 2014 South-Western/Cengage Learning
EXHIBIT 7.3 - COMMONLY USED
RATIOS
7-47
Copyright © 2014 South-Western/Cengage Learning
RATIO AND TREND ANALYSIS
• Carried out through a comparison of client data with
expectations:
• Based on industry data
• Based on similar prior-period data
• Developed from industry trends, client budgets, other
account balances, or other bases of expectations
7-48
Copyright © 2014 South-Western/Cengage Learning
BRAINSTORMING
• A group discussion designed to encourage auditors
to creatively assess client risks
• Particularly those relevant to possible existence of
fraud in an organization
• Occur during the early planning phases of audit
• Repeated if actual fraud is detected
• Attended by entire engagement team and led by
audit partner or manager
7-49
Copyright © 2014 South-Western/Cengage Learning
GUIDELINES FOLLOWED DURING
BRAINSTORMING SESSION
Suspension of criticism
Freedom of expression
Quantity of idea generation
Respectful communication
7-50
Copyright © 2014 South-Western/Cengage Learning
STEPS IN BRAINSTORMING SESSIONS
Reviewing prior year client information
Considering client information, particularly
with respect to the fraud triangle
Integrating information from previous steps
into an assessment of likelihood of fraud in
engagement
Identifying audit responses to fraud risks
7-51
Copyright © 2014 South-Western/Cengage Learning
LEARNING OBJECTIVE 6
DESCRIBE HOW AUDITORS MAKE DECISIONS
ABOUT DETECTION RISK AND AUDIT RISK
DETERMINING DETECTION RISK AND
AUDIT RISK
• Auditor determines level of detection risk on the
basis of:
• Assessment of risk of material misstatement at all
levels
• Consideration of desired level of audit risk
• Determining detection risk influences nature,
amount, and timing of substantive audit procedures
7-53
Copyright © 2014 South-Western/Cengage Learning
DETECTION RISK AND AUDIT RISK
• Detection risk is affected by:
• Effectiveness of substantive auditing procedures
performed
• Extent to which the procedures were performed with
due professional care
• High level of detection risk
• Audit firm is willing to take higher risk of not detecting
a material misstatement
• Audit risk is also high
7-54
Copyright © 2014 South-Western/Cengage Learning
DETECTION RISK AND AUDIT RISK
• Low level of detection risk
• Audit firm is not willing to take as much of a risk of not
detecting material misstatement
• Audit risk is also low
• Audit risk usually set at between 1% and 5%
• Detection risk ranges from 1% to 100%
7-55
Copyright © 2014 South-Western/Cengage Learning
EXHIBIT 7.4 - RISKS AND THEIR
EFFECTS ON AUDIT WORK
7-56
Copyright © 2014 South-Western/Cengage Learning
EXHIBIT 7.4 - RISKS AND THEIR
EFFECTS ON AUDIT WORK
7-57
Copyright © 2014 South-Western/Cengage Learning
HIGH RISK OF MATERIAL
MISSTATEMENT
• Assuming an account with many complex
transactions and weak internal controls
• Inherent risk and control risk assessed at their
maximum
• Audit risk set at a low level
• Audit risk model
Audit Risk = Inherent Risk × Control Risk × Detection Risk
0.01 = 1.00 × 1.00 × Detection Risk
Detection Risk = 0.01 / (1.0 × 1.0) = 1%
7-58
Copyright © 2014 South-Western/Cengage Learning
LOW RISK OF MATERIAL
MISSTATEMENT
• Assuming an account with simple transactions and
well-trained personnel with no incentive to misstate
financial statements
• Inherent risk and control risk assessed at 50% and 20%
respectively
• Audit risk set at 5%
Audit Risk = Inherent Risk × Control Risk × Detection
Risk
0.05 = 0.50 × 0.20 × Detection Risk
Detection Risk = 0.05 / (0.50 × 0.20) = 50%
7-59
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE - AN EXPANDED
VERSION OF AUDIT RISK MODEL
7-60
Copyright © 2014 South-Western/Cengage Learning
LEARNING OBJECTIVE 7
RESPOND TO THE ASSESSED RISKS OF MATERIAL
MISSTATEMENT AND PLAN THE PROCEDURES TO
BE PERFORMED ON AN AUDIT ENGAGEMENT
PLANNING AUDIT PROCEDURES TO RESPOND TO
THE ASSESSED RISKS OF MATERIAL MISSTATEMENT
• Auditor should design:
• Controls reliance audit
• Substantive audit
• When considering risk responses, auditor should:
• Evaluate reasons for assessed risk of material
misstatement
• Estimate likelihood of material misstatement due to
inherent risks of client
7-62
Copyright © 2014 South-Western/Cengage Learning
PLANNING AUDIT PROCEDURES TO RESPOND TO
THE ASSESSED RISKS OF MATERIAL MISSTATEMENT
• Consider the role of internal controls, and determine
whether control risk is relatively high or low
• Obtain more relevant and reliable evidence with
increase in assessment of risk of material misstatement
7-63
Copyright © 2014 South-Western/Cengage Learning
EXHIBIT 7.5 - EFFECT OF RISK
ASSESSMENT ON RISK RESPONSE
7-64
Copyright © 2014 South-Western/Cengage Learning
NATURE OF RISK RESPONSE
• Types of audit procedures applied given the nature
of account balance and relevant assertions regarding
that account balance
• Procedures
• Assembling audit team with more experienced auditors
• Including on audit team outside specialists
• Increasing emphasis on professional skepticism
7-65
Copyright © 2014 South-Western/Cengage Learning
TIMING OF RISK RESPONSE
• When audit procedures are conducted and whether
they are conducted at announced or predictable
times
• When risk of material misstatement is heightened
• Audit procedures conducted closer to year end on an
unannounced basis
• Some element of unpredictability included in timing
7-66
Copyright © 2014 South-Western/Cengage Learning
TIMING OF RISK RESPONSE
• Introducing unpredictability
• Performance of some audit procedures on low risk
accounts, disclosures, and assertions
• Change in timing of audit procedures from year to year
• Selection of items for testing that are lower than prioryear materiality
• Performance of audit procedures on a surprise or
unannounced basis
• Varying location or procedures year to year
7-67
Copyright © 2014 South-Western/Cengage Learning
TIMING OF RISK RESPONSE
• Procedures that can be completed only at or after
period end
• Comparison of financial statements to accounting
records
• Evaluation of adjusting journal entries made by
management in preparing financial statements
• Conduct procedures to respond to risks that
management may have engaged in improper
transactions at period end
7-68
Copyright © 2014 South-Western/Cengage Learning
EXTENT OF RISK RESPONSE
• Amount of evidence that is necessary given client’s
assessed risks, materiality, and level of acceptable
audit risk
• When risk of material misstatement is heightened,
auditor increases extent of audit procedures and
demands more evidence
7-69
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE - THE CITY OF DIXON, ILLINOIS
SUES ITS AUDITOR RELATED TO RITA CRUNDWELL
EMBEZZLEMENT
• The lawsuit alleges:
• Professional negligence
• Negligent misrepresentation
• Certain deficiencies in audit procedure
• Severe consequences to all parties involved
• When auditors fail to assess and appropriately respond
to risk of material misstatement
7-70
Copyright © 2014 South-Western/Cengage Learning