CHAPTER 7: PLANNING THE AUDIT: IDENTIFYING, ASSESSING, AND RESPONDING TO THE RISK OF

MATERIAL MISSTATEMENT

Materiality
- Significance or importance of an item
- Materiality differs from one client to another, that is, what is material for one client may not be
material for another client, and may change for the same client from one period to another.
- Misstatement
o An error, either intentional or unintentional, that exists in a transaction or financial
statement account balance
- Materiality judgments:
1. Are a matter of professional judgment
2. Depend on the needs of a reasonable person relying on the information (e.g. an investor, a
potential investor, or other stakeholders)
3. Involve both quantitative and qualitative considerations
- Auditors make materiality judgments for purposes of:
o Audit planning
o Evidence evaluation after audit procedures are completed
- Materiality judgments provide a basis for:
o Determining the nature and extent of risk assessment procedures
o Identifying and assessing the risks of material misstatement
o Determining the tests of controls and substantive audit procedures to perform

Materiality Levels
1. Overall materiality
o Also known as planning materiality
o Starting point to determining the various levels of materiality
o Used in determining whether the financial statements overall are materially correct
o In planning the audit, auditors consider this in terms of the SMALLEST AGGREGATE LEVEL of
misstatements that could be material to any one of the FS
o Guidance and decision aids to assist auditors in making consistent materiality judgments
o Guidelines usually involve applying a percentage to some benchmark, such as
 Total assets
 Total revenue
 Net income
 FS users of public companies focus on net income
o Typical Materiality Judgments

2. Performance materiality
o Also known as tolerable error
 o Used for determining significant accounts, significant locations, and audit procedures for
those accounts and locations
o Common performance: calculate 75% of planning materiality; percentage typically ranges
from 50% to 75%
o If performance materiality is set too high, the auditor might not perform sufficient
procedures to detect material misstatements in the FS
o If PM is set too low, the auditor might perform more substantive procedures than
necessary
o The amount or amounts set by the auditor at less than materiality for the financial
statements as a whole to reduce to an appropriately low level the probability that the
aggregate of uncorrected and undetected misstatements exceeds materiality for the
financial statements as a whole (aicpa)
o also refers to the amount or amounts set by the auditor at less than the materiality level or
levels for particular classes of transactions, account balances, or disclosures.
3. Posting materiality
o Signifies the misstatements identified throughout the audit that will be considered at the
end of the audit in determining whether the financial statements overall are materially
correct
o Common at 5% of planning materiality; however, this percentage typically ranges from 3%
to 5%.

Considerations When Setting Materiality

● Financial statement items on which users will focus their attention
● Nature of the client and industry
● Size of the client
● Manner in which the client is financed
● Volatility of the benchmark
● Intensity of the level of analyst following

Identifying and Assessing the Risk of Material Misstatement

- Client Business Risks
o Are risks affecting the business operations and potential outcomes of an organization’s
activities.
o Likely have pervasive effects across an organization
o Can potentially affect the risk of material misstatement for many accounts and assertions
(the risk of material misstatement at the FS level)
o When business risk is HIGH, the auditor is concerned that the organization might have
difficulty operating effectively or profitably. The overall economic climate – whether
favorable or unfavorable – can have a tremendous effect on the organization’s ability to
operate effectively and efficiently
● Economic downturns
● Technological change
● Geographic locations of suppliers
o Management is responsible for managing its business risk
o Examples of factors that would lead the auditor to assess client business risk at a higher
level
 ● The company lacks personnel or expertise to deal with the changes in the industry
● New products and service offerings have uncertain likelihood of successful
introduction and acceptance by the market
● The use of information technology is incompatible across systems and processes
● Expansion of the business for which the demand for the company’s products or
services has not been accurately estimated
● A new business strategy is incompletely or improperly implemented
● Financing is lost due to the company’s inability to meet financing requirements
● Competence and integrity of financial and accounting management
● Potential incentives to misstate the financial statements
o Risks represents issues that could threaten the financial viability and financial reporting
accuracy of the organization

Risk Assessment Procedures for Assessing Client Business Risks

● Management inquiries
 Auditor should interview management to identify its strategic plans, its analysis of industry
trends, the potential impact of actions it has taken or might take, and its management style
● Review of client’s budget
 Management’s fiscal plan for the forth-coming year, provides insight into management’s
approach to operations and to risks the organization might face
 Auditor looks for significant changes in plans and deviations from budgets
● Tour of client’s plant and operations
 Offers much insight into potential audit issues
 Auditor can visualize cost centers, as well as shipping and receiving procedures, inventory
controls, potentially obsolete inventory, and possible inefficiencies
 Increases the auditor’s awareness of company procedures and operations, providing direct
experience into sites and situations that are otherwise encountered only in company
documents or observations of client personnel
● Review relevant government regulations and client’s legal obligations
 Only a few industries are unaffected by governmental regulations, and much of that
regulation affects the audit
● Knowledge management systems
 Audit firm have developed these systems around industries, clients, and best practices
 These systems also capture information about relevant accounting or regulatory
requirements for the companies and can be used to develop risk alerts for the companies
● Online searches
 Internet search companies are an excellent source of information about companies
● Review of SEC filings
 Through EDGAR system
 Filings include company annual and quarterly reports, proxy information, and registration
statements for new security issues
 These filings contain substantial information about the company and its affiliates, officers,
and directors
 Auditor can use this information to obtain an understanding of management’s
compensation arrangements that may provide important information about management’s
incentives and bonus arrangements
  Auditor should monitor trading activity of the company’s securities, along with relevant
holdings of top-level management and/or board members
● Company websites
 Contain information that is useful in understanding its products and strategies
● Economic statistics
 Compare the results of a client with regional economic data
● Professional practice bulletins
● Stock analysts’ reports
 Brokerage firms invest significant resources in conducting research about companies, their
strategies, competitors, quality of management, and likelihood of success
 Contain wealth of useful information about a client
● Company earnings calls
 Auditor can observe or read the transcripts of management’s earnings calls in order to
understand the most up-to-date issues that the company is facing, along with
management’s publicly disclosed plans

The Audit Risk Model

● Risks included in Audit Risk Model
● Inherent risk – the susceptibility of an assertion about a class of transaction, account
balance, or disclosure to a misstatement that could be material, either individually or when
aggregated with other misstatements, before consideration of any related controls
● Control risk –risk that a misstatement could occur in assertion about a class of a
transaction, account balance, or disclosure and that could be material, either individually or
when aggregated with other misstatements, will not be prevented, detected or corrected
on a timely basis by the entity’s internal control.
● Audit risk – risk that the auditor expresses an inappropriate audit opinion when the FS are
material misstated
● Detection risk – the risk that the procedures performed by the auditor to reduce the audit
risk to an acceptably low level will not detect a misstatement that exists and that could be
material, either individually or when aggregated with other misstatements
● Audit Risk = Inherent Risk × Control Risk × Detection Risk

This model provides

a conceptual way to
consider risks
relevant to the
audit.

1. Auditor
begins by
setting the
appropriate
level of
acceptable
 audit risk, which the auditor bases on the firm’s potential exposure or risk of being associated with
a client.

2. The auditor assesses the risk of material misstatement, which represents the client’s inherent and
control risks. AS 1101 recognizes that risk of material misstatement at the FS level related
pervasively to the FS as a whole and potentially affects multiple assertions across multiple accounts.
Auditors will then assess the risk of material misstatement at the assertion level for significant
accounts. Risk of material misstatement originate with the client and are controllable by the client,
and relate to characteristics of the client
3. Detection risk is under the control of the auditor, and the audit evidence that the auditor obtains
depends on the level of detection risk. It relates to the substantive audit procedures that will
achieve the best desired overall audit risk.

- When risk of material misstatement is higher, detection risk is lower, in order to reduce audit risk to
an acceptable level. Through selection of substantive audit procedures (lowering detection risk).
- When the risk of material misstatement is lower, the auditor can accept a higher detection risk and
still achieve an acceptable level of audit risk.

Assessing Inherent Risk at Assertion/Account Level

● Level of inherent risk for an assertion is dependent on the account associated with the assertion.
● The following factors should lead an auditor to assess assertion level inherent risk higher:
● The account balance represents an asset that is relatively easily stolen, such as cash
● The account balance is made up of complex transactions
● The account balance requires a high level of judgment or estimation to value
● The account balance is subject to adjustments that are not in the ordinary processing
routine, such as year-end adjustments
● The account balance is composed of a high volume of nonroutine

Assessing Control Risk at Assertion/Account Level

● When control risk is high, the auditor is concerned that a material misstatement may not be
prevented or that if a material misstatement may not be prevented or that if a material
misstatement exists in the organization’s FS that it will not be detected or corrected by the
management.
● The following factors can lead auditors to assess control risk at a higher level:
o Poor controls in specific countries or locations
o Difficulty gaining access to the organization or determining the individuals who own and/or
control the organization
o Little interaction between senior management and operating staff
o Lack of supervision of accounting personnel
● Risk Assessment Procedures for Assessing Control Risk
o Interview relevant parties to develop an understanding of the processes used by the BOD
and management to evaluate and manage risks
o Review the risk-based approach used by the internal audit function with the director of the
internal audit function and with the audit committee
 o Interview management about its risk approach, risk preferences, risk appetite, and the
relationship of risk analysis to strategic planning
o Review outside regulatory reports
o Review company policies and procedures for addressing risk
o Gain a knowledge of company compensation schemes
o Review prior years’ work to determine if current actions are consistent with risk
approaches discussed with management
o Review risk management documents
o Determine how management and the board monitor risk; identify changes in risk; and react
to mitigate, manage, or control the risk
● At transaction level
o Review relevant documentation prepared by management and interview appropriate
individuals with knowledge about these controls
o Walkthroughs

Assessing Fraud Risk

● Brainstorming
● Assess the client risks relevant to the possible existence of fraud and should identify where
fraud might likely to occur
● Occur predominantly during the planning phase of the audit
● Audit partner/manager will lead
● Consider professional skepticism, both in general throughout the engagement and with
respect to specific accounts with a higher risk of fraud
● Are a way to transfer knowledge from top-level auditors to less senior members of the
audit team via interactive and constructive group dialogue and idea exchange
o Suspension of criticism
 Participants are to refrain from criticizing or making value judgments during
the session
o Freedom of expression
 Encouraged to overcome their inhibitions about expressing creative ideas,
and the audit team should note and accept every idea as possibility
o Quantity of idea generation
 Participants are encouraged to provide more ideas rather than fewer, with
the intent to generate a variety of possible risk assessment scenarios that
the team can explore during the conduct of the audit
o Respectful communication
 Participants are encouraged to exchange ideas, further develop those ideas
during the session, and to respect the opinions of others
● Steps in brainstorming sessions
1. Review prior year client information
2. Consider client information, particularly with respect to the fraud triangle
3. Integrate information from Steps 1 and 2 into an assessment of the likelihood of fraud in
the engagement
4. Identify audit responses to fraud risks
Using Planning Analytical Procedures to Assess the Risk of Material Misstatement

1. Determine the suitability of a particular analytical procedure for given account(s)/assertion(s),

considering the risks of material misstatement.
2. Evaluate the reliability of data that the auditor is using to develop an expectation of account
balances or ratios.
3. Develop an expectation of recorded account balances or ratios, and evaluate whether that
expectation is precise enough to accomplish the relevant objective.
4. Define when the difference between the auditor’s expectation and what the client has
recorded would be considered significant.
5. Compare the client’s recorded amounts with the auditor’s expectation to determine any
significant unexpected differences.
6. Investigate significant unexpected differences. Recall that for planning analytical procedures,
significant unexpected differences suggest that substantive procedures for the
account/assertion will be increased.
7. Ensure that the following have been appropriately documented:
a. Auditor’s expectation from step 3, including the factors that the auditor considered in
developing the expectation
b. The results in step 4
c. The audit procedures conducted relating to steps 5 and 6

Types of Analytical Procedures

● Trend analysis
o Includes simple year-to-year comparisons of account balances, graphic presentations,
analysis of financial data, histogram of ratios, and projections of ratios of account balances
based on the history of changes in the account.
o Auditor should develop expectations and to establish decision rules, or thresholds, in
advance, in order to identify unexpected results for additional investigation.
● Ratio analysis
o Takes advantage of economic relationships between two or more accounts
o Widely used because of its power to identify unusual or unexpected changes in
relationships
o Useful in identifying significant differences between the client results and a norm or
between auditor expectations and actual results
o Useful in identifying potential audit problems when ratios change between years
● Auditor imports the client’s unaudited data into a spreadsheet or software program to calculate
trends and ratios and help pinpoint areas for further investigation
 - Some ratios are industry specific ( banking industry)
- Auditors perform ratio and trend analysis through a comparison of client data with expectations:
o Based on industry data
o Based on similar prior-period data
o Developed from industry trends, client budgets, other account balances, or other bases of
expectations

Determining Evidence Needed in the Audit

- Inherent and control risk (high or low level)

- Combining the two (high, moderate, or low level)
- Detection risk
o High level – audit firm is willing to take a higher risk of not detecting a material
misstatement through its substantive procedures. Auditor is able to obtain less, and/or less
appropriate, evidence from substantive procedures
o Low level – audit firm is not willing to take a higher risk of not detecting a material
misstatement through its substantive procedures. In that case, auditor needs to obtain
more, and/or more appropriate evidence from substantive procedures
When considering responses to the assessed risk of material misstatement, the auditor should:

1. Evaluate the reasons for the assessed risk of material misstatement

2. Estimate the likelihood of material misstatement due to the inherent risks of the client
3. Consider the role of internal controls, and determine whether control risk is relatively high or
low, thereby determining whether the auditor should rely on controls (thereby necessitating
tests of controls) or whether the auditor needs to conduct substantive audit
4. Obtain more evidence and evidence that is of a higher level or rigor and relevance as the
auditor’s assessment of the risk of material misstatement increase

Nature, Timing, and Extent of Risk Responses

● Nature of risk response
o Includes the types of audit procedures the auditor will perform, with a focus on the
appropriateness (relevance and reliability) of those procedures
o E.g. certain audit procedures may be more appropriate for some assertions than other
assertions
o Could occur at the engagement level such as assembling an audit team with more
experienced auditors and auditors with specialized skills or including on the audit tem
outside specialists to address assessed risks
 Putting on professional skepticism
 Incorporating elements of unpredictability in the section of audit procedures
 perform some audit procedures on accounts, disclosures, and assertions
that would otherwise not receive audit attention because they are
considered low risk
 select items for testing that are outside the normal boundaries for testing
 perform audit procedures on a surprise or unannounced basis
 vary the locations or procedures year to year for multi-location audits
● Timing of risk response
o When the auditor conducts the audit procedures and whether the auditor conducts those
procedures at announced or predictable times
o Risk of material misstatement is HIGH – perform procedures to year-end and/or on an
unannounced basis
o At or after period end
 Compare the FS to the accounting records
 Evaluate adjusting journal entries made by management in preparing the FS
 Conduct procedures to respond the risks that management may have engaged in
improper transaction at period end
● Extent of risk response
o Refers to the sufficiency of evidence that is necessary given the risk of material
misstatement and the level of acceptable audit risk
o When risk of material misstatement is HIGH – auditor increases the extent of audit
procedures and obtains more evidence