Textbook Notes (363,550)
Canada (158,417)
Accounting (526)
ACC 521 (14)
Chapter 6

CHAPTER 6.docx

10 Pages
Unlock Document

Ryerson University
ACC 521
Kathryn Bewley

CHAPTER 6: ASSESSING RISKS AND INTERNAL CONTROL Assessing Risks and Control to Plan an Audit Reasonable assurance: A high but not absolute, level of assurance; also referred to as a positive assurance in the context of audit reporting Audit risk: An essential auditing planning decision • Auditors strive to lower audit risk by performing audit work that gives a high level of assurance that the statements are fairly presented • To develop audit work programs, auditors need to assess risk specifically in audit-related terms: o Inherent risks o Control risks o Detection risks • CAS 200 states that financial statement auditor’s overall objective is “to obtain reasonable assurance about whether the financial statements are a whole are free from material misstatement, whether due to fraud or error” • Reasonable assurance should be taken as a high level of assurance Auditor’s assessment of Audit risks that can be Auditor decision risk from accepting accepted engagement Extremely high Extremely low, near zero Impossible to achieve near zero risk, DO NOT ACCEPT High Lowest ACCEPT , only if auditor can achieve low audit risk by performing extensive auditing work Moderate Moderate ACCEPT, plan to achieve moderate audit risk level and perform less extensive level of audit work Low Highest ACCEPT, plan to achieve somewhat of a higher audit risk and perform relatively lower level audit work • Since achieving a lower audit risk involves more work, it cost more • An acceptable level of audit risk should be “appropriately low” and involves the exercise of professional judgment • Before, The CICA guidance suggests auditors try to limit the risks to no more than 5%. The Audit risk model Audit risk: The probability the audit fails to detect a material misstatement • According to CAS 200, audit risk is a function of the risks of material misstatement and detection risk. AUDIT RISK (AR) = RISK OF MATERIAL MISSTATEMENT (RMM) X DETECTION RISK (DR) The model can be made more precise by noting that the risk of material misstatements occurs when there is a (n): 1) Inherent risk 2) Control risk 3) Detection risk AUDIT RISK (AR) = INHERENT RISK (IR) X CONTROL RISK (CR) X DETECTION RISK (DR) • Auditor want to hold audit risk(AR) to low levels (0.05/ 50% of audit decision when there is a material misstatement will be wrong • After AR is decided, the AR model is used to plan the audit work effort required o Auditors accomplishes this by first assessing the levels of IR and CR, then solving for the level of DR that needs to be achieve to reduce the AR to a acceptably low level. Inherent risks Inherent risks (IR): the probability that material misstatements could have occurred • Auditors can only try to assess the magnitude of inherent risks • It is important to understand that audit care should be greater where inherent risk is greater • IF there material misstatements that were discovered last year, the inherent risks will be considered higher than it would be if last year’s audit did not have any material misstatements • Revenue accounts tend to have high inherent risks because of the complexity of revenue accounting • Assets and revenue accounts tend to have higher inherent risk of overstatement than understatement • Liability accounts have higher inherent risk of understatement than overstatement Processes presenting the greatest risk of errors/inaccuracies (in order): 1) Revenue recognition accounting 2) Contract management 3) Planning and budgeting 4) Accounting reconciliation 5) Tax calculations and accruals 6) Account payable approvals 7) Credit management 8) Other 9) Expense reimbursement Inherent risk factors include: • Accounting policies requiring complex calculations, calculations, estimates • Accounting staff competency, experience • Assets susceptible t theft • Business involving complex transactions, assets/ liabilities • Business subject to complex/changing laws • Changes in technology • Complex contracts with customers/suppliers • Economic conditions that affect business negatively • Knowledge of actual/ suspected fraud • Management incentives • Management integrity • Material misstatements in past years • Operations in multiple locations • Organizational change • Other relevant risk factors Control risks Control risk (CR): the risk that the client’s internal controls will not prevent /detect a material misstatement • Auditors are only concerned with assessing controls risks relating to financial statement assertions at the account balance, class of transaction or disclosure level The CICA Criteria of Control Committee (COCO) framework for control includes: • Organization’s resources • Systems • Processes • Culture • Structure • Tasks that work together to support organizations objectives Anchoring: preconceived notions about control risk that auditors carry over when they perform an audit on a client year after year, a potential pitfall if conditions change. Control testing (compliance testing): performing procedures to assess whether controls are operating effectively Combined inherent and control risk: the risk of material misstatement Risk of material misstatement: assessed on the financial statements overall and based on pervasive factors such as fraud, going concern, or other significant business-level risks; that auditor’s assessment of combined inherent control risk • The risk of material misstatement at the financial statement and assertion levels are a basis for designing further audit procedures Detection risk Detection Risk (DR): The risk that the auditor’s procedures will fail to find a material misstatement that exists in the accounts Substantive audit procedures: designed to detect material misstatements at the assertion level; comprised of tests of details (transactions, account balances, disclosures) and substantive analytical procedures o substantive procedures provide direct assessment of the monetary amount of misstatement o Control testing only provides indirect evidence about whether material misstatement might have arisen due to control deficiencies • 2 categories of substantive procedures are: 1) Tests of the details of transactions balances and disclosures 2) Analytical procedures applied to produce circumstantial evidence about specific monetary amounts in accounts **** Detection risk is the probability that these substantive procedures will fail to detect material misstatements Working with the audit risk model The model produces some insight, which includes: 1) Auditors cannot rely on an estimate of zero inherent risk without other evidence- gathering procedures 2) Auditors cannot only rely on internal controls 3) Auditors would not be exhibiting due audit care if the risk of failure to detect material misstatements were too high 4) Auditors could rely almost exclusively on evidence produced by substantive procedures, even if they think inherent risk and control risk are high How materiality and audit risk are related • Materiality refers to magnitude of a misstatement, while audit risk refers to the level of assurance that material misstatement does not exist in the financial statement • Acceptable audit risk is determined by how much assurance the auditor requires o High level of assurance = low audit risk • Audit risk and materiality both deal with sufficiency of evidence o If AR is set lower, or materiality is set smaller, the evidence required will increase • Materiality and audit risk decision’s main impact is on the extent of the audit evidence that needs to be gathered Business risk and extensions of the audit risk model Business risk-based audit approach: the requirement for the auditor to understand the client’s business risks and strategy in order to assess the risks of material misstatement in the financial statement and design appropriate audit procedures in response to those risks • Business risk is defined as any event/action adversely affecting the organization’s ability to achieve its business objectives and execute its strategies Strategic systems auditing (SSA audits): An auditing approach that has a top-down focus, starting with an in-depth understanding of the auditee’s business; enables the auditor to understand the strategic objectives of the auditee, the risks the auditee faces in relation to these objectives, and the controls necessary for the business to respond to these risks; obtaining an understanding of the business as a whole, then proceeding to look at the details of the risky transactions in the context of the knowledge gained at the broader level. RISK OF MATERIAL MISSTATEMENT (RMM) = IR X CR BUSINESS RISK-BASED APPROACH TO AUDITING • Business risk analysis allows the auditors to learn about the risks the business faces, management’s strategy for addressing those risks to meet organization goals, and the business processes it uses to implement the strategy. • There are 2 parts of business risk analysis: o Strategic analysis o Business process analysis Entity’s risk assessment process: Management’s process for identifying business risks that could affect financial reporting objectives and for deciding on actions to address and minimize these risks; understanding this process helps auditors to assess the risk that the financial statements could be materially misstated • The auditor’s first step is understanding the entity management’s own process for identifying business risks affecting financial reporting objectives and for deciding on actions to minimize theses risk • Auditors exercise professional judgment by using mental models and systems thinking. o A mental model consists of organized knowledge, integrated data about the patterns and cues, and rules for linking knowledge and cues o These models are used throughout the audit and updated continuously for new information o System thinking used in business risk analysis involves viewing the organization in a complex web or relationships between the auditee and relevant features of the auditee’s external environment Strategic Analysis • Audit team beings by learning from seniors auditee management about the business objectives and the key strategies and risks in achieving those objectives
More Less

Related notes for ACC 521

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.