Chapter 3

Risk Assessment and Materiality

McGraw-Hill/Irwin

Copyright 2010 by the McGraw-Hill Companies, Inc. All rights reserved.

LO# 1

Audit Risk
The risk that an auditor will issue an unqualified opinion on materially misstated financial statements.

Financial statement level

Individual account balance or class of transactions level

3-2

LO# 1

Engagement Risk
Client and third party lawsuits

An auditors exposure to financial loss and damage to professional reputation.

Negative publicity
3-3

Local audit failure

LO# 2

The Audit Risk Model

Inherent risk and control risk: Risk that material misstatements exist

Audit Risk = IR CR DR
Detection risk: Risk that auditor will not detect misstatements

Inappropriate audit procedure Fail to detect when using

appropriate audit procedure Misinterpreting audit results

Nonsampling risk

Sampling risk
3-4

LO# 3

Using the Audit Risk Model

Set a planned level of audit risk such that an opinion can be issued on the financial statements.

Assess inherent risk and control risk.

Use the audit risk equation to solve for the appropriate level of detection risk:

AR = IR CR DR AR DR = IR CR

Auditors use this level of detection risk to design audit procedures that will reduce audit risk to an acceptable level.
3-5

LO# 3

Relationship of the Entitys Business Risks to the Audit Risk Model

Figure 3-1

3-6

LO# 3

Using the Audit Risk Model

Qualitative terms may also be used in the audit risk model.

Case 1 2 3

AR Very low Low Very low

IR High Low Low

CR High Moderate Low

DR Low Moderate High

3-7

Limitations of the Audit Risk Model

LO# 4

The audit risk model is a planning tool, but it has some limitations that must be considered when the model is used to revise an audit plan or to evaluate audit results.

The desired level of audit risk may not actually be achieved. It does not consider potential auditor error. There is no way of knowing what the preliminary level of risk actually was.

Preliminary Assessment Level of Risk

+/

Actual or Achieved Level of Risk

3-8

The Auditors Risk Assessment Process

LO# 5

Auditors need to identify business risks and understand the potential misstatements that Business risks may result. include any external or internal factors, pressures, and forces that bear on the entitys ability to survive and be profitable.

3-9

LO# 5

The Auditors Risk Assessment Process

Figure 3-2 An Overview of the Auditors Assessment of Business Risks and the Risk of
Material Misstatements

3-10

LO# 5

Understanding the Entity and Its Environment

Industry Factors

Regulatory Environment

Nature of the Entity

Objectives and Strategies

Business Risks

Internal Control

Performance Measures
3-11

LO# 5

Understanding the Entity and Its Environment

3-12

LO# 5

Understanding the Entity and Its Environment

3-13

LO# 5

Auditors Risk Assessment Procedures (How do we gather this evidence?)

Inquiries of Management and Others

Analytical Procedures

Observation and Inspection

3-14

LO# 6

Assessing the Risk of Material Misstatement Due to Error or Fraud

Examples of misstatements include:

An inaccuracy in gathering or processing data from which financial statements are prepared. A difference between the amount of a reported financial statement account and the amount that would have been reported under GAAP. The omission of a financial statement element, account, or item. An incorrect accounting estimate arising from an oversight or misinterpretation of facts. The omission of information required to be disclosed in accordance with GAAP.

3-15

LO# 6

Assessing the Risk of Material Misstatement Due to Error or Fraud

Errors are unintentional misstatements:

Mistakes in gathering or processing financial data used to prepare financial statements. Unreasonable accounting estimates arising from oversight or misinterpretation of facts. Mistakes in the application of accounting principles relating to amount, classification, manner of presentation, or disclosure.

3-16

LO# 6

Assessing the Risk of Material Misstatement Due to Error or Fraud

Fraud involves intentional misstatements. The fraud risk identification process includes:

Sources of information about possible fraud

Communications among the audit team Inquires of management and others Fraud risk factors Analytical procedures Other information
3-17

LO# 6

Assessing the Risk of Material Misstatement Due to Error or Fraud (Fraud Triangle)
Three conditions usually exist when fraud occurs.

Incentive or pressure to perpetrate fraud

Opportunity to carry out the fraud

Attitude or rationalization to justify fraud

3-18

LO# 6

Assessing the Risk of Material Misstatement Due to Error or Fraud (See Table 3-4)
Fraudulent Financial Reporting Risk Factors Relating to Incentive/Pressure include:
Excessive pressure for management to meet third party expectations Financial stability or profitability is threatened Managements personal financial situation is threatened
3-19

LO# 6

Assessing the Risk of Material Misstatement Due to Error or Fraud (See Table 3-5)
Fraudulent Financial Reporting Risk Factors Relating to Opportunities include:
Nature of the industry Ineffective monitoring of management Complex or unstable organizational structure Deficient internal control
3-20

Risk Factors Relating to Attitudes/Rationalizations (See Table 3-6)

LO# 6

Fraudulent Financial Reporting Risk Factors Relating to Attitudes/Rationalizations include:

Use of inappropriate accounting based on materiality
Committing to aggressive or unrealistic forecasts Poor communication channels for reporting inappropriate behavior Weak ethical standards for Management behavior
3-21

LO# 6

Assessing the Risk of Material Misstatement Due to Error or Fraud

Fraud involves intentional misstatements.

Fraudulent financial reporting

Misappropriation of assets

3-22

LO# 6

Assessing the Risk of Material Misstatement Due to Error or Fraud

Fraudulent financial reporting includes acts such as the following:

Manipulation, falsification, or alteration of accounting records or supporting documents used to prepare financial statements. Misrepresentation in, or intentional omission from, the financial statements of events, transactions, or significant information. Intentional misapplication of accounting principles relating to amount, classification, manner of presentation, or disclosure.
3-23

LO# 6

Assessing the Risk of Material Misstatement Due to Error or Fraud

Misappropriation of assets involves the theft of an entitys assets to the extent that financial statements are misstated. Examples include:
Stealing assets
Paying for goods and services not received by the company

Embezzling cash received

3-24

LO# 6

Assessing the Risk of Material Misstatement Due to Error or Fraud

Misappropriation of Assets Risk Factors for Misappropriation of Assets include:
Access to assets

Adverse employee management relationships Lack of inventory control

No mandatory vacation policy

Personal financial pressures

Small, valuable inventory items

Inadequate separation of duties

Sudden changes in employee behavior

Employee disregard of internal control

3-25

Auditors Response to the Risk Assessment (See Figure 3-3)

Assess the risk of material misstatement at the financial statement and assertion levels.

LO# 7

Financial statement level risks

Assertion level risks

Do these risks relate pervasively to the financial statements?

No

Determine what can go wrong at the account or assertion level.

Yes

Develop an overall response.

Design audit procedures for assertion level risks.

3-26

Auditors Response to the Risk Assessment

To respond appropriately to pervasive financial statement risk, the auditor may do the following:

LO# 7

Emphasize to the audit team the need to maintain professional skepticism. Assign more experienced staff or those with specialized skills. Provide more supervision. Incorporate additional elements of unpredictability in the selection of audit procedures.

3-27

LO# 8

Evaluation of Audit Test Results

At the completion of the audit, the auditor should consider: 1. whether the accumulated results of audit procedures affect the assessments of the entitys business risk and the risk of material misstatement, and 2. whether the total misstatements cause the financial statements to be materially misstated. THEN
If the financial statements are materially misstated, the auditor should 1. request management to eliminate the material misstatement, or 2. if management does not make needed adjustments, the auditor should issue a qualified or adverse opinion.
3-28

Evaluation of Audit Test Results

LO# 8

If the auditor determines that the misstatement is or may be the result of fraud, and has determined that the effect could be material, the auditor should:

Attempt to obtain audit evidence to determine whether, in fact, material fraud has occurred and, if so, its effect. Consider the implications for other aspects of the audit. Discuss the matter and the approach to further investigation with an appropriate level of management that is at least one level above those involved in committing the fraud and with senior management. If appropriate, suggest that the client consult with legal counsel. Consider withdrawing from the engagement.
3-29

Documentation of the Auditors Risk Assessment

LO# 9

The auditor should document: Discussions among engagement personnel. Procedures performed to identify and assess the risks of material misstatement due to fraud. Risks of identified material misstatement due to fraud and a description of the auditors response to the risks. Fraud risks or other conditions that result in additional audit procedures. The nature of the communications about fraud made to management, the audit committee, and others.
3-30

LO# 10

Communications about Fraud

Whenever the auditor has found evidence that a fraud may exist, that matter should be brought to the attention of an appropriate level of management. Fraud involving senior management and fraud that causes a material misstatement of the financial statement should be reported directly to the audit committee of the board of directors.

The auditor should reach an understanding with the audit committee regarding the expected nature and extent of communications about misappropriations perpetrated by lower-level employees.

3-31

LO# 10

Communications about Fraud

The disclosure of fraud to parties other than the clients senior management and its audit committee ordinarily is not part of the auditors responsibility and ordinarily would be precluded by the auditors ethical and legal obligations of confidentiality, except when the following conditions exist: To comply with certain legal and regulatory requirements. To a successor auditor when the successor makes inquiries in accordance with AU 315, Communications between Predecessor and Successor Auditors. In response to a subpoena. To a funding agency or other specified agency in accordance with requirements for the audits of entities that receive governmental financial assistance.
3-32

LO# 11

Materiality
The magnitude of an omission or misstatement of accounting information that makes it probable that the judgment of a reasonable person relying on the information would be changed or influenced by the omission or misstatement.
Materiality is not an absolute and it is not a black or white issue! The determination of materiality requires professional judgment.
3-33

Steps in Applying Materiality on an Audit

LO# 12

Step 1: Determine a materiality level for the overall financial statements (planning materiality)
Step 2: Determine tolerable misstatement (allocation of materiality at individual account/class of transactions level)

Step 3: Evaluate auditing findings (near the end of the audit)

3-34

Step 1 Determine Overall Materiality

The quantitative base for materiality is a percentage (typically 3-5 percent) of:

LO# 12

The quantitative amounts may be adjusted lower for qualitative factors such as:
Close to violating loan covenants. Break-even earnings. Management turnover. High market pressures. High fraud risk.

Total revenues.
Gross profit. Income before taxes.

Income from continuing operations.

Total assets.

Three year average income.

Higher than normal risk of bankruptcy.

3-35

Step 2 Determine Tolerable Misstatement

LO# 12

Tolerable misstatement is the amount of planning materiality allocated to an account or class of transactions. Combined tolerable misstatement is generally greater than planning materiality because: Not all accounts will be misstated by their full tolerable misstatement allocation. Audits of individual accounts are conducted simultaneously. When errors are identified, additional testing is typically performed in that account and related accounts. Overall materiality serves as a safety net.
3-36

Step 3 Evaluate Audit Findings

LO# 12

When the audit evidence is gathered, the auditor:

Aggregates misstatements from each account or class of transactions (including known and likely misstatements). Considers the effect of misstatements not adjusted in the prior period. Compares the aggregate misstatement to planning materiality. If the aggregate misstatement is less than planning materiality, the auditor can conclude that the financial statements are fairly presented, if not, an adjustment should be made.
3-37

End of Chapter 3

McGraw-Hill/Irwin

Copyright 2010 by the McGraw-Hill Companies, Inc. All rights reserved.