Chapter 4 Risk Assessment McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Client and third party lawsuits LO# 2 Engagement Risk Client and third party lawsuits An auditor’s exposure to financial loss and damage to professional reputation. Negative publicity Local audit failure … 4-2

LO# 1 Audit Risk The risk that an auditor expresses an unqualified opinion on materially misstated financial statements. Financial statement level Individual account balance or class of transactions level 4-3

The Audit Risk Model Audit Risk = IR × CR × DR LO# 2 The Audit Risk Model Inherent risk and control risk: Risk of material misstatement Audit Risk = IR × CR × DR Detection risk: Risk that auditor will not detect misstatements Nonsampling risk Sampling risk Inappropriate audit procedure Fail to detect when using appropriate audit procedure Misinterpreting audit results 4-4

Using the Audit Risk Model LO# 3 Using the Audit Risk Model  Set a planned level of audit risk such that an opinion can be issued on the financial statements.  Assess the risk of material misstatement (IR x CR).  Use the audit risk equation to solve for the appropriate level of detection risk: AR = IR × CR × DR DR = AR IR × CR Auditors use this level of detection risk to design audit procedures that will reduce audit risk to an acceptable level. 4-5

LO# 3 Relationship of the Entity’s Business Risks to the Audit Risk Model Figure 4-1 4-6

Using the Audit Risk Model LO# 3 Using the Audit Risk Model Qualitative terms may also be used in the audit risk model. 4-7

Limitations of the Audit Risk Model LO# 3 The audit risk model is a planning tool, but it has some limitations that must be considered when the model is used to revise an audit plan or to evaluate audit results. The desired level of audit risk may not actually be achieved. It does not consider potential auditor error. There is no way of knowing what the preliminary level of risk actually was. Preliminary Assessment Level of Risk Actual or Achieved Level of Risk + / – 4-8

The Auditor’s Risk Assessment Process LO# 4 The Auditor’s Risk Assessment Process Auditors need to identify business risks and understand the potential misstatements that may result. Business risks are risks that result from significant conditions, events, circumstances or actions that impair management’s ability to execute strategies. 4-9

LO# 4 The Auditor’s Risk Assessment Process Figure 4-2 An Overview of the Auditor’s Assessment of Business Risks and the Risk of Material Misstatements 4-10

Auditor’s Risk Assessment Procedures (How do we gather this evidence?) LO# 4 Auditor’s Risk Assessment Procedures (How do we gather this evidence?) Inquiries of Management, Other Entity Personnel, and Others Outside the Entity Analytical Procedures Observation and Inspection 4-11

Understanding the Entity and Its Environment LO# 4 Understanding the Entity and Its Environment 4-12

Understanding the Entity and Its Environment LO# 4 Understanding the Entity and Its Environment Nature of the Entity Industry, Regulatory, and External Factors Internal Control Objectives, Strategies, and Business Risks Entity Performance Measures 4-13

LO# 4 Nature of the Entity The entity’s organizational structure and management personnel. The sources of funding of the entity’s operations and investment activities, including the entity’s capital structure, noncapital funding, and other debt instruments. The entity’s investments. The entity’s operating characteristics, including its size and complexity. The sources of the entity’s earnings, including the relative profitability of key products and services. Key supplier and customer relationships. 4-14

Industry, Regulatory, and Other External Factors LO# 4 Industry, Regulatory, and Other External Factors 4-15

Understanding the Entity and Its Environment LO# 4 Understanding the Entity and Its Environment 4-16

Assessing the Risk of Material Misstatement Due to Error or Fraud LO# 5 Assessing the Risk of Material Misstatement Due to Error or Fraud Examples of misstatements include: An inaccuracy in gathering or processing data from which financial statements are prepared. A difference between the amount of a reported financial statement account and the amount that would have been reported under GAAP. The omission of a financial statement element, account, or item. An incorrect accounting estimate arising from an oversight or misinterpretation of facts. 4-17

Assessing the Risk of Material Misstatement Due to Error or Fraud LO# 5 Assessing the Risk of Material Misstatement Due to Error or Fraud Errors are unintentional misstatements: Mistakes in gathering or processing financial data used to prepare financial statements. Unreasonable accounting estimates arising from oversight or misinterpretation of facts. Mistakes in the application of accounting principles relating to amount, classification, manner of presentation, or disclosure. 4-18

Assessing the Risk of Material Misstatement Due to Error or Fraud LO# 6 Assessing the Risk of Material Misstatement Due to Error or Fraud Fraud involves intentional misstatements. The fraud risk identification process includes: Sources of information about possible fraud― Communications among the audit team Inquires of management and others Analytical procedures Unexpected period-end adjustments 4-19

Assessing the Risk of Material Misstatement Due to Error or Fraud LO# 6 Assessing the Risk of Material Misstatement Due to Error or Fraud Fraud involves intentional misstatements. Fraudulent financial reporting Misappropriation of assets 4-20

Assessing the Risk of Material Misstatement Due to Error or Fraud LO# 6 Assessing the Risk of Material Misstatement Due to Error or Fraud Fraudulent financial reporting includes acts such as the following: Manipulation, falsification, or alteration of accounting records or supporting documents used to prepare financial statements. Misrepresentation in, or intentional omission from, the financial statements of events, transactions, or significant information. Intentional misapplication of accounting principles relating to amount, classification, manner of presentation, or disclosure. 4-21

Assessing the Risk of Material Misstatement Due to Error or Fraud LO# 6 Assessing the Risk of Material Misstatement Due to Error or Fraud Misappropriation of assets involves the theft of an entity’s assets to the extent that financial statements are misstated. Examples include: Stealing assets Paying for goods and services not received by the company Embezzling cash received 4-22

LO# 6 Assessing the Risk of Material Misstatement Due to Error or Fraud (Fraud Triangle) Three conditions usually exist when fraud occurs. Incentive or pressure to perpetrate fraud Opportunity to carry out the fraud Attitude or rationalization to justify fraud 4-23

LO# 6 Assessing the Risk of Material Misstatement Due to Error or Fraud (See Table 4-4) Fraudulent Financial Reporting Risk Factors Relating to Incentive/Pressure include: Excessive pressure for management to meet third party expectations Management’s personal financial situation is threatened Financial stability or profitability is threatened 4-24

LO# 6 Assessing the Risk of Material Misstatement Due to Error or Fraud (See Table 4-5) Fraudulent Financial Reporting Risk Factors Relating to Opportunities include: Nature of the Industry or entity’s operations Complex or unstable organizational structure Ineffective monitoring of management Deficient internal control 4-25

Risk Factors Relating to Attitudes/Rationalizations (See Table 4-6) LO# 6 Risk Factors Relating to Attitudes/Rationalizations (See Table 4-6) Fraudulent Financial Reporting Risk Factors Relating to Attitudes/Rationalizations include: Poor communication channels for reporting inappropriate behavior Use of inappropriate accounting based on materiality Weak ethical standards for management behavior Committing to aggressive or unrealistic forecasts 4-26

Assessing the Risk of Material Misstatement Due to Error or Fraud LO# 6 Assessing the Risk of Material Misstatement Due to Error or Fraud 4-27

Auditor’s Response to the Risk Assessment (See Figure 4-3) LO# 7 Assess the risk of material misstatement at the financial statement and assertion levels. Financial statement level risks Assertion level risks Do these risks relate pervasively to the financial statements? No Determine what can go wrong at the account or assertion level. Design audit procedures for assertion level risks. Yes Develop an overall response. 4-28

Auditor’s Response to the Risk Assessment LO# 7 To respond appropriately to financial statement level risks, the auditor may do the following: Emphasize to the audit team the need to maintain professional skepticism. Assign more experienced staff or those with specialized skills. Provide more supervision. Incorporate additional elements of unpredictability in the selection of audit procedures. 4-29 29

Evaluation of Audit Test Results LO# 8 Evaluation of Audit Test Results At the completion of the audit, the auditor should consider: 1. Whether the accumulated results of audit procedures affect the assessments of the entity’s business risk and the risk of material misstatement, and 2. Whether the total misstatements cause the financial statements to be materially misstated. THEN … If the financial statements are materially misstated, the auditor should: 1. Request management to eliminate the material misstatement, or 2. If management does not make needed adjustments, the auditor should issue a qualified or adverse opinion. 4-30

Evaluation of Audit Test Results LO# 8 If the auditor determines that the misstatement is or may be the result of fraud, and has determined that the effect could be material, the auditor should: Attempt to obtain audit evidence to determine whether, in fact, material fraud has occurred and, if so, its effect. Consider the implications for other aspects of the audit. Discuss the matter and the approach to further investigation with an appropriate level of management that is at least one level above those involved in committing the fraud and with senior management. If appropriate, suggest that the client consult with legal counsel. Consider withdrawing from the engagement. 4-31

Documentation of the Auditor’s Risk Assessment LO# 9 Documentation of the Auditor’s Risk Assessment The auditor should document: Discussions among engagement personnel. Procedures performed to identify and assess the risks of material misstatement due to fraud. Risks of identified material misstatement due to fraud and a description of the auditor’s response to the risks. Fraud risks or other conditions that result in additional audit procedures. The nature of the communications about fraud made to management, the audit committee, and others. 4-32

Communications about Fraud LO# 10 Whenever the auditor has found evidence that a fraud may exist, that matter should be brought to the attention of an appropriate level of management. Fraud involving senior management and fraud that causes a material misstatement of the financial statement should be reported directly to the audit committee of the board of directors. The auditor should reach an understanding with the audit committee regarding the expected nature and extent of communications about misappropriations perpetrated by lower-level employees. 4-33

Communications about Fraud LO# 10 The disclosure of fraud to parties other than the client’s senior management and its audit committee ordinarily is not part of the auditor’s responsibility and ordinarily would be precluded by the auditor’s ethical and legal obligations of confidentiality, except when the following conditions exist: To comply with certain legal and regulatory requirements. To a successor auditor when the successor makes inquiries of the predecessor auditor about the client. In response to a subpoena. To a funding agency or other specified agency in accordance with requirements for the audits of entities that receive governmental financial assistance. 4-34