Kế toán, kiểm toán - Chapter three: Risk assessment and materiality

Risk Assessment and Materiality Chapter ThreeAudit RiskThe risk that an auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.Financial statementlevelIndividual accountbalance or classof transactions levelAuditor’s Business RiskAn auditor’s exposureto financial loss anddamage toprofessional reputation.Client and thirdparty lawsuitsNegativepublicityThe Audit Risk ModelAudit Risk = RMM× DRRisk that material misstatements existNon-samplingriskSamplingriskDetection risk:Risk that auditor will not detect misstatements Inappropriate audit procedure Fail to detect when using appropriate audit procedure Misinterpreting audit resultsThe Audit Risk ModelAudit Risk = IR × CR × DRInherent risk and control risk:Risk that material misstatements existNon-samplingriskSamplingriskDetection risk:Risk that auditor will not detect misstatements Inappropriate audit procedure Fail to detect when using appropriate audit procedure Misinterpreting audit resultsUsing the Audit Risk Model Set a planned level of audit risk such that an opinion can be issued on the financial statements. Assess risk of material misstatements. Use the audit risk equation to solve for the appropriate level of detection risk:AR = MRR × DRDR = ARMRR Auditors use this level of detection risk to design audit procedures that will reduce audit risk to an acceptable level.Using the Audit Risk Model Set a planned level of audit risk such that an opinion can be issued on the financial statements. Assess inherent risk and control risk. Use the audit risk equation to solve for the appropriate level of detection risk:AR = IR × CR × DRDR = ARIR × CR Auditors use this level of detection risk to design audit procedures that will reduce audit risk to an acceptable level.Using the Audit Risk ModelUsing the Audit Risk ModelQualitative terms may also be used in the audit risk model.Using the Audit Risk ModelQualitative terms may also be used in the audit risk model.Limitations of the Audit Risk ModelPreliminaryAssessmentLevel of RiskActualor AchievedLevel of Risk + / – The audit risk model is a planning tool, but it has some limitations that must be considered when the model is used to revise an audit plan or to evaluate audit results. The desired level of audit risk may not actually be achieved. It does not consider potential auditor error. There is no way of knowing what the preliminary level of risk actually was.The Auditor’s RiskAssessment ProcessAuditors need toidentify business risks andunderstand the potentialmisstatements thatmay result.Business risksinclude any external orinternal factors, pressures, andforces that bear on the entity’sability to survive andbe profitable.The Auditor’s Risk Assessment ProcessUnderstanding the Entityand Its EnvironmentIndustryFactorsRegulatoryEnvironmentNature ofthe EntityInternalControlObjectives and StrategiesBusinessRisksFinancialPerformance MeasuresAccounting policiesUnderstanding the Entityand Its EnvironmentUnderstanding the Entityand Its EnvironmentAuditor’s Risk Assessment Procedures(How do we gather this evidence?)Inquiries of Managementand OthersAnalyticalProceduresObservationand InspectionA misstatement due to error or fraud is a difference between the amount, classification, or presentation of a reported financial statement element, account, or item and the amount, classification, or presentation that would have been reported under the applicable financial reporting framework.Assessing the Risk of Material Misstatement Due to Error or FraudExamples of misstatements include:An inaccuracy in gathering or processing data from which the financial statements are prepared.An omission of an amount or disclosure.An incorrect accounting estimate arising from overlooking or clear misinterpretation of facts.Management’s selection and application of accounting policies that the auditor considers inappropriate or judgements concerning accounting estimates that the auditor considers unreasonable, including related disclosures.Assessing the Risk of Material Misstatement Due to Error or FraudAssessing the Risk of Material Misstatement Due to Error or FraudErrors are unintentional misstatements:Mistakes in gathering or processing financial data used to prepare financial statements.Unreasonable accounting estimates arising from oversight or misinterpretation of facts.Mistakes in the application of accounting policies relating to amount, classification, manner of presentation, or disclosure.Assessing the Risk of Material Misstatement Due to Error or FraudFraud involvesintentional misstatements.Fraudulentfinancial reportingMisappropriationof assetsAssessing the Risk of Material Misstatement Due to Error or Fraud Fraudulent financial reporting includes acts such as the following:Manipulation, falsification, or alteration of accounting records or supporting documents used to prepare financial statements.Misrepresentation in, or intentional omission from, the financial statements of events, transactions, or significant information.Intentional misapplication of accounting policies relating to amount, classification, manner of presentation, or disclosure. Misappropriation of assets involves the theft of an entity’s assets to the extent that financial statements are misstated. Examples include:Assessing the Risk of Material Misstatement Due to Error or FraudStealing assetsEmbezzlingcash receivedPaying forgoods and servicesnot receivedAssessing the Risk of Material Misstatement Due to Error or FraudCategorisation in evaluating misstatements identified during the audit (ISA 450):Factual misstatements are misstatements about which there is no doubt.Judgemental misstatements are differences arising from the selection or application of accounting policies that the auditor considers inappropriate, or the judgements of management concerning accounting estimates that the auditor considers unreasonable.Projected misstatements are the auditor’s best estimate of misstatements in populations, involving the projection of misstatements identified in audit samples to the entire populations from which the samples were drawn.The Fraud RiskIdentification ProcessSources of informationDiscussionamong theaudit teamInquiries ofmanagementand othersFraudrisk factorsAnalyticalproceduresOther relevant informationThree conditions usuallyexist when fraud occurs.Incentive orpressure toperpetrate fraudOpportunityto carry out the fraudAttitude orrationalisationto justify fraudAssessing the Risk of Material Misstatement Due to Error or Fraud (Fraud Triangle)Financial stabilityor profitabilityis threatenedExcessive pressurefor management tomeet third partyexpectationsManagement’s personalfinancial situation is threatenedFraudulent Financial ReportingRisk Factors Relating to Incentive/Pressure include:Assessing the Risk of Material Misstatement Due to Error or Fraud (See Table 3-4)Ineffectivemonitoring ofmanagementNatureof theindustryDeficientinternalcontrolComplexor unstableorganisationalstructureFraudulent Financial ReportingRisk Factors Relating to Opportunities include:Assessing the Risk of Material Misstatement Due to Error or Fraud (See Table 3-5)Risk Factors Relating to Attitudes /Rationalisations (See Table 3-6)Poor communicationchannels for reportinginappropriate behaviourWeak ethicalstandards formanagementbehaviourCommitting to aggressive orunrealistic forecastsUse ofinappropriate accountingbased on materialityFraudulent Financial ReportingRisk Factors Relating to Attitudes/Rationalisations include:Accessto assetsInadequateseparationof dutiesNo mandatory vacation policyPersonalfinancialpressuresAdverseemployee managementrelationshipsSmall, valuableinventory itemsSudden changes inemployee behaviourLack ofinventory controlAssessing the Risk of Material Misstatement Due to Error or FraudMisappropriation of AssetsRisk Factors for Misappropriation of Assets include:Employeedisregard of internalcontrolAuditor’s Response to the Risk AssessmentFraud risk factorsHighly complex transactionsSignificant transactions with related partiesSignificant accounting estimatesNon-routine or unsystematically processed transactionsIndustry specific issuesApplication of new accounting standardsRevenue recognitionAuditor’s Response to the Risk AssessmentSignificant risks require special audit considerationsSignificant transactions outside the normal course of business of the entityEvaluation of Audit Test Results At the completion of the audit, the auditor should consider:1. The effect of the identified misstatements on the audit. 2. Whether the uncorrected misstatements cause the financial statements to be materially misstated. THEN1. If the uncorrected misstatements are immaterial and the relevant qualitative aspects of the entity’s accounting practices and financial statements presentation do not imply otherwise, the auditor can issue an unmodified opinion.2. If the uncorrected misstatements are material, the audit should issue a qualified or adverse opinion. Evaluation of Audit Test Results If the auditor determines that the misstatement is or may be the result of fraud, and has determined that the effect could be material, the auditor should:Attempt to obtain audit evidence to determine whether, in fact, material fraud has occurred and, if so, its effect.Consider the implications for other aspects of the audit.Discuss the matter and the approach to further investigation with an appropriate level of management that is at least one level above those involved in committing the fraud and with senior management.If appropriate, suggest that the client consult with legal counsel.Consider withdrawing from the engagement.Documentation of the Auditor’s Risk Assessment and ResponseThe auditor should document:Discussions among engagement personnel. Procedures performed to identify and assess the risks of material misstatement due to fraud. Risks of identified material misstatement due to fraud and a description of the auditor’s response to the risks.Fraud risks or other conditions that result in additional audit procedures. The nature of the communications about fraud made to management, those charged with governance, and others. The basis for the auditor’s conclusions about the reasonableness of accounting estimates that give rise to significant risks.Communications about Fraud Whenever the auditor has found evidence that a fraud may exist, that matter should be brought to the attention of an appropriate level of management. Fraud involving senior management and fraud that causes a material misstatement of the financial statement should be reported directly to those charged with governance. The auditor should reach an understanding with those charged with governance regarding the expected nature and extent of communications about misappropriations perpetrated by lower-level employees. The disclosure of fraud to parties other than the client’s senior management and those charged with governance ordinarily is not part of the auditor’s responsibility and ordinarily would be precluded by the auditor’s ethical and legal obligations of confidentiality. Communications about Fraud IFAC Code of Ethics for Professional Accountants provides guidance on circumstances where auditors should disclose confidential information or when such disclosure may be appropriate. MaterialityMisstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements. Judgements about materiality are made in light of surrounding circumstances, and are affected by the size or nature of a misstatement, or a combination of both.Materiality is not an absolute and it is not a black or white issue!Materiality is a matter of professional judgement.Steps in Applying Materialityon an AuditStep 1: Determine Materiality and Performance Materiality for theFinancial StatementsStep 2: Determine Materiality and Performance Materiality for Classes of Transactions, Account Balances or DisclosuresStep 3:Evaluate audit findingsStep 1 – Determine Materiality and Performance Materiality for the Financial StatementsThe quantitative benchmark for materiality may be a percentage of: Profit before taxes from  continuing operations. Total assets. Total revenues. Three year average profit.At the planning stage the auditor should also determine performance materiality.Performance materiality is setat a lower amount than materiality to provide a margin for possible undetected misstatements. Step 2 –Determine Materiality and Performance Materiality for Classes of Transactions, Account Balances or Disclosures Auditing standards require that the auditor in the specific circumstances of the entity determines lesser amounts than materiality for the financial statements as a whole for particular classes of transactions, account balances or disclosures. For the purpose of establishing the scope of audit procedures the auditor may also find it appropriate to determine performance materiality for classes of transactions, account balances, or disclosures. The specific policies and procedures of individual audit firms may differ in allocating materiality to individual elements of financial statements.Step 3 – Evaluate Audit FindingsWhen the audit evidence is gathered, the auditor: Evaluates if identified misstatements affect the overall audit strategy and audit plan. Communicates and requests management and those charged with governance to correct identified misstatements. Evaluates the effect of uncorrected misstatements on the financial statements. Step 3 – Evaluate Audit FindingsEnd of Chapter 3