Chapter 4 PowerPoint Presentation on Risk Assessment

Chapter 4Chapter 4

Risk AssessmentRisk Assessment

McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Brian Chu Thursday, January 31, Brian Chu Thursday, January 31, 20132013 11

Audit RiskAudit Risk

The risk that an auditor expresses an unqualified opinion on materially

misstated financial statements.

The risk that an auditor expresses an unqualified opinion on materially

misstated financial statements.

Financial statementlevel

Individual accountbalance or class

of transactions level

LO# 1

4-2


The Audit Risk ModelThe Audit Risk Model

Audit Risk = IR × CR × DR

Inherent risk and control risk:Risk of material misstatement

Nonsamplingrisk

Nonsamplingrisk

Samplingrisk

Samplingrisk

Detection risk:Risk that auditor will not detect misstatements

Inappropriate audit procedure Fail to detect when using appropriate audit procedure Misinterpreting audit results

LO# 2

4-3


Engagement RiskEngagement Risk

An auditor’s exposureto financial loss and

damage toprofessional reputation.

Client and thirdparty lawsuits

Negativepublicity

LO# 2

Local auditfailure …

4-4


Using the Audit Risk ModelUsing the Audit Risk Model

Set a planned level of audit risk such that an opinion can be issued on the financial statements.

Assess the risk of material misstatement (IR x CR).

Use the audit risk equation to solve for the appropriate level of detection risk:

Set a planned level of audit risk such that an opinion can be issued on the financial statements.

Assess the risk of material misstatement (IR x CR).

Use the audit risk equation to solve for the appropriate level of detection risk:

AR = IR × CR × DR

DR = AR

IR × CR

Auditors use this level of detection risk to design audit procedures that will reduce audit risk to an acceptable level.

LO# 3

4-5


Relationship of the EntityRelationship of the Entity’’s Business Risks to the s Business Risks to the Audit Risk ModelAudit Risk Model

Figure 4-1Figure 4-1

LO# 3

4-6


Using the Audit Risk ModelUsing the Audit Risk ModelLO# 3

Qualitative terms may also be used in the audit risk model.Qualitative terms may also be used in the audit risk model.

4-7


Limitations of theLimitations of theAudit Risk ModelAudit Risk Model

PreliminaryAssessmentLevel of Risk

Actualor AchievedLevel of Risk

LO# 3

+ / –

The audit risk model is a planning tool, but it has some limitations that must be considered when the model is used to revise an audit plan or to evaluate audit results.

• The desired level of audit risk may not actually be achieved.

• It does not consider potential auditor error.

• There is no way of knowing what the preliminary level of risk actually was.

The audit risk model is a planning tool, but it has some limitations that must be considered when the model is used to revise an audit plan or to evaluate audit results.

• The desired level of audit risk may not actually be achieved.

• It does not consider potential auditor error.

• There is no way of knowing what the preliminary level of risk actually was.

4-8


The Auditor’s RiskThe Auditor’s RiskAssessment ProcessAssessment Process

Auditors need toidentify business risks andunderstand the potential

misstatements thatmay result.

Business risksare risks that result from

significant conditions, events,circumstances or actions thatimpair management’s ability

to execute strategies.

LO# 4

4-9


The Auditor’s Risk Assessment ProcessThe Auditor’s Risk Assessment ProcessFigure 4-2Figure 4-2 An Overview of the Auditor’s Assessment of Business Risks and the Risk of An Overview of the Auditor’s Assessment of Business Risks and the Risk of

Material MisstatementsMaterial Misstatements

LO# 4

4-10


Auditor’s Risk Assessment ProceduresAuditor’s Risk Assessment Procedures(How do we gather this evidence?)(How do we gather this evidence?)

Inquiries of Management, Other Entity Personnel, and

Others Outside the Entity

Inquiries of Management, Other Entity Personnel, and

Others Outside the Entity

AnalyticalProcedures

Observationand Inspection

LO# 4

4-11


LO# 4

Understanding the EntityUnderstanding the Entityand Its Environmentand Its Environment

4-12


Understanding the EntityUnderstanding the Entityand Its Environmentand Its Environment

Industry, Regulatory, and External

Factors

Nature ofthe Entity

InternalControl

Objectives, Strategies,and Business Risks

Entity PerformanceMeasures

LO# 4

4-13


Nature of the EntityNature of the Entity The entity’s organizational structure and The entity’s organizational structure and

management personnel.management personnel. The sources of funding of the entity’s The sources of funding of the entity’s

operations and investment activities, operations and investment activities, including the entity’s capital structure, including the entity’s capital structure, noncapital funding, and other debt noncapital funding, and other debt instruments.instruments.

The entity’s investments.The entity’s investments. The entity’s operating characteristics, The entity’s operating characteristics,

including its size and complexity.including its size and complexity. The sources of the entity’s earnings, The sources of the entity’s earnings,

including the relative profitability of key including the relative profitability of key products and services.products and services.

Key supplier and customer relationships.Key supplier and customer relationships.

LO# 4

4-14


Industry, Regulatory, and Other External Factors

LO# 4

4-15


Understanding the Entityand Its Environment

LO# 4

4-16


Examples of misstatements include:Examples of misstatements include:

An inaccuracy in gathering or processing data from which financial statements are prepared.

A difference between the amount of a reported financial statement account and the amount that would have been reported under GAAP.

The omission of a financial statement element, account, or item.

An incorrect accounting estimate arising from an oversight or misinterpretation of facts.

Examples of misstatements include:Examples of misstatements include:

An inaccuracy in gathering or processing data from which financial statements are prepared.

A difference between the amount of a reported financial statement account and the amount that would have been reported under GAAP.

The omission of a financial statement element, account, or item.

An incorrect accounting estimate arising from an oversight or misinterpretation of facts.

LO# 5

Assessing the Risk of Material Assessing the Risk of Material Misstatement Due to Error or FraudMisstatement Due to Error or Fraud

4-17


Errors are Errors are unintentional misstatementsunintentional misstatements:: Mistakes in gathering or processing financial data used Mistakes in gathering or processing financial data used

to prepare financial statements.to prepare financial statements. Unreasonable accounting estimates arising from Unreasonable accounting estimates arising from

oversight or misinterpretation of facts.oversight or misinterpretation of facts. Mistakes in the application of accounting principles Mistakes in the application of accounting principles

relating to amount, classification, manner of relating to amount, classification, manner of presentation, or disclosure.presentation, or disclosure.

Errors are Errors are unintentional misstatementsunintentional misstatements:: Mistakes in gathering or processing financial data used Mistakes in gathering or processing financial data used

to prepare financial statements.to prepare financial statements. Unreasonable accounting estimates arising from Unreasonable accounting estimates arising from

oversight or misinterpretation of facts.oversight or misinterpretation of facts. Mistakes in the application of accounting principles Mistakes in the application of accounting principles

relating to amount, classification, manner of relating to amount, classification, manner of presentation, or disclosure.presentation, or disclosure.

LO# 5


4-18


Fraud involves Fraud involves intentionalintentional misstatementsmisstatements. The fraud risk . The fraud risk identification process includes:identification process includes: Sources of information about possible Sources of information about possible

fraud―fraud― Communications among the audit teamCommunications among the audit team Inquires of management and othersInquires of management and others Analytical proceduresAnalytical procedures Unexpected period-end adjustmentsUnexpected period-end adjustments

Fraud involves Fraud involves intentionalintentional misstatementsmisstatements. The fraud risk . The fraud risk identification process includes:identification process includes: Sources of information about possible Sources of information about possible

fraud―fraud― Communications among the audit teamCommunications among the audit team Inquires of management and othersInquires of management and others Analytical proceduresAnalytical procedures Unexpected period-end adjustmentsUnexpected period-end adjustments

LO# 6


4-19


Three conditions usuallyexist when fraud occurs.

Three conditions usuallyexist when fraud occurs.

Incentive orpressure to

perpetrate fraud

Incentive orpressure to

perpetrate fraud

Opportunityto carry out

the fraud

Opportunityto carry out

the fraud

Attitude orrationalizationto justify fraud

Attitude orrationalizationto justify fraud

LO# 6

Assessing the Risk of Material Misstatement Assessing the Risk of Material Misstatement Due to Error or FraudDue to Error or Fraud

(Fraud Triangle)(Fraud Triangle)

4-20


Financial stabilityor profitabilityis threatened

Financial stabilityor profitabilityis threatened

Excessive pressurefor management to

meet third partyexpectations

Excessive pressurefor management to

meet third partyexpectations

Management’s personalfinancial situation

is threatened

Management’s personalfinancial situation

is threatened

LO# 6

Fraudulent Financial ReportingRisk Factors Relating to Incentive/Pressure include:


(See Table 4-4)(See Table 4-4)

4-21


Ineffectivemonitoring ofmanagement

Ineffectivemonitoring ofmanagement

Nature of the Industry or entity’s

operations

Nature of the Industry or entity’s

operations

Deficientinternalcontrol

Deficientinternalcontrol

Complex or unstable organizational

structure

Complex or unstable organizational

structure

LO# 6

Fraudulent Financial ReportingRisk Factors Relating to Opportunities include:



4-22


Risk Factors Relating to Risk Factors Relating to Attitudes/RationalizationsAttitudes/Rationalizations


Poor communicationchannels for reportinginappropriate behavior

Poor communicationchannels for reportinginappropriate behavior

Weak ethicalstandards formanagement

behavior

Weak ethicalstandards formanagement

behavior

Committing to aggressive or

unrealistic forecasts

Committing to aggressive or

unrealistic forecasts

Use ofinappropriate accounting

based on materiality

Use ofinappropriate accounting

based on materiality

LO# 6

Fraudulent Financial ReportingRisk Factors Relating to Attitudes/Rationalizations include:

4-23


Fraud involvesintentional misstatements.

Fraud involvesintentional misstatements.

Fraudulentfinancial reporting

Fraudulentfinancial reporting

Misappropriationof assets

Misappropriationof assets

LO# 6


4-24


Fraudulent financial reporting includes Fraudulent financial reporting includes acts such as the following:acts such as the following: Manipulation, falsification, or alteration of Manipulation, falsification, or alteration of

accounting records or supporting documents accounting records or supporting documents used to prepare financial statements.used to prepare financial statements.

Misrepresentation in, or intentional omission Misrepresentation in, or intentional omission from, the financial statements of events, from, the financial statements of events, transactions, or significant information.transactions, or significant information.

Intentional misapplication of accounting Intentional misapplication of accounting principles relating to amount, classification, principles relating to amount, classification, manner of presentation, or disclosure.manner of presentation, or disclosure.

Fraudulent financial reporting includes Fraudulent financial reporting includes acts such as the following:acts such as the following: Manipulation, falsification, or alteration of Manipulation, falsification, or alteration of

accounting records or supporting documents accounting records or supporting documents used to prepare financial statements.used to prepare financial statements.

Misrepresentation in, or intentional omission Misrepresentation in, or intentional omission from, the financial statements of events, from, the financial statements of events, transactions, or significant information.transactions, or significant information.

Intentional misapplication of accounting Intentional misapplication of accounting principles relating to amount, classification, principles relating to amount, classification, manner of presentation, or disclosure.manner of presentation, or disclosure.

LO# 6


4-25


Misappropriation of assets involves the Misappropriation of assets involves the theft of an entitytheft of an entity’’s assets to the extent s assets to the extent that financial statements are misstated.that financial statements are misstated.

Misappropriation of assets involves the Misappropriation of assets involves the theft of an entitytheft of an entity’’s assets to the extent s assets to the extent that financial statements are misstated.that financial statements are misstated.

Stealing assets

Embezzlingcash received

Paying forgoods and services

not received by the company

LO# 6


Examples include:

4-26


LO# 6


4-27


Auditor’s Response toAuditor’s Response tothe Risk Assessment (See Figure 4-3)the Risk Assessment (See Figure 4-3)

Financial statement level risks

Develop an overallresponse.

Determine what can go wrongat the account or assertion level.

LO# 7

Assess the risk of material misstatement at the financial statement and assertion levels.

Do these risks relate

pervasively to the financialstatements?

Design audit procedures for

assertion level risks.

Assertion level risks

Yes

No

4-28


Auditor’s Response to the Risk Auditor’s Response to the Risk AssessmentAssessment

LO# 7

To respond appropriately to financial statement level risks, the auditor may do the following: Emphasize to the audit team the need to maintain

professional skepticism. Assign more experienced staff or those with

specialized skills. Provide more supervision. Incorporate additional elements of unpredictability in

the selection of audit procedures.

To respond appropriately to financial statement level risks, the auditor may do the following: Emphasize to the audit team the need to maintain

professional skepticism. Assign more experienced staff or those with

specialized skills. Provide more supervision. Incorporate additional elements of unpredictability in

the selection of audit procedures.

4-29


Evaluation of AuditEvaluation of AuditTest ResultsTest Results

At the completion of the audit, the auditor should consider: 1. Whether the accumulated results of audit procedures affect the assessments of the entity’s business risk and the risk of material misstatement, and 2. Whether the total misstatements cause the financial statements to be materially misstated.

THEN …

If the financial statements are materially misstated, the auditor should: 1. Request management to eliminate the material misstatement, or 2. If management does not make needed adjustments, the auditor should issue a qualified or adverse opinion.

At the completion of the audit, the auditor should consider: 1. Whether the accumulated results of audit procedures affect the assessments of the entity’s business risk and the risk of material misstatement, and 2. Whether the total misstatements cause the financial statements to be materially misstated.

THEN …

If the financial statements are materially misstated, the auditor should: 1. Request management to eliminate the material misstatement, or 2. If management does not make needed adjustments, the auditor should issue a qualified or adverse opinion.

LO# 8

4-30


Evaluation of AuditEvaluation of AuditTest ResultsTest Results

If the auditor determines that the misstatement is or may be the result of fraud, and has determined that the effect could be material, the auditor should: Attempt to obtain audit evidence to determine whether, in fact,

material fraud has occurred and, if so, its effect. Consider the implications for other aspects of the audit. Discuss the matter and the approach to further investigation with

an appropriate level of management that is at least one level above those involved in committing the fraud and with senior management.

If appropriate, suggest that the client consult with legal counsel. Consider withdrawing from the engagement.

If the auditor determines that the misstatement is or may be the result of fraud, and has determined that the effect could be material, the auditor should: Attempt to obtain audit evidence to determine whether, in fact,

material fraud has occurred and, if so, its effect. Consider the implications for other aspects of the audit. Discuss the matter and the approach to further investigation with

an appropriate level of management that is at least one level above those involved in committing the fraud and with senior management.

If appropriate, suggest that the client consult with legal counsel. Consider withdrawing from the engagement.

LO# 8

4-31


Documentation of theDocumentation of theAuditor’s Risk AssessmentAuditor’s Risk Assessment

The auditor should document: Discussions among engagement personnel. Procedures performed to identify and assess the risks

of material misstatement due to fraud. Risks of identified material misstatement due to fraud

and a description of the auditor’s response to the risks. Fraud risks or other conditions that result in additional

audit procedures. The nature of the communications about fraud made to

management, the audit committee, and others.

The auditor should document: Discussions among engagement personnel. Procedures performed to identify and assess the risks

of material misstatement due to fraud. Risks of identified material misstatement due to fraud

and a description of the auditor’s response to the risks. Fraud risks or other conditions that result in additional

audit procedures. The nature of the communications about fraud made to

management, the audit committee, and others.

LO# 9

4-32


Communications about FraudCommunications about Fraud

Whenever the auditor has found evidence that a fraud may exist, that matter should be brought to the attention of an appropriate level of management. Fraud involving senior management and fraud that causes a material misstatement of the financial statement should be reported directly to the audit committee of the board of directors.

The auditor should reach an understanding with the audit committee regarding the expected nature and extent of communications about misappropriations perpetrated by lower-level employees.

Whenever the auditor has found evidence that a fraud may exist, that matter should be brought to the attention of an appropriate level of management. Fraud involving senior management and fraud that causes a material misstatement of the financial statement should be reported directly to the audit committee of the board of directors.

The auditor should reach an understanding with the audit committee regarding the expected nature and extent of communications about misappropriations perpetrated by lower-level employees.

LO# 10

4-33


The disclosure of fraud to parties other than the client’s senior management and its audit committee ordinarily is not part of the auditor’s responsibility and ordinarily would be precluded by the auditor’s ethical and legal obligations of confidentiality, except when the following conditions exist: To comply with certain legal and regulatory requirements. To a successor auditor when the successor makes inquiries of

the predecessor auditor about the client. In response to a subpoena. To a funding agency or other specified agency in accordance

with requirements for the audits of entities that receive governmental financial assistance.

The disclosure of fraud to parties other than the client’s senior management and its audit committee ordinarily is not part of the auditor’s responsibility and ordinarily would be precluded by the auditor’s ethical and legal obligations of confidentiality, except when the following conditions exist: To comply with certain legal and regulatory requirements. To a successor auditor when the successor makes inquiries of

the predecessor auditor about the client. In response to a subpoena. To a funding agency or other specified agency in accordance

with requirements for the audits of entities that receive governmental financial assistance.

LO# 10

Communications about FraudCommunications about Fraud

4-34


End of Chapter 4End of Chapter 4

4-35


Documents

Chapter 4 PowerPoint Presentation on Risk Assessment