Chapter 4

Risk Assessment

© McGraw-Hill Education 2014

 Audit Risk

The
The risk
risk that
that an
an auditor
auditor expresses
expresses
an
an inappropriate
inappropriate audit
audit opinion
opinion when
when
the
the financial
financial statements
statements are
are
materially
materially misstated.
misstated.

Assertion
level

© McGraw-Hill Education 2014

The Audit Risk Model

Inherent risk and control risk:

Risk of material misstatement

Audit Risk = IR × CR × DR

Non-sampling Sampling
risk risk
© McGraw-Hill Education 2014
Auditor’s Business Risk

Litigation

An auditor’s exposure
to financial loss and
damage to
professional reputation.

© McGraw-Hill Education 2014

Use of the Audit Risk Model

 Set
 Set aa planned
planned level
level of
of audit
audit risk
risk such
such that
that an
an opinion
opinion
can
can bebe issued
issued onon the
the financial
financial statements.
statements.
 Assess
 Assess thethe risk
risk of
of material
material misstatement.
misstatement.
 Use
 Use the
the audit
audit risk
risk equation
equation to
to solve
solve for
for the
the appropriate
appropriate
level
level of
of detection
detection risk:
risk:

AR = RMM× DR
AR
DR = RMM

Auditors use this level of detection risk to design audit

procedures that will reduce audit risk to an acceptable low level.
© McGraw-Hill Education 2014
Use of the Audit Risk Model

 Set
 Set aa planned
planned level
level ofof audit
audit risk
risk such
such that
that an
an opinion
opinion
can
can bebe issued
issued on
on the
the financial
financial statements.
statements.
 Assess
 Assess inherent
inherent risk
risk and
and control
control risk.
risk.
 Use
 Use the
the audit
audit risk
risk equation
equation to
to solve
solve for
for the
the appropriate
appropriate
level
level of
of detection
detection risk:
risk:

AR = IR × CR × DR
AR
DR = IR × CR

Auditors use this level of detection risk to design audit

procedures that will reduce audit risk to an acceptable low level.
© McGraw-Hill Education 2014
Relationship of the Entity’s Business
Risks to the Audit Risk Model
Figure 4–1 The Relationship of the Entity’s
Business Risks to the Audit Risk Model

© McGraw-Hill Education 2014

Use of the Audit Risk Model

Qualitative
Qualitative terms
terms may
may also
also be
be used
used in
in the
the audit
audit risk
risk model.
model.

Example
Example AR
AR RMM
RMM DR
DR
11 Very
Very low
low High
High Low
Low
22 Low
Low Moderate
Moderate Moderate
Moderate
33 Low
Low Low
Low High
High

© McGraw-Hill Education 2014

Limitations of the Audit Risk
Model
The
Theaudit
auditrisk
riskmodel
modelserves
servesas
asananimportant
importanttool
toolthat
that
auditors
auditorscan
canuseusefor
forplanning
planningand
andevaluating
evaluatingan
anaudit,
audit,but
but
itithas
haslimitations
limitationswhen
whenused
usedto
torevise
revisean
anaudit
auditplan
planor
orto
to
evaluate
evaluateaudit
auditresults.
results.

There
Thereisisno
noway
wayofofknowing
knowingwhat
whatthe
thepreliminary
preliminarylevel
levelof
of
risk
riskof
ofmaterial
materialmisstatement
misstatementactually
actuallywas.
was.Thus,
Thus,the
the
desired
desiredlevel
levelof
ofaudit
auditrisk
riskmay
maynot
notactually
actuallybe
beachieved.
achieved.

Preliminary Actual
Assessment +/– or Achieved
Level of Risk Level of Risk

© McGraw-Hill Education 2014

 The Auditor’s Risk
Assessment Process

Auditors need to
identify business risks and
understand the potential
misstatements that
may result.
Business risks
are risks that result from
significant conditions, events,
circumstances or actions that
impair management’s ability
to execute strategies.

© McGraw-Hill Education 2014

 The Auditor’s Risk
Assessment Process
Figure 4–2 An Overview of
the Auditor’s Assessment
of Business Risks and the
Risk of Material
Misstatements

© McGraw-Hill Education 2014

Auditor’s Risk Assessment Procedures
(How do we gather this evidence?)

Inquiries of Management,
Other Entity Personnel and
Others Outside the Entity

Analytical Observation
Procedures and Inspection

© McGraw-Hill Education 2014

 Understanding the Entity
and Its Environment

Industry, Regulatory
Nature of and External
the Entity Factors

Objectives, Strategies Entity Performance

and Business Risks Measures

Internal
Control
© McGraw-Hill Education 2014
 Nature of the Entity

• The entity’s organizational structure and management

personnel.
• The sources of funding of the entity’s operations and
investment activities, including the entity’s capital
structure, non-capital funding, and other debt
instruments.
• The entity’s investments.
• The entity’s operating characteristics, including its size
and complexity.
• The sources of the entity’s earnings, including the
relative profitability of key products and services.
• Key supplier and customer relationships.
• Financial reporting and accounting policies, including
revenue recognition practices and accounting for fair
values.
© McGraw-Hill Education 2014
Industry, Regulatory and Other
External Factors
Table 4–1 Industry, Regulatory and Other External Factors

© McGraw-Hill Education 2014

Assessing the Risk of Material
Misstatement
Examples
Examples of
of misstatements
misstatements include:
include:
•• An
Aninaccuracy
inaccuracyin ingathering
gatheringororprocessing
processingdata
datafrom
from
which
whichthethefinancial
financialstatements
statementsare
areprepared.
prepared.
•• AAdifference
differencebetween
betweenthe theamount
amountof ofaareported
reported
financial
financialstatement
statementaccount
accountand
andthe
theamount
amountthat thatwould
would
have
havebeen
beenreported
reportedunder
underthe
theapplicable
applicablefinancial
financial
reporting
reportingframework.
framework.
•• The
Theomission
omissionof ofaafinancial
financialstatement
statementelement,
element,account
account
or
oritem.
item.
•• An
Anincorrect
incorrectaccounting
accountingestimate
estimatearising
arisingfrom
from
overlooking
overlookingor orclear
clearmisinterpretation
misinterpretationof offacts.
facts.

© McGraw-Hill Education 2014

Assessing the Risk of Material Misstatement

Errors
Errors are
are unintentional
unintentional misstatements
misstatements of of amounts
amounts
or
or disclosures
disclosures in in the
the financial
financial statements.
statements.
Fraud
Fraud refers
refers to
to an
an intentional
intentional actact by
by one
one or
or more
more
among
among management,
management, those those charged
charged with
with
governance,
governance, employees,
employees, or or third
third parties,
parties,
involving
involving the
the use
use of of deception
deception thatthat results
results in
in aa
misstatement
misstatement in in the
the financial
financial statements.
statements.

© McGraw-Hill Education 2014

 Fraud

Fraud
Fraud involves
involves
intentional
intentional misstatements.
misstatements.

Fraudulent
Fraudulent Misappropriation
Misappropriation
financial
financialreporting
reporting of
ofassets
assets

© McGraw-Hill Education 2014

 Fraudulent Financial
Reporting

Fraudulent
Fraudulentfinancial
financialreporting
reportingincludes
includesacts
actssuch
suchas:
as:
 Manipulation,
Manipulation,falsification
falsificationor
oralteration
alterationof
of
accounting
accountingrecords
recordsororsupporting
supportingdocuments
documentsfrom
from
which
whichfinancial
financialstatements
statementsare areprepared.
prepared.
 Misrepresentation
Misrepresentationin, in,or
orintentional
intentionalomission
omissionfrom,
from,
the
thefinancial
financialstatements
statementsof ofevents,
events,transactions,
transactions,or
or
significant
significantinformation.
information.
 Intentional
Intentionalmisapplication
misapplicationof ofaccounting
accountingpolicies
policies
relating
relatingtotoamount,
amount,classification,
classification,manner
mannerof of
presentation,
presentation,or ordisclosure.
disclosure.

© McGraw-Hill Education 2014

Misappropriation of Assets

Misappropriation
Misappropriation of of assets
assets involves
involves the
the
theft
theft of
of an
an entity’s
entity’s assets
assets to
to the
the extent
extent
that
that financial
financial statements
statements areare misstated.
misstated.
Examples
Examples include:
include:

Embezzling
cash received Stealing
assets and
intellectual property Paying for
goods and services
not received

© McGraw-Hill Education 2014

 Assessing the Risk of
Material Misstatement
• Factual misstatements are known misstatements about which
there is no doubt, i.e. the auditor knows the exact amount of the
misstatement.
• Judgemental misstatements are differences arising from the
judgements of management concerning accounting estimates that
the auditor considers unreasonable, or the selection or
application of accounting policies that the auditor considers
inappropriate.
• Projected misstatements are the auditor’s best estimate of
misstatements in populations, involving the projection of
misstatements identified in audit samples to the entire
populations from which the samples were drawn.
© McGraw-Hill Education 2014
 Fraud Risk
Assessment Process
Fraud involves intentional misstatements.
The fraud risk identification process includes:

Discussion
Discussion Inquiries
Inquiries of
of
among
among management
management
the
the audit
audit team
team Sources and
and others
others
of information
about possible
fraud
Investigation
Investigation Considering
Considering the
the
of
of unexpected
unexpected results
results of
of
period-end
period-end analytical
analytical
adjustments
adjustments procedures
procedures
© McGraw-Hill Education 2014
Conditions Indicative of Fraud
and Fraud Risk Factors

Three
Threeconditions
conditionsare
are
generally
generallypresent
present when
when fraud
fraudoccurs.
occurs.

Incentive
Incentive or
or Opportunity
Opportunity Attitude
Attitudeor or
pressure
pressureto to to
tocarry
carryout
out rationalization
rationalization
commit
commit fraud
fraud the
thefraud
fraud to
tojustify
justifyfraud
fraud

© McGraw-Hill Education 2014

 Risk Factors Relating to
Incentive/Pressure (See Table 4-2)

Fraudulent Financial Reporting

Risk Factors Relating to Incentive/Pressure include:

Excessive
Excessive pressure
pressure
for
for management
management to to
meet
meet third
third party
party
expectations
expectations

Management’s
Management’s personal
personal
Financial
Financial stability
stability financial
financial situation
situation
or
or profitability
profitability is
is threatened
threatened
is
is threatened
threatened
© McGraw-Hill Education 2014
Risk Factors Relating to Opportunities
(See Table 4-3)

Fraudulent Financial Reporting

Risk Factors Relating to Opportunities include:

Nature
Nature of
of the
the Complex
Complex oror
industry
industry or
or entity’s
entity’s unstable
unstable organizational
organizational
operations
operations structure
structure

Ineffective
Ineffective Deficient
Deficient
monitoring
monitoring ofof internal
internal
management
management control
control
© McGraw-Hill Education 2014
 Risk Factors Relating to
Attitudes/Rationalizations
(See Table 4-4)

Fraudulent Financial Reporting

Risk Factors Relating to Attitudes/Rationalizations include:

Non-financial
Non-financial management’s
management’s
Ineffective
Ineffective communication
communication of of excessive
excessive participation
participation in
in selection
selection
ethical
ethical standards
standards or
or selection
selection of
of accounting
accounting principles
principles
of
of inappropriate
inappropriate ethical
ethical standards
standards and
and estimates
estimates

History
History of
of violations
violations ofof Excessive
Excessive interest
interest by
by
securities
securities laws
laws oror management
management in in stock
stock
allegations
allegations ofof fraud
fraud prices
prices and
and earning
earning trends
trends

Committing
Committing to to Recurring
Recurring attempts
attempts to
to justify
justify
aggressive
aggressive or or marginal
marginal or
or inappropriate
inappropriate
unrealistic
unrealistic forecasts
forecasts accounting
accounting based
based onon materiality
materiality
© McGraw-Hill Education 2014
 Misappropriation of Assets
Table 4–5 Risk Factors Relating to the Misappropriation of Assets

© McGraw-Hill Education 2014

Auditor’s Response to the Results
of the Risk Assessments
Figure 4–3 The Process of
Assessing the Risk of
Material Misstatement to
the Design and
Performance of Audit
Procedures

© McGraw-Hill Education 2014

Auditor’s Response to the Results
of the Risk Assessments

To
To respond
respond appropriately
appropriately to
to financial
financial statement
statement
level
level risks,
risks, the
the auditor
auditor may
may dodo the
the following:
following:
 Emphasize
Emphasizeto tothe
theaudit
audit team
team the
theneed
needto
tomaintain
maintain
professional
professionalscepticism.
scepticism.
 Assign more experienced staff or those with
Assign more experienced staff or those with
specialized
specializedskills.
skills.
 Provide more supervision.
Provide more supervision.
 Incorporate additional elements of unpredictability in
Incorporate additional elements of unpredictability in
the
theselection
selectionof
ofaudit
audit procedures.
procedures.

© McGraw-Hill Education 2014

Auditor’s Response to the Results
of the Risk Assessments

Significant risks require special audit considerations.

Non-routine or Significant
Fraud risk
unsystematically accounting
factors
processed transactions estimates

Highly Significant
complex transactions
transactions with related
parties

Application of Revenue Industry

new accounting recognition specific issues
standards
© McGraw-Hill Education 2014
Evaluation of
Audit Test Results

At
At the
the completion
completion of
of the
the audit,
audit, the
the auditor
auditor should
should consider:
consider:
1.
1. Whether
Whether the
the total
total misstatements
misstatements cause
cause the
the financial
financial statements
statements to
to be
be
materially
materially misstated.
misstated.
THEN
THEN … …

IfIf the
the financial
financial statements
statements are
are materially
materially misstated,
misstated, the
the auditor
auditor should:
should:
1.
1. Request
Request management
management to to eliminate
eliminate the
the material
material misstatement,
misstatement, or or
2.
2. IfIf management
management does does not
not make
make needed
needed adjustments,
adjustments, the
the auditor
auditor should
should issue
issue aa
qualified
qualified or or adverse
adverse opinion.
opinion.

© McGraw-Hill Education 2014

Evaluation of
Audit Test Results
IfIf the
the auditor
auditor determines
determines that
that the
the misstatement
misstatement is
is or
or
may
may be be the
the result
result of
of fraud,
fraud, and
and has
has determined
determined that
that the
the
effect
effect could
could be
be material,
material, the
the auditor
auditor should:
should:
 Attempt
Attempt to to obtain
obtain audit
audit evidence
evidence toto determine
determine whether,
whether,
in
in fact,
fact, material
material fraud
fraud has
has occurred
occurred and,
and, ifif so,
so, its
its effect.
effect.
 Consider
Consider the the implications
implications for for other
other aspects
aspects of of the
the audit.
audit.
 Discuss
Discuss the the matter
matter and and the
the approach
approach to to further
further
investigation
investigation withwith an an appropriate
appropriate level
level ofof management
management
that
that is
is at
at least
least one
one level
level above
above those
those involved
involved in in
committing
committing the the fraud
fraud and
and with
with senior
senior management.
management.
 Suggest
Suggest that that the
the entity
entity consult
consult with
with legal
legal counsel.
counsel.
 Consider
Consider withdrawing
withdrawing from from the
the engagement.
engagement.
© McGraw-Hill Education 2014
Documentation of the Auditor’s
Risk Assessment and Response
The
The auditor
auditor should
should document:
document:
 Discussions
 Discussions among
among engagement
engagement personnel.
personnel.
 Procedures
 Procedures performed
performed to
to identify
identify and
and assess
assess the
the
risks
risks of
of material
material misstatement
misstatement due
due to
to error
error or
or fraud.
fraud.

 Fraud
 Fraud risks
risks or
or other
other conditions
conditions that
that result
result in
in
additional
additional audit
audit procedures.
procedures.
 The
 The nature,
nature, timing
timing and
and extent
extent ofof procedures
procedures
performed
performed in in response
response to
to fraud
fraud risks
risks identified
identified and
and
the
the results
results of
of that
that work
work
 The
 The nature
nature of
of the
the communications
communications aboutabout fraud
fraud
made
made toto management,
management, thosethose charged
charged withwith
governance
governance and and others.
others.
© McGraw-Hill Education 2014
Communications about Fraud
Whenever
Whenever the the auditor
auditor has
has found
found evidence
evidence thatthat aa
fraud
fraud may
may exist,
exist, that
that matter
matter should
should be be brought
brought to to the
the
attention
attention of
of an
an appropriate
appropriate level
level of
of management.
management.
Fraud
Fraud involving
involving senior
senior management
management and and fraud
fraud that
that
causes
causes aa material
material misstatement
misstatement of of the
the financial
financial
statement
statement should
should be be reported
reported directly
directly to
to those
those
charged
charged with
with governance.
governance.

The
The auditor
auditor should
should reach
reach an
an understanding
understanding with
with
those
those charged
charged with
with governance
governance regarding
regarding the
the
expected
expected nature
nature and
and extent
extent of
of communications
communications about
about
misappropriations
misappropriations perpetrated
perpetrated by
by lower-level
lower-level
employees.
employees.
© McGraw-Hill Education 2014
Communications about Fraud
The
The disclosure
disclosure of of fraud
fraud to
to parties
parties other
other than
than the
the entity’s
entity’s
senior
senior management
management and and those
those charged
charged withwith
governance
governance ordinarily
ordinarily isis not
not part
part of
of the
the auditor’s
auditor’s
responsibility
responsibility and
and ordinarily
ordinarily would
would bebe precluded
precluded by by the
the
auditor’s
auditor’s ethical
ethical and
and legal
legal obligations
obligations ofof confidentiality.
confidentiality.

IESBA
IESBA Code
Code ofof Ethics
Ethics for
for Professional
Professional Accountants
Accountants
provides
provides guidance
guidance onon circumstances
circumstances where
where auditors
auditors
should
should disclose
disclose confidential
confidential information
information or
or when
when such
such
disclosure
disclosure may
may bebe appropriate.
appropriate.

© McGraw-Hill Education 2014