Class Notes (1,000,000)
CA (620,000)
SFU (10,000)
BUS (1,000)
BUS 426 (10)
Lecture 3

BUS 426 Lecture Notes - Lecture 3: Audit Risk, Internal Control, Financial Statement

Business Administration
Course Code
BUS 426
Michael Favere- Marchesi

of 5
Lecture 3
What is risk? Uncertainty
Audit Risk: The risk when the auditor’s opinion comes out
but there is really a misstatement in the financial statements
o Audit Risk = 1 Assurance, ex: In our opinion, we
are 95% confident that the financial statements are
fairly stated
o Audit Risk is a strategic approach to accounting, views
the audit as a tactical plan of action
Tactical Phase = Performance of Audit Tests
Audit Procedures are designed to satisfy audit
objectives in order to reduce the probability of
Also a risk when the auditor states that the statements are
unfairly statement damage reputation
Auditors can’t test for everything, so they do take an amount
of risk
Usually for large firms, audit risk is lower (in comparison to
small firms), this is because more users use the financial
statements for large firms
Components of an Audit Risk
1. Inherent Risk: Unavoidable risks
2. Control Risk: Internal Controls, catches some misstatements
3. Detection Risk: Auditor Controls, catches more misstatements
Audit Risk = IR x CR x DR
Multiplicative means they are independent of each other
AR, IR, CR are all assessment inputs, and DR is the output,
influences the extent of testing
So rewritten as: DR = AR / (IR x CR)
o If AR goes UP, so does the DR and vise-versa
Means you are willing to take more risk, so you
would collect less evidence
To memorize, just use the rewritten formula
Control Risk
How to Assess Audit Risk
Nature of Users: If only the CEO uses the statements, then we
can take a bigger risk; in comparison to public companies where
many users depend on this, we take a lower risk
Likelihood of Financial Difficulties
Management Integrity: Is management very aggressive in
accounting? Do they cross the line? Honest or not management?
Matter of trusting who you are dealing with
Business Risk: Is the business industry dangerous?
Inherent Risk
The likelihood of misstatements due to the nature of the segment
o IE: The account of inventory vs plant, property and
equipment… Which is more risky? Inventory
How to determine which account is more inherently risky?
Nature of Business
Nature of Information System (IT System): Do they have
a program that does the accounting for them, or do they have
a manual accounting system?
Integrity of Management
Client Motivation: What is the client’s objective of this
Initial vs Repeat Engagement
Results of Prior Audits
Related Parties: A company with a lot more related party
transactions are inherently more risky (because they are not
at arms length)
Non-Routine Transactions: Usually found in journal entries
near the year-end
Judgments Required to Record Account Balances and
Transactions Correctly
Assets Susceptible to Misappropriation: Assets which
may be stolen
Makeup of the Population: Who are the client’s customers
Control Risk
The likelihood that misstatements will not be prevented or detected
by internal control system
Required by GAAS to evaluate the internal control system even if
you will not place reliance on the internal controls
Needed in order to design the nature and extent of the audit
Mix of Test of Controls + Test of Details to evaluate this
To rely on the internal control system:
Obtain an understanding of the internal controls system
Evaluate design effectiveness based on the understanding
o Identify the strengths and weaknesses of the internal
control system
Test the internal control systems for operational effectiveness
(Test of Controls)
When Weaknesses > Strengths, internal control system is
inadequate, then control risk = 100%
Detection Risk
The likelihood that audit tests will not detect material
Audit testing required in order to meet the detection risk
A misstatement is considered material if it is probable that the
decisions of a reasonable user who rely on financial statements will
be changed or influenced by such misstatements
o Materiality is user specific, judgment call for users
Must set preliminary judgment during the planning phase of the
If your materiality tolerance goes up, then you would gather less
Audit provides reasonable assurance that there is no misstatement
Types of Misstatements
Identified Misstatements: Misstatements that you found
Likely or Projected Misstatements: Probable misstatements
Likely Aggregate Misstatements: Identified Misstatements +
Projected Misstatements
Further Possible Misstatements: Due to sampling imprecision
Maximum Possible Misstatements: Projected + Further
What Affects Materiality?
Relative Concept
A Base must be Chosen
Qualitative Factors: If you find fraud, and you believe that it is
only the tip of the iceberg… May find more frauds
Firm Guidelines
Past Practices
Client Risk Profile and Documentation