Presentation on theme: "S11: Risk Based Audit Approach. Session Objectives To define audit risks and establish the relationship between materiality and audit risk To discuss."— Presentation transcript:
Session Objectives To define audit risks and establish the relationship between materiality and audit risk To discuss the Audit Risk Model To explain different kinds of audit risks and the factors that determine them
Audit Risk Audit accepts the risk that the audit conclusion may be wrong and that Audit may have allowed material error to remain undetected in the account. Only a very small degree of audit risk would be acceptable as otherwise the audit process may lose its purpose. A very high level of assurance (or confidence) is required when expressing the audit opinion.
Relationship between materiality and audit risk Higher the materiality level, lower the audit risk and vice versa. To calculate the level of assurance (or confidence) required from substantive audit tests, risk model is employed.
Risk Model Analytical tool for planning and execution. Detects high-risk areas for concentrated audit efforts. Audit can thus focus on areas which are likely to generate better assurance instead of sampling and testing of larger but low risk areas. Structures the audit procedures and reorganizes the audit work in terms of risk perception
Risk Model Audit Risk Inherent Risk Control risk Detection Risk
Inherent Risk The risk that an error will occur in the first place. Determined by the susceptibility of the classes of transactions to be audited to material misstatement, irrespective of the related internal controls in the organization.
Control Risk The risk that internal controls will fail to detect the error Determined by the efficacy of internal control environment in the auditee organization
Detection Risk Risk that the audit procedures will fail to detect the error. Risk that auditor’s substantive tests do not detect a material misstatement in the transactions audited by him.
Overall Audit Risk All the three risks are independent of each other. Overall Audit Risk (AR) is defined as: OAR=CR x IR x DR The overall audit risk is defined by the audit institution and hence is a constant pre- determined quantity.
Objective for the Auditor To assess inherent and control risks in the entity To design and perform appropriate compliance and substantive procedures that provide sufficient assurance that the product of the risks identified is less than or equal to the overall audit risk that the auditor is willing to accept.
Determinants of Inherent Risk √ The number and significance of audit adjustments and difference waived during the audits of previous years. √ Complexity of underlying calculations of accounting principles √ The susceptibility of the asset to material fraud or misappropriation √ Experience and competence of accounting personnel responsible for the component √ Judgment involved in determining amount √ Mix and size of items subject to the audit test √ The degree to which the financial circumstances of the entity may motivate its management to misstate the component in regard to this assertion √ Integrity and behaviour of the management. √ Management turnover and reputation
Assessment of Control Risk Evaluate the control environment Evaluate the control systems
Determinants of control environment √ Management philosophy and operating style √ The functioning of the board of directors and its committees, particularly the audit committee √ Organizational structure √ Methods of assigning authority and responsibility. √ Systems development methods √ Systems development methodology √ Personnel policies and practices √ Management reaction to external influences √ Internal audit
Determinants of control environment (Contd.) √ Segregation of incompatible functions √ Controls to ensure completeness of transactions being recorded √ Controls to ensure that transactions are authorized √ Third party controls (e.g. confirmation of events) √ Control over accounting systems √ Controls over computer processing √ Restricted access to assets (only allow access to authorized personnel)