Summary

This lecture discusses Audit Risk, covering topics such as the introduction, relevant standards including ISA 300, 315, and 330, the nature of the entity and the components of total audit risk. It also includes aspects of the auditor perspective.

Full Transcript

AUDIT RISK Audit Risk : Introduction Relevant Audit Standards The Components of Total Audit Risk The Audit Risk Model The Limitations of the Audit Risk Model Audit Risk and Materiality Level Classification of risk AUDIT RISK According to ISA 315 (revised) ,the audito...

AUDIT RISK Audit Risk : Introduction Relevant Audit Standards The Components of Total Audit Risk The Audit Risk Model The Limitations of the Audit Risk Model Audit Risk and Materiality Level Classification of risk AUDIT RISK According to ISA 315 (revised) ,the auditor is required to understand the entity and its environment, including the internal control systems, to be able to identify and assess the risk of material misstatements ( errors or mistakes that would have a significant impact on the users of accounts) in the financial statements. This process provides the basis for designing and implementing responses to the assessed risks of material misstatement. AUDIT RISK Audit risk can be looked at from : Entity’s perspective Auditor’s perspective ( ISA 315) Audit is a CONTRACT- involves Two Parties- where there is Mutual Responsibilities AUDIT RISK AUDIT ASSIGNMENT INPUT ( Accounting and IC systems)( Mgt Responsibilities -----PROCESS ( Audit procedures + the Financial Statements)( Mutual commitments)-- --OUTPUT ( Audit Opinion)(Auditor responsibilities)( Inappropriate Audit Opinion) Inappropriate Audit opinion can only be minimised when the appropriate and sufficient audit procedures are performed. AUDIT RISK Audit risk is the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated. It is the risk that the financial statements contain material misstatements and the audit procedures fail to detect them. If this situation happens, the auditor will come to a wrong conclusion and an invalid audit report will be issued. Two scenarios may arise: either, the auditor gives an unqualified audit report ( favourable report)but subsequently material errors are found in the financial statements. or a qualified report( unfavourable report) is given but subsequently no material errors are found. IMPACT: AR would mislead users of Accounts/tarnish the reputation of the Entity. It is therefore vital that auditors perform the audit with due diligence, otherwise they may be sued for negligence and damages. AUDIT RISK The audit risk should be reduced to an acceptable low level at both the financial statements level and the assertion levels. At the financial statement level, all the figures appearing in the financial statements could be true, but overall, the financial statements could still not show a true and fair view. For example, going concern issues may be concealed through window dressing. Misstatements at the financial statement level are potentially more subtle and require a higher level of skill to detect. Audit Risk :Relevant Audit Standards In order to minimize the audit risk, auditors are required to understand the entity and its environment develop audit procedures to detect risks document the audit procedures for review (Advanced Audit) Relevant standards in respect to Audit Risk: ISA 300 ‘Planning an audit of financial statements’ ISA 315 ‘Identifying and assessing the Risks of Material Misstatement through Understanding the Entity and its Environment’ ISA 330 ‘The Auditor’s Procedures in Response to Assessed Risk’ According to ISA 315: ‘The auditor is required to understand the entity and its environment and to perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statements and assertion( assumptions/bases) levels.’ ISA 315: The auditor is required to understand the following: Relevant industry, regulatory, and other external factors including the applicable financial reporting framework The nature of the entity, including: its operations, its ownership and governance structures the types of investments that the entity is making and plans to make, including investments in special-purpose entities the way that the entity is structured and how it is financed The entity’s selection and application of accounting policies, including the reasons for changes thereto. The auditor shall evaluate whether the entity’s accounting policies are appropriate for its business and consistent with the applicable financial reporting framework and accounting policies used in the relevant industry. The entity’s objectives and strategies, and those related business risks that may result in risks of material misstatement. The measurement and review of the entity’s financial performance ISA 315: The risk assessment procedures include: Inquiries of management and of others within the entity that in the auditor’s judgment may have information that is likely to assist in identifying risks of material misstatement due to fraud or error. Analytical procedures. Observation and inspection. ISA 330 The Auditor’s Procedures in Response to Assessed Risk “The auditors are required to design and perform further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level”(Final Audit) Assessment of risk is not at the Planning Stage only….it is a continuous process that affects the whole audit processes. It applies at Interim Audit, Final Audit and Audit report. Risk assessment procedures will vary from one stage to the other depending on the nature of the audit. ISA 330 The Auditor’s Procedures in Response to Assessed Risk In designing the further audit procedures (substantive procedures)to be performed, the auditor is required to consider: the reasons for the assessment given to the risk of material misstatement at the assertion level for each class of transactions(IS), account balances(BS) and disclosures(Notes) The likelihood of material misstatement due to the particular characteristics of the relevant class of transactions, account balance, or disclosure( Nature and Complexity of the Entity and its environment) (inherent risk) Whether the risk assessment takes account of relevant controls (the control risk). The auditor is required to obtain audit evidence to determine whether the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures ( detection risk) Obtain more persuasive audit evidence the higher the auditor’s assessment of risk ISA 500 Audit Evidence: Assertations ( Final audit) THE RISK MODEL The Components of Total Audit Risk Audit risk is a function of two main components : risks of material misstatement( Inherent Risk and Control Risk- Entity’s level) detection risk.( Audit procedures-auditor’s level ) Risk of material misstatement is made up of two components, inherent risk and control risk. THE RISK MODEL Inherent risk is the susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements assuming that there were no related internal controls. Inherent risk arises mainly due to the nature and complexity of the business operations and its environment. Control risk is the risk that a misstatement which could occur in an assertion about a class of transaction, account balance or disclosure and which could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control. This implies that control risk would arise due to weaknesses in the internal controls and accounting systems. Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement which exists, and which could be material, either individually or when aggregated with other misstatements. This implies that the audit procedures fail to detect material statements in the FSs. THE RISK MODEL AR = IR x CR x DR , where AR-Audit risk IR- Inherent risk CR- Control risk DR- Detection risk THE RISK MODEL AR is always determined by the audit firm/auditors Is usually set at a level which is reasonable to and attainable by the audit firm In practice, the AR is usually set at 3-5%. If the Audit Firm is willing to take an AR at 3% , this implies that AF will take responsibility of 3% that the Audit report may not give the appropriate opinion. But at the same time , it implies that the AF is confident to give an appropriate Audit Report at 97% - Confidence Level. THE RISK MODEL IR- nature and complexity of the entity and its environment IR would be expressed in % The higher the complexity , the higher will be the IR and vice versa. It implies that so long the business would be in operation the IR will exist IR can only be minimised if the entity stops its operations CR- weaknesses in the IC and AS ( systemic) CR would be expressed in % The higher the weaknesses in IC and AS, the higher will be the CR. THE RISK MODEL DR is determined by the level AR, IR and CR DR will be determined on the prevailing conditions in the entity and its environment DR= AR / (IR x CR) If DR is high, AF will reject the Audit assignment, the predetermined AR may not be achieved. DR is low , this means that the present audit procedures will be able to detect material misstatement in the FSs. Essential component in the Risk Model = DR( from the auditor point of view) THE RISK MODEL Essential component in the Risk Model = DR The DR cannot be determined with accuracy prior to the start of the audit. DR- depends largely on the appropriateness and effectiveness of the audit procedures. It would be quite difficult to know whether the audit procedures will be effective at the start of the audit. And that’s why : the audit procedures will be amended as and when required during the audit engagement--- minimise the DR THE RISK MODEL What would be the actions of the auditors if the DR is HIGH? Auditors may reject the audit engagement because high risk factor. Risk factor: IR is high or CR is high or both; impact on the AR which may go beyond the threshold of 3-5 %. Auditors may accept the audit engagement after discussions with management to minimise the level of risk at the entity’s level such that it impacts on a reduction in the DR and ultimately on AR. This would imply that management would have to take some actions to reduce the level of risk – IR and CR. Which actions management would be more likely to take? To minimise the CR instead of IR. Generally speaking, it is management responsibility to design and implemement of system of Accounting and Control which are appropriate and effective. Classification of Risks Explain how the classification of risks into categories such as ‘high’, medium or ‘low’ helps entities to manage their businesses. Risk classification helps management run their business because it is part of the overall process of identifying and assessing risks. Risk can be on an individual level or on a strategic level and will potentially affect all aspects of the business. As such it is an essential part of business management. Risk must be managed by the company and not the auditors. Risk classification enables effective use of resources. Resources can be directed towards dealing with high and medium risk problems so that the benefits are maximized. Classification of Risk Risk classification assists management in adopting the right response to risk. For example, a low risk might be accepted. A high or medium risk should be : Reduced: by instituting a system of Internal Control Transferred : by taking out insurance

Use Quizgecko on...
Browser
Browser