Textbook Notes (369,205)
Canada (162,462)
RSM323H1 (24)

RSM323 Audit I Textbook Ch 7

6 Pages

Rotman Commerce
Course Code
Vicki Zhang

This preview shows pages 1 and half of page 2. Sign up to view the full 6 pages of the document.
RSM323 Chapter 7 - Assessing Risks and Internal Control  Learning Objectives o Describe the conceptual audit risk model and its components, and explain its usefulness and limitations in conducting the audit. o Explain how auditors assess the auditee’s business risk through strategic analysis and business process analysis. o Outline the relationships among business processes, accounting processes/cycles and management’s general purpose financial statements. o Illustrate how business risk analysis is used in a preliminary assessment of the risk that fraud or error has led to material misstatement at the overall financial statement level. o Describe the basic components of internal control; control environment, management’s risk assessment process, information systems and communication, control activities and monitoring. o Explain how the auditor’s understanding of an organization’s internal control helps to assess the risk that its financial. statements are misstated. o Apply and integrate the chapter topics to analyze a practical auditing situation / case / scenario.  Chapter Overview o Audit Risk Assessment o Business Risk-Based Approach to Auditing o Accounting Processes and the Financial Statements o Business Risk and Risk of Material Misstatement o Understanding Internal Control o How Internal Control Relates to the Risk of Material Misstatement  Audit Risk Assessment o Auditing is fundamentally a risk management process.  Audit risk is related to information risk that financial statements are materially misstated.  Auditors strive to lower audit risk by performing audit work that gives a high level of assurance that statements are correct.  Auditors need to assess risk in audit related terms; inherent risk, control risk and detection risk.  Inherent Risk o The probability of material misstatement occurring in transactions entering the accounting system or being in the account balances is inherent risk.  Auditors do not create or control inherent risk.  Auditors only try to assess its magnitude based on prior experience, management bias, and nature of the transactions.  The auditor will consider the characteristics of the client’s business, types of transactions, and effectiveness of accountants.  Control Risk o The risk that the client’s internal control system will not prevent or detect a material misstatement is control risk.  Auditors do not create or control control risk; they simply evaluate or assess probability of failure to detect material misstatements.  This assessment of effectiveness may be tested by the auditor in the audit.  Assessment is based on study and evaluation of the company’s control system. o Several control frameworks are available to the auditor in assessing controls.  CICA’s Criteria of Control Committee (COCO)  Includes evaluation criteria.  Committee of Sponsoring Organizations of the Treadway Commission (COSO)  Includes a set of evaluation tools.  Control Objectives for Information and Related Technology (COBIT) o Control risk assessment provides only an indirect assessment of monetary misstatements in the financial statements.  Control testing or compliance testing are detailed procedures used to assess control risk.  Control risk should not be assessed so low that auditors rely entirely on controls, and do no substantive work.  Risk of Material Misstatement o Auditing standards refer to risk of material misstatement rather than to inherent risk and control risk separately.  It is often difficult to separate the two risks.  Some controls are preventative and reduce inherent risk, some controls are only effective when misstatements occur.  The auditor may make a combined assessment of inherent and control risks.  Detection Risk o The risk that any material misstatement that has not been corrected by the client’s internal control will not be detected by the auditor is detection risk.  Auditors can control this risk by conducting substantive (balance audit) tests.  Substantive tests include audit of details of transactions and balances, and analytical procedures applied to dollar amounts in the accounts.  Audit Risk o The probability that an auditor will fail to express a reservation that financial statements are materially misstated is audit risk.  Audit risk is greater if there is poor planning or poor execution of the audit.  Audit risk is inversely proportionate to risk of getting sued.  Audit risk is dependent on user reliance.  Audit risk is also applied to individual account balances and disclosures.  Risk Model o AR = IR x CR x DR o Audit risk will occur when:  a material misstatement has been made in the transactions or balances (inherent risk),  and internal controls fail to detect or correct the misstatement (control risk), and  audit procedures also fail to detect the misstatement (detection risk).  Auditors usually like to limit audit risk to less than 5%.  How Materiality and Audit Risk are Related o Materiality refers to the magnitude of a misstatement; audit risk refers to the level of assurance that material misstatement does not exist.  The auditor will make these assessments independently.  Both deal with sufficiency of evidence and extent of audit evidence that will be collected.  Business Risk and extension of the Audit Risk Model o Business risk is an event of action that will adversely affect an organization’s ability to achieve its objectives and execute its strategies.  Auditors need to assess the ways that business risk affects the risk of material misstatement in financial statements.  Business Risk-Based Approach to Auditing o The business risk-based approach to auditing requires the auditor to understand the auditee’s business risks, management’s strategy for addressing those risks, and the business processes it uses to implement the strategy.  Business Risk Analysis o There are two parts of business analysis:  Strategic analysis, and  Business process analysis. o At the end of the business analysis, the auditor should be able to determine if there are any weaknesses in the client’s risk management process that could lead to misstatement on the financial statements.  Strategic Analysis o Gain an understanding from senior client management about:  business objectives,  key strategies employed to meet those objectives, and  risks that threaten achievement of those objectives.  Business Process Analysis o Management will minimize risks through well-designed business processes.  Business success depends on how well management can execute the main aspects of strategy. o Business process analysis deepens the auditor’s understanding of the client’s operations.  It may also highlight risks and possible note disclosures.  Effects of IT and E-Commerce on Business Risk o Analyzing the effects of IT and e-commerce is also an important component of business risk analysis.  More involvement in e-commerce and more complex information sy
More Less
Unlock Document

Only pages 1 and half of page 2 are available for preview. Some parts have been intentionally blurred.

Unlock Document
You're Reading a Preview

Unlock to view full version

Unlock Document

Log In


Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.