Professional Documents
Culture Documents
Chapter 04 International Aasmund Eilifsen
Chapter 04 International Aasmund Eilifsen
Risk Assessment
The
The risk
risk that
that an
an auditor
auditor expresses
expresses
an
an inappropriate
inappropriate audit
audit opinion
opinion when
when
the
the financial
financial statements
statements are
are
materially
materially misstated.
misstated.
Assertion
level
Audit Risk = IR × CR × DR
Non-sampling Sampling
risk risk
© McGraw-Hill Education 2014
Auditor’s Business Risk
Litigation
An auditor’s exposure
to financial loss and
damage to
professional reputation.
Set
Set aa planned
planned level
level of
of audit
audit risk
risk such
such that
that an
an opinion
opinion
can
can bebe issued
issued onon the
the financial
financial statements.
statements.
Assess
Assess thethe risk
risk of
of material
material misstatement.
misstatement.
Use
Use the
the audit
audit risk
risk equation
equation to
to solve
solve for
for the
the appropriate
appropriate
level
level of
of detection
detection risk:
risk:
AR = RMM× DR
AR
DR = RMM
Set
Set aa planned
planned level
level ofof audit
audit risk
risk such
such that
that an
an opinion
opinion
can
can bebe issued
issued on
on the
the financial
financial statements.
statements.
Assess
Assess inherent
inherent risk
risk and
and control
control risk.
risk.
Use
Use the
the audit
audit risk
risk equation
equation to
to solve
solve for
for the
the appropriate
appropriate
level
level of
of detection
detection risk:
risk:
AR = IR × CR × DR
AR
DR = IR × CR
Qualitative
Qualitative terms
terms may
may also
also be
be used
used in
in the
the audit
audit risk
risk model.
model.
Example
Example AR
AR RMM
RMM DR
DR
11 Very
Very low
low High
High Low
Low
22 Low
Low Moderate
Moderate Moderate
Moderate
33 Low
Low Low
Low High
High
There
Thereisisno
noway
wayofofknowing
knowingwhat
whatthe
thepreliminary
preliminarylevel
levelof
of
risk
riskof
ofmaterial
materialmisstatement
misstatementactually
actuallywas.
was.Thus,
Thus,the
the
desired
desiredlevel
levelof
ofaudit
auditrisk
riskmay
maynot
notactually
actuallybe
beachieved.
achieved.
Preliminary Actual
Assessment +/– or Achieved
Level of Risk Level of Risk
Auditors need to
identify business risks and
understand the potential
misstatements that
may result.
Business risks
are risks that result from
significant conditions, events,
circumstances or actions that
impair management’s ability
to execute strategies.
Inquiries of Management,
Other Entity Personnel and
Others Outside the Entity
Analytical Observation
Procedures and Inspection
Industry, Regulatory
Nature of and External
the Entity Factors
Internal
Control
© McGraw-Hill Education 2014
Nature of the Entity
Errors
Errors are
are unintentional
unintentional misstatements
misstatements of of amounts
amounts
or
or disclosures
disclosures in in the
the financial
financial statements.
statements.
Fraud
Fraud refers
refers to
to an
an intentional
intentional actact by
by one
one or
or more
more
among
among management,
management, those those charged
charged with
with
governance,
governance, employees,
employees, or or third
third parties,
parties,
involving
involving the
the use
use of of deception
deception thatthat results
results in
in aa
misstatement
misstatement in in the
the financial
financial statements.
statements.
Fraud
Fraud involves
involves
intentional
intentional misstatements.
misstatements.
Fraudulent
Fraudulent Misappropriation
Misappropriation
financial
financialreporting
reporting of
ofassets
assets
Fraudulent
Fraudulentfinancial
financialreporting
reportingincludes
includesacts
actssuch
suchas:
as:
Manipulation,
Manipulation,falsification
falsificationor
oralteration
alterationof
of
accounting
accountingrecords
recordsororsupporting
supportingdocuments
documentsfrom
from
which
whichfinancial
financialstatements
statementsare areprepared.
prepared.
Misrepresentation
Misrepresentationin, in,or
orintentional
intentionalomission
omissionfrom,
from,
the
thefinancial
financialstatements
statementsof ofevents,
events,transactions,
transactions,or
or
significant
significantinformation.
information.
Intentional
Intentionalmisapplication
misapplicationof ofaccounting
accountingpolicies
policies
relating
relatingtotoamount,
amount,classification,
classification,manner
mannerof of
presentation,
presentation,or ordisclosure.
disclosure.
Misappropriation
Misappropriation of of assets
assets involves
involves the
the
theft
theft of
of an
an entity’s
entity’s assets
assets to
to the
the extent
extent
that
that financial
financial statements
statements areare misstated.
misstated.
Examples
Examples include:
include:
Embezzling
cash received Stealing
assets and
intellectual property Paying for
goods and services
not received
Discussion
Discussion Inquiries
Inquiries of
of
among
among management
management
the
the audit
audit team
team Sources and
and others
others
of information
about possible
fraud
Investigation
Investigation Considering
Considering the
the
of
of unexpected
unexpected results
results of
of
period-end
period-end analytical
analytical
adjustments
adjustments procedures
procedures
© McGraw-Hill Education 2014
Conditions Indicative of Fraud
and Fraud Risk Factors
Three
Threeconditions
conditionsare
are
generally
generallypresent
present when
when fraud
fraudoccurs.
occurs.
Incentive
Incentive or
or Opportunity
Opportunity Attitude
Attitudeor or
pressure
pressureto to to
tocarry
carryout
out rationalization
rationalization
commit
commit fraud
fraud the
thefraud
fraud to
tojustify
justifyfraud
fraud
Excessive
Excessive pressure
pressure
for
for management
management to to
meet
meet third
third party
party
expectations
expectations
Management’s
Management’s personal
personal
Financial
Financial stability
stability financial
financial situation
situation
or
or profitability
profitability is
is threatened
threatened
is
is threatened
threatened
© McGraw-Hill Education 2014
Risk Factors Relating to Opportunities
(See Table 4-3)
Nature
Nature of
of the
the Complex
Complex oror
industry
industry or
or entity’s
entity’s unstable
unstable organizational
organizational
operations
operations structure
structure
Ineffective
Ineffective Deficient
Deficient
monitoring
monitoring ofof internal
internal
management
management control
control
© McGraw-Hill Education 2014
Risk Factors Relating to
Attitudes/Rationalizations
(See Table 4-4)
Non-financial
Non-financial management’s
management’s
Ineffective
Ineffective communication
communication of of excessive
excessive participation
participation in
in selection
selection
ethical
ethical standards
standards or
or selection
selection of
of accounting
accounting principles
principles
of
of inappropriate
inappropriate ethical
ethical standards
standards and
and estimates
estimates
History
History of
of violations
violations ofof Excessive
Excessive interest
interest by
by
securities
securities laws
laws oror management
management in in stock
stock
allegations
allegations ofof fraud
fraud prices
prices and
and earning
earning trends
trends
Committing
Committing to to Recurring
Recurring attempts
attempts to
to justify
justify
aggressive
aggressive or or marginal
marginal or
or inappropriate
inappropriate
unrealistic
unrealistic forecasts
forecasts accounting
accounting based
based onon materiality
materiality
© McGraw-Hill Education 2014
Misappropriation of Assets
Table 4–5 Risk Factors Relating to the Misappropriation of Assets
To
To respond
respond appropriately
appropriately to
to financial
financial statement
statement
level
level risks,
risks, the
the auditor
auditor may
may dodo the
the following:
following:
Emphasize
Emphasizeto tothe
theaudit
audit team
team the
theneed
needto
tomaintain
maintain
professional
professionalscepticism.
scepticism.
Assign more experienced staff or those with
Assign more experienced staff or those with
specialized
specializedskills.
skills.
Provide more supervision.
Provide more supervision.
Incorporate additional elements of unpredictability in
Incorporate additional elements of unpredictability in
the
theselection
selectionof
ofaudit
audit procedures.
procedures.
Non-routine or Significant
Fraud risk
unsystematically accounting
factors
processed transactions estimates
Highly Significant
complex transactions
transactions with related
parties
At
At the
the completion
completion of
of the
the audit,
audit, the
the auditor
auditor should
should consider:
consider:
1.
1. Whether
Whether the
the total
total misstatements
misstatements cause
cause the
the financial
financial statements
statements to
to be
be
materially
materially misstated.
misstated.
THEN
THEN … …
IfIf the
the financial
financial statements
statements are
are materially
materially misstated,
misstated, the
the auditor
auditor should:
should:
1.
1. Request
Request management
management to to eliminate
eliminate the
the material
material misstatement,
misstatement, or or
2.
2. IfIf management
management does does not
not make
make needed
needed adjustments,
adjustments, the
the auditor
auditor should
should issue
issue aa
qualified
qualified or or adverse
adverse opinion.
opinion.
Fraud
Fraud risks
risks or
or other
other conditions
conditions that
that result
result in
in
additional
additional audit
audit procedures.
procedures.
The
The nature,
nature, timing
timing and
and extent
extent ofof procedures
procedures
performed
performed in in response
response to
to fraud
fraud risks
risks identified
identified and
and
the
the results
results of
of that
that work
work
The
The nature
nature of
of the
the communications
communications aboutabout fraud
fraud
made
made toto management,
management, thosethose charged
charged withwith
governance
governance and and others.
others.
© McGraw-Hill Education 2014
Communications about Fraud
Whenever
Whenever the the auditor
auditor has
has found
found evidence
evidence thatthat aa
fraud
fraud may
may exist,
exist, that
that matter
matter should
should be be brought
brought to to the
the
attention
attention of
of an
an appropriate
appropriate level
level of
of management.
management.
Fraud
Fraud involving
involving senior
senior management
management and and fraud
fraud that
that
causes
causes aa material
material misstatement
misstatement of of the
the financial
financial
statement
statement should
should be be reported
reported directly
directly to
to those
those
charged
charged with
with governance.
governance.
The
The auditor
auditor should
should reach
reach an
an understanding
understanding with
with
those
those charged
charged with
with governance
governance regarding
regarding the
the
expected
expected nature
nature and
and extent
extent of
of communications
communications about
about
misappropriations
misappropriations perpetrated
perpetrated by
by lower-level
lower-level
employees.
employees.
© McGraw-Hill Education 2014
Communications about Fraud
The
The disclosure
disclosure of of fraud
fraud to
to parties
parties other
other than
than the
the entity’s
entity’s
senior
senior management
management and and those
those charged
charged withwith
governance
governance ordinarily
ordinarily isis not
not part
part of
of the
the auditor’s
auditor’s
responsibility
responsibility and
and ordinarily
ordinarily would
would bebe precluded
precluded by by the
the
auditor’s
auditor’s ethical
ethical and
and legal
legal obligations
obligations ofof confidentiality.
confidentiality.
IESBA
IESBA Code
Code ofof Ethics
Ethics for
for Professional
Professional Accountants
Accountants
provides
provides guidance
guidance onon circumstances
circumstances where
where auditors
auditors
should
should disclose
disclose confidential
confidential information
information or
or when
when such
such
disclosure
disclosure may
may bebe appropriate.
appropriate.