Audit Tutorial 7

Question 1

a) State the audit risk model (Important in Final Exam)

 Audit risk model can be expressed as the following:
 Audit Risk (AR) = Inherent Risk (IR) x Control Risk (CR) x Detection Risk (DR)

b) Briefly explain audit risk and its three components (Important in Final Exam)
(i) Audit Risk
 This is the risk that the auditors express an inappropriate audit opinion
when the financial statements are materially misstated
 Audit risk is a function of the risk of material misstatement (inherent risk
and control risk) and the risk that the auditor will not detect such
misstatement (detection risk)
 AR = IR x CR x DR
 Example: Risk of issue unqualified audit report when F/S are materially
misstated
(ii) Inherent Risk
 Inherent risk (IR) is the susceptibility of an assertion to material
misstatement in the financial statements in the absence of internal controls
 This is a native risk, i.e. the risk posed by an error or omission in a financial
statement due to a factor other than a failure of internal control system
 Native risk→ Country, political, financial crisis, technology, nature of
business etc
 Example:
 Technological developments make a major product obsolete
 Inherent risk is most likely to be high when transactions are
complex
 Cash is more susceptible to theft than an inventory of steel bars
 Accounts receivables are susceptible to material misstatements
assuming there are no related internal controls
(iii) Control Risk
 Control risk (CR) is the risk that material misstatements will not be
prevented, detected and connected on a timely basis by an entity’s internal
control
 Management responsibilities are to implement and maintain an adequate
internal controls system to prevent and detect instances of fraud and errors.
 Control risk is the risk of a material misstatements in a F/S arising due to
absence or failure in the operation of relevant control of the entity.

 Example:
  Disbursement have occurred without proper approval
 A client fails to discover employee fraud on a timely basis because
bank accounts are not reconciled on monthly basis, i.e. no proper
information processing
(iv) Detection risk
 Detection risk (DR) is the risk that the auditor’s procedures will not detect a
material misstatement that exists in an account balance or class of
transactions, either individually or when aggregated with other
misstatements.
 This is a risk that the auditors fail to detect a material misstatement in the
financial statement. Misapplication and omission of critical audit procedures
may result in a material misstatement remaining undetected by the auditor.
 Example: The Sampling risk that samples are unrepresentative of the
populations from which they are drawn
 2 detection risks
 Sampling risk → the risk that samples are unrepresentative of the
populations from which they are drawn.
 Non-sampling risk→ draw incorrect conclusions→ Example:
mistakes, error or judgement, unfamiliar with the client etc

c) Briefly explain the interrelationship of the components of audit risk

 AR= IR X CR X DR
 Detection risk has an inverse relationship to the risk of material misstatement arising
from inherent risk and control risk
 Where the auditor’s assessment of inherent risk and control risk is high→ Internal
control system is weak→ the detection risk is set at a lower level to keep the audit risk
at an acceptable level→ the materiality level will be set at low (inversed relationship) →
Auditor cannot afford to have high DR→ Non-reliance audit strategy→ Increase
substantive procedures→ Increase the volume of detail checking of business
transactions and balances in the F/S
 Conversely, where the auditor believes the internal control is strong, i.e. inherent risk
and control risk of an engagement to be low→ detection risk is allowed to be set at a
relatively higher level→ the materiality level will be set at high (inversed relationship) →
because auditor can afford to have high DR→ Reliance audit strategy→ System based
approach→ decrease/restricted substantive procedures→ decrease the volume of detail
checking of business transactions and balances in the F/S

d) Briefly explain the use of audit risk model in the conduct of an audit
  The usage of the risk model is to assist the auditor in designing the audit strategy so to
gather sufficient appropriate audit evidence in order to reduce the audit risk to an
acceptable level
 Using the risk model, the auditor will be able to understand the inherent risk and control
risk exist in the entity. Given a low level of audit risk and high assessments for inherent
and control risk, the auditor would set direction risk as low. A low assessment for
detection risk implies that the auditor will conduct more detailed examination of this
account.

e) Explain the terms audit risk and audit business risk

(i) Audit Risk
 Audit risk is the risk that the auditor given an inappropriate audit opinion when
the financial statements are material misstated. It is the risk that the auditor
FAILS to appropriately modify his opinion on financial statements that are
materially misstated
(ii) Audit Business Risk
 Audit business risk is the risk that the auditor may be sued by the client or
account users and resulting damage of auditor’s reputation. Audit business risk
can be reduced by avoiding engagement of client that lacks integrity or in the
financial difficulty

Question 2

a) Define the term “Materiality”

 Materiality can be defined in the following terms: “Information is material if its omission
or misstatement could influence the economic decisions of users taken on the basis of
the financial statements.

b) What are the main factors that an auditor will consider when assessing whether an item is
material?
 Main factors affecting its determination
(i) Quantitative Factor
 Nature of amount of an item
 Types of method/bases used in evaluating a materiality
 Example: Turnover, net profit, equity, etc
 If a small amount of error repeated, it can cumulate to become material effect.
For example, a small error in a month-end-procedures can cumulatively have a
material effect, if repeated

(ii) Qualitative Factor

  Qualitative Factors such as management attitude, staff motivation,
company’s reputation may also affect materiality
 Certain types of misstatements are likely to be more important to users
than others, even if the amounts are the same. Example: a qualitative
misstatement would be the inadequate or improper description of an
accounting policy which is likely to mislead the users

(iii) Professional judgement

 Materiality is a relative rather than an absolute concept which means
that when auditor assesses whether an item is material or otherwise, he
needs to use his professional judgement to decide

c) When does the auditor consider materiality?

(i) Commencement of audit→ Audit planning
 Audit planning and control→ Risk assessment
 To set preliminary materiality level→ to plan audit procedures→ detect material
misstatement that is above materiality level

(ii) During audit process

 Determining the nature, extent and timing of further audit procedures based on the
assessed risk
 Focus on transaction above material level
 Auditor will revise materiality level and carry out additional audit procedures if
necessary

(iii) At the final audit

 Evaluating the effect of identified and uncorrected misstatements on the auditor’s
report
 If no material misstatement→ unmodified opinion in the auditor report
 If misstatements→ material, but not pervasive→ qualified opinion in the auditor report
 If misstatements→ material and pervasive→ adverse or disclaimer of opinion in the
auditor report

d) What is the relationship between materiality and the level of audit risk?
 Materiality level/ Performance materiality means the maximum misstatement amount
or amounts accepted by the auditor that the auditor believes that the financial
statements as the whole presented true and fair view
 The auditor’s assessment of materiality helps the auditor decide such questions as what
items to be examined, the sample size and sampling method. It also determines the
 extent of tests of controls and substantive testing to be performed. This can enable the
auditor to select procedures that can be expected to reduce audit risk to an acceptably
low level
 The relationship between materiality and audit risk is inversed (opposite) that is the
higher the materiality level, the lower the audit risk and vice versa
 When audit risk is high→ materiality level will be set at low level→ Non- reliance audit
strategy→ increase the volume of detailed checking of business transactions and
balances in F/S→ gather more evidence→ increase substantive procedures→ express
audit opinion→ F/S→ true and fair view
 When audit risk is low→ materiality level will be set at high level→ Reliance audit
strategy→ System based approach→ Decrease the volume of detail checking of business
transactions and balances in F/S→ gather less audit evidence→ decrease substantive
procedures→ express audit opinion→ F/S→ true and fair view

Question 3

a) Briefly explain the relationship of materiality and audit risk as well as their impact on audit
evidence.
 There is an inverse relationship between the materiality and the level of audit risk
 The higher the materiality level, the lower the audit risk, vice versa
 When the audit risk is assessed as high, the materiality level will be set at low level. It
means that the auditor needs to check more and gather more audit evidence in order to
reduce the audit risk to the acceptable level→ Non-reliance audit strategy→ increase
substantive procedures
 If the auditor determines that the audit risk is higher, hence lower the acceptable
materiality level. The auditor would have to compensate this by either.
 Reducing the level of assessment of control risk
 Reducing the detection risk by modifying the nature, timing and extent
of substantive procedures (ISA 320 requirement)

b) After planning for specific audit procedures, the auditor determines that the audit risk has
increased and therefore the acceptable materiality level should be lower. What should the
auditor do to reduce the audit risk to an acceptably low level
 During the process of carrying out audit, if auditor finds out the audit risk is higher than
the initial plan, auditor need to:
 Reduce the detection risk by modifying the nature, timing and extent of
substantive procedures (ISA 320) to gather more audit evidence
 Reduce the level of assessment control risk when there is possible
Question 4

For each of the following situations, explain how risk should be assessed and what effect that
assessment will have on detection risk

a) Your client TMM Stores has experienced slower sales during the last year. There is a new finance
director and financial controller. The chairman, Mr Alex is also a substantial shareholder of the
company is always very concerned with meeting of the forecast earning.
1) Slower sales during the last year
 Since TMM has experienced a slow sale the liquidity of the company will be in
pressure→ Collection→ may have cash flow issue→ may result going concern issue→
High inherent risk→ High audit risk
2) New finance director and financial controller
 The financial director and financial controller are new employees. They may not know
well the background of TMM. As a result, they may not able to detect any misstatement
or too weak to challenge the chairman if he has intention to overstate the revenue→
possible material misstatement→ High inherent risk→ High AR
3) Meeting the forecast earning
The management would be pressurized by the chairman, Mr Alex to meet the forecast result. As
a result, the risk of overstatement of revenue or understated of expenses is considered as high
in order to meet the forecast earning→ High inherent risk→ High AR

Conclusion
Auditor should reduce the detection risk→ Non-reliance audit strategy→ increase substantive
procedure→ performing more detailed examination in transactions and balances→ to minimize
the risk of material misstatement→ Materiality level will set at low→ especially increase
substantive test on the revenue

b) Supermax Electrical Sdn.Bhd is a fast grow retailer in electrical goods. The companies have open
5 new outlets in last year. The founder Alex Tan is the CEO of the company. He personally makes
all the decisions. Most of the directors are either members of Alex family or closed-friends. The
board basically rubber stamps Mr Alex’s decisions.
1) Fast growth retailer
 The company has grown rapidly with the opening of 5 new outlets within a year. Such
an aggressive growth may result a problem of overtrading that is shortage of cash for
the normal operation→ may have cash flow problems→ may result Going concern
issue→ High IR→ High AR

2) 5 New outlets in last year

  The company opened 5 new outlets within one a year→ may not be able to implement
good internal control on the timely basis→ possible material misstatement→ possible
loss to the company→ High CR→ High AR
3) Management style: All decision made by Alex Tan
 Mr Alex makes all the decision himself and the other members are too weak to
challenge Alex’s decision. As a result, Alex may misuse his power to manipulate the
financial results→ may override system→ High CR→ High AR

Conclusion
 Auditor should maintain his/her attitude of professional scepticism to gather sufficient
and appropriate audit evidence in order to reduce the detection risk→ Non-reliance
audit strategy→ increase substantive procedures→ Materiality level will set at low→
performing more detail examination of transactions and balances→ to minimize the risk
of material misstatement

c) Sunrise Berhad has been your audit client for the past few years. The computer has been making
loss for the past few years. You understand from the business contacts that the relationship
between the CEO and finance director is turning sour due to some inconsistency in view on
business and accounting issues. In your recent visit, the CEO told you that the finance director is
on six months leave, and newly appointed financial controller will be in charge during his absent
1) Making loss for the past few years
 Sunrise Berhad has been making loss for the past few years→ expenses more than
sales→ may have cash flow problem→ may results going concern issue→ High IR→ High
AR
2) Relationship of the CEO and finance director is turning sour
 The relationship of the CEO and finance director is turning sour due to some
inconsistency in business and accounting issues. In addition, the finance director was on
six months leave→ possible of risk of non-compliance with accounting standards and
laws→ affect true and fairness of financial statement→ High IR→ High AR
3) Newly appointed financial controller
 The financial controller is new employee. He may not know well the background of
Sunrise. As a result, he may not able to detect any material misstatement→ High IR→
High AR

Conclusion

 The risk of material misstatement is assessed as high as a result that there may be some
contentious issues to manipulate the financial statements
 Auditor should contact the previous financial controller to understand the issues that
disagreed between him/her and the CEO
  Auditor should maintain his/her attitude of professional scepticisim to gather sufficient
and appropriate audit evidence in order to reduce the detection risk→ Non-reliance
audit strategy→ Increase substantive procedures→ Materiality level will set at low→
performing more detail examination of transaction and business→ to minimize the risk
of material misstatement

Question 5

(Question detailed refer to the tutorial)

Describe the risks associated with the audit of People-first and explain the implication of these risks for
the overall audit risk.

1) Nature of the business: Charity

 Non-profit organization→ lack of strong internal control system→ objective is not for
profit→ High CR→ High AR
2) Fund raising: Cash collection
 Cash collection→ susceptible to fraud→ High IR→ High AR
3) Charity is run by volunteers
 Violation of their constitutions→ possible of non-compliance with laws, regulations and
accounting standards→ High IR→ High AR
4) Accounts have been prepared by a volunteer who is recently retired chartered certified
accountant
 Reliable→ professional→ chartered certified accountant→ Low IR→ Low AR

Additional Question

Risk and implications for audit risk

1) Inherent risk
 Charities can be viewed as inherently risky because they are often managed by non-
professionals and charity income mainly came from cash collection and susceptible to
fraud although many charities and the volunteers that run them are people of the
highest integrity who take a great deal of care over their work. The assessment of this
aspect of inherent risk depends on each individual charity and the areas in which it
operates→ High IR→ High AR
 Charities are also at risk of being in violation of their constitutions which is important
where funds are raised from public or private donors who may well object strongly if
funds are not applied in the manner expected. Other charities and regulatory bodies
supervising charities may also object→ High IR→ High AR
  Again, the auditors will assess the level of risk. The involvement of a recently retired
Chartered Certified Accountant in the preparation of the accounts in the past may lower
auditor’s assessment inherent risk to an extent→ Low IR→ Low AR
 Conclusion: High IR→ High AR
2) Control risk
 Most small charities have a high level of control risk because formal internal controls are
expensive and are not often in place. This means that donations are susceptible to
misappropriation. Charities rely on the trustworthiness of volunteers. The auditors will
assess the level of risk→ High control risk→ High AR
3) Detection risk
 Due to the high IR and CR, DR will be set at low level→ Non-reliance audit strategy→
Materiality level will set at low→ increased volume of detail checking of business
transactions and balances in order to reduce AR to an acceptable level
 Detection risk comprises sampling risk and non-sampling risk. It is possible in this case
that all transactions will be tested and therefore sampling risk (the risk that samples are
unrepresentative of the populations from which they are drawn) is not present
 Non-sampling risk is the risk that auditors will draw incorrect conclusions because for
example, mistakes are made, or errors of judgement are made in interpreting results, or
because the auditors are unfamiliar with the client, as in the case here.
4) Audit risk
 Audit risk is the product of inherent risk, control risk and detection risk and is the risk
that the auditors will issue an inappropriate audit opinion on financial statements. This
risk can be managed by decreasing detection risk by altering the nature, timing and
extent of audit procedures applied. Where inherent risk is high and controls are weak
(as may be the case here) more audit work will be performed in appropriate areas in
order to reduce audit risk to an acceptable level→ Non-reliance audit strategy
 AR= IR x CR x DR