The auditor needs to understand a. the risks that affect the operations of the client b.
how well management identifies and deals with those risks. 4 kinds of risks 1. business risk- risk that affects the operations and potential outcomes of organizational activities 2. financial reporting risk- risk that relates to the recording of transactions and presentation of financial Data 3. Engagement risk- risk that auditor encournter by being associated with a particular client 4. Audit risk- the risk that the auditor expresses an audit opinion that the financial statements are fairly presented when they are materially misstated. Common sources of business risks: 1. economic downturn 2. technological changes 3. competitor’s action 4. business volatility 5. geographic location. Common sources of financial reporting risks: 1. competence and integrity of management and potential incentives to misstate the financial statement 2. complexity of transaction 3. internal control Safeguards to business and financial risks 1. gather information through reviews of previous audits (requires client’s permission) 2. reviews of the client’s internal control and risk management processes 3. discussions with management 4. analysis of the current economic environment Safeguards to audit risk 1. Not accepting certain companies as clients thereby reducing engagement risk to zero. 2. Set audit risk at a level that the auditor believes will mitigate the likelihood that the auditor will fail to identify material misstatements. Factors to consider when accepting or retaining an audit client 1. Management integrity a. Interviewing previous auditors i. integrity of management ii. Disagreements with management as to accounting principles, auditing procedures or other similarly significant matters. iii. The predecessor auditor’s understanding of the reasons for the change of auditors. iv. Any communication by the predecessor to the clients management or audit committee concerning fraud, illegal acts by the client and matters related to internal control. b. Independent sources of information
2. 3. 4. 5.
i. Independent, private investigations ii. References from key business leaders such as bankers and lawyers iii. Background search records iv. Past filings with regulatory agencies such as the SEC Independence and competence of management and the board of directors The quality of the organization’s risk management process and controls. Reporting requirements, including regulatory requirements. Participation of key stakeholders a. Understand their concerns b. Understand key compliance issues Existence of related-party transactions a. Conflicts of interest b. Opportunities to influence the reported financial statements of the entity The financial health of the organization a. No business operates independently of the basic economy of the country b. A downward trend in the economy implies i. More companies will fail ii. Companies will scale back their operations iii. Company will experience greater problems in collecting receivables or realizing the value of their inventory iv. Many financial instruments will not be realized at their cost c. Importance: important areas investigated and going concern of the company
Engagement letter- clarifies the responsibilities and expectations of each party and thus is an important element of managing engagement risk.
Materiality- magnitude of an omission or misstatement of accounting information that, in light of surrounding circumstances, make it probable that the judgment of a reasonable person relying on the information would have been changed. Guidance for materiality is adjusted for the qualitative conditions of the particular audit. Make materiality assessment 1. Audit planning 2. Evidence evaluation after audit tests are completed
overall materiality- in terms of the smallest aggregate level in any of the F/S planning materiality- on transaction and planning level. Tolerable misstatement- amount of misstatement in an account balance that the auditor could tolerate and still not judge the underlying account balance to be materially misstated Posting materiality- a materiality level where the auditor believes errors below that level would not, even when aggregated with all other misstatements, be material to the financial statement
Change in judgment1. preliminary financial statement is different from audited amounts 2. financial statement amounts used initially is changed significantly. Other factors to consider all audits involve testing- there is always some risk of material misstatement not uncovered some clients are not worth accepting compete in an active market place understand society’s expectation of financial reporting identify risky areas of a business allocate overall assessment of materiality. AR= f(IR, CR, and DR)- audit risk model Inherent risk- susceptibility of an assertion to a misstatement because of error or fraud that could be material, individually or in combination with other misstatement before consideration of any related controls. (recognizes that an error is more likely to occur in some areas than on others.) Control risk- risk that a misstatement because of error or fraud that could occur in an assertion and that could be material, individually or in combination with other misstatements, will not be prevented or detected by related internal control.. Detection risk- risk that the prrocedures performed by the auditor will not be detect a misstatement that exists. The only purpose of controls is to mitigate risk. Limitation of audit risk model inherent risk is difficult to formally assess audit risk is judgmentally determined treats each risk component as sparate and independent audit technology is not so precisely developed that each component of the model can be accurately assessed. Not particulary useful for healong auditor determine the necessary control testing for issuing an opinion on the effectiveness of internal control Because of the reduced reliability of internally generated evidence, the auditor should 1. Understand the company, its strategies and operation 2. Develop an understanding of the market including economic trends, product trends and competition 3. Develop an understanding of the economics of the client’s transactions 4. Develop a set of expectaions about financial results Audit risk approach 1. Develop an independent understanding of the business as well as the risks the organization faces a. Sources that may help understand key business processes
2. 3. 4. 5.
i. Management inquiries ii. Review of client’s budget iii. Tour of client’s plants iv. Review of data processing centers v. Review of important debt covenants and board of director minutes. vi. Revuew relevant government regulation and client’s legal obligation. Use the risks identified to develop expectations about account balances and financial results a. Should be documented and communicated Assess the quality control system to manage risks Determine risidual risk and update expections about financial account balances Manage the remaining risk of account balance misstatement by responding to the risks of material misstatement.
Analytical techniques to identify areas of heightened risk Basic premise underlyint is that plausible relationships among data may reasonably be expected to exists and continues in the absence of kwnon conditions to the contrary Process for performing analytical procedures o Developing expectations using general economic factors where the business exists o Determine the deviation from the client’s record (threshold) o The differences are areas where there is heightened risk misstatement. Types of analytical procedures o Trend analysis o Ratio analysis Comparison with previous year data Comparison with industry data