audit risk and materiality threshold

Audit risk and materiality threshold - towards economic risk and audit

failure HORATIU ROTARU

Faculty of Business Administration

The University of South-East Europe Lumina

Sos. Colentina nr. 64b, Sector 2, 021178 Bucuresti, Romania

[email protected] http://www.lumina.org

Abstract: The audit risk, as defined by SAS 107 „Audit Risk and Materiality in Conducting an Audit”, represents the

positive opinion of an auditor of financial statements that are materially misstated, opinion that unknowingly failed to

be appropriately modified.

Based on the model recommended by SAS 107 we propose an audit model that depends on sampling and presents

the assessment of the audit risk by determining not only the inherent risk, control risk but the risk of not detecting

errors linked with sampling, result of audit work sheets elaboration depending on statistical techniques.

Key-Words: audit risk, risk assessment, audit risk documentation, materiality threshold, risk associated with sampling.

1. Introduction The paper “Audit risk and materiality threshold -

towards economic risk and audit failure” is

structured in four main chapters.

The first chapter, “The assessment of materiality”

presents the elements that should be taken into concern

by an auditor when determining the materiality threshold

and also the opinion presented in the professional

literature towards the proposed topic.

The second chapter “Audit risk at the account

balance” is structured in two subchapters, the first one

represents the determination of audit risk based on SAS

107 and the second one also represents the assessment of

the audit risk but using the statistical methods

recommended by The Minimal Audit Standards.

The third chapter presents a study case based on the

algorithm of determining the audit risk and the audit

documentation and work sheets of assessing the risks

form audit risk equation based on statistical methods.

The last chapter represents the conclusions of the

authors towards economic and audit failure.

2. The assesment of materiality The assessment of materiality represents the

professional judgement of the auditor and often

represents a percentage applied to a benchmark; when

choosing a benchmark he/she should have in mind one

of the following elements:

• Assets, liabilities, equity, income, expenses or financial position, performance and cash flows;

• The nature of the entity;

• The size of the entity, nature of ownership and he sources of financing (gross profit, profit before tax).

The auditor could consider the profit before tax for a

profit oriented entity, but this wouldn’t be a suitable

benchmark for a non-for-profit entity; for an asset based

entity the benchmark should be the assets [4].

In the professional literature, Big 4 and non-Big four

manual, an example of materiality threshold is

represented, in the opinion of multiple authors, by:

0.2%

to 10% of turnover

Plumhoff [1952]; Anderson [1977];

Towers [1986]; Woolf [1994],

Turley and Cooper [1991]

0.5%

to 5% of gross profit

Carmichael [1969]

0.5%

to 36% of net profits

Bernstein [1967,1970];

Copeland and Frederick [1968];

Neumann [1968]; Thomas [1978];


0.1%

to 5% of total assets Woolf[1994];


10%

to 20% of related total

Plumhoff [1952]; Mitchell [1972];

Towers [1986]

0.5%

to 5% of gross profit Carmichael [1969]

0.1%

to 10% of total assets

Mitchell [1972]; Woolf[1994];


10% of total liabilities Mitchell [1972]

10% of equity Mitchell [1972]

0.2%

to 10% of turnover

Woolf [1994];


3.3%

to 36% of net profit

Turley and Cooper [1991];

Chong [1992, 1993]

Table 1. Opinion reflected in the professional literature

The auditor should take in concern not only

quantative considerations, but also qualitative

materiality considerations, qualitive factors that the

auditor may consider relevant include [3]:

a) Potential effect on trends, especially profitably trends;

b) A misstatement that changes a loss into an income,

and vice-versa;

Recent Researches in Applied Economics and Management - Volume I

ISBN: 978-960-474-323-0 394

c) A misstatement that has as effect the increasing

management’s compensation ( for example the award

of bonuses)

d) The circumstances of surrounding effects for

misstatements involving fraud, illegal acts, conflicts

of interest;

e) The significance of misstatements to reasonable users,

for example earnings to investors and equity amounts

to creditors;

f) The existence of offsetting effects of individual

different misstatements;

g) The possibility that an immaterial misstatement could

gain an material effect in the future periods;

h) The cost of making the correction, it may not be

beneficial to correct the immaterial misstatements;

i) The risk that possible undetected misstatements would

affect the auditor’s evaluation.

3. Audit risk at the account balance

3.1. Determining the audit risk according with

the model presented by SAS 107 The audit risk (AR) consists of inherent (IR) and

control risk (CR) and detection risk (DR) [7].

The inherent risk (IR) represents a misstatement that

could be material, individually or aggregated, when

there are no related controls. For example, cash is more

likely to be stolen than a building. Another example is

represented by the technological developments that

make a product more susceptible to overstatement [6].

The control risk (CR) represents a misstatement that

could be material, individually or aggregated, and not

be prevented or detected by the entity’s internal control.

These risks exist independently of the audit of the

financial statements. Inherent risk and control risk may

be assessed separately, but if combined they describe

the risk of material misstatement (RMM). It is

recommended that the auditor assesses RMM

throughout tests of controls to prove how effective the

internal control is and to obtain audit evidence,

although it represents a professional judgement rather

that a precise measurement.

The detection risk (DR) represents the misstatement

that could be material, individually or aggregate that the

auditor will not detect. This is possible because the

auditor uses sampling and does not verify 100 percent

of a class of transactions, for example. Other factors are

the selection of an inappropriate audit procedure or

misapplying an appropriate audit procedure. In order to

reduce the level of detection risk the author suggests

proper assignment of personnel, the use of professional

skepticism, supervision of audit stages performed.

The detection risk consists of substantive analytical

procedures (AP) and tests of details (TD).

The components of audit risk can be assessed in

nonquantative terms (low, medium, high) but the author

suggests the use of quantative terms, percentages. In

addition to this SAS no. 107 presents an audit model

that shows the relation between audit risk components,

that isn’t meant to be applied as a mathematic formula,

but a lot of professionals use it as a mathematic

formula. The audit risk model is:

AR = RMM x DR (1) Or AR = IR x CR x TD x AP (2)

The audit risk model can be also represented as:

AR/(IR X CR) (3)

This is how a risk model can be used for detection

risk of an account [5]:

1. The asses of detection risk at 5 percents, due to

auditor’s professional judgement, possible because the

audit risk is assessed also at 5 percents;

2. The assessment of inherent risk at 60 percents,

due to the auditor’s professional judgement; this

account is semnificative, the calculation is complex, a

significant number of transactions are recorded in this

account yearly;

3. The assessment of control risk at 30 percentage

because the control structure proved effective in prior

years and few misstatements were detected with tests of

control.

The detection risk is assessed at:

0.05% / (0.6% x 0.3%) = 0.28 (4)

3.2. Determining the audit risk based on

sampling according

This model is similar with the one presented by

SAS 107 with the exception that the audit risk is

influenced directly not only by the inherent risk

(IR) and control risk (CR), but also by the risk of

not detecting errors unlinked with sampling

(RDUS) and by the risk of not detecting errors

linked with sapling (RDLS), the formula that

represents the audit risk becoming [2]:

AR = IR x CR x RDUS x RDLS (5)

were :

AR = audit risk,

IR = ihnerent risk,

CR = control risk,

RDUS = risk of not detecting errors unlinked

with sampling,

RDLS = risk of not detecting errors linked with

sampling.

The relation can be also written as:

AR = IR x RDUS x (CR x RDLS) (6)

As described earlier, in order to use this relation

it is necessary to set an acceptable general level of

the audit risk. This apporoach is represented not


ISBN: 978-960-474-323-0 395

only in SAS 107, but in the model we propose and

underlignes that the trust in audit must always be

higher than 95%. That is why, the expressed audit

opinion must reflect audit risk equal or less than

5%.

Acording with this model, the factors

considered to be adequated and influence the

ihnerent risk (IR) are [2]:

Number of

specific

ihnerent risks

identified

General ihnerent risk level

Very low Low Medium High

0, 1 or 2 risks 23% 50% 70% 100%

3 or 4 risks 50% 70% 100% 100%

5 or 6 risks 70% 100% 100% 100%

Table 2. Factors that influence the ihnerent risk

Concerning the risk of not detecting errors

linked with sampling we must highlight that in

some sections it is possible to set a high level of

assurance of revised analitycal procedures; this

implies the comparison of the estimated results

with the real ones, the analisys of tendencies and

the explination of the variation of the tendencies.

Where the degree of safty is represented by the

analitycal procedures, the audit activity should be

clearly documented and the degree of analitycal

revision should be corectly registred. Further we

present a list of the implied sections, where are

presented the normal limits of the safty level for

each section:

Audit section Degree of safety

Merchandise Moderate / zero

Debitors, creditors Moderate / zero

Sales, aquisitions, costs High / moderate / zero

Salaries, bonuses High / moderate / zero

Table 3. Normal safty limits level for each section

Because it is necessary to estimate the risk

factors at the begining of the audit in order to

elaborate the engagement plan efectively, revised

analitycal procedures must be used in order to

elaborate or not a satisfying method of obtaining

the audit evidence. If in the stage of planning of the

audit it is known that there are no adequate

information based on wich revised analitycal

procedures can be applied in a certain section, than

those procedures shall not be used.

The risk of not detecting errors unasociated with

sampling risk are presented in the following table:

Degree of safty of

analitycal revision

Zero 100%

Moderate 56%

High 31%

Table 4. Risk of not detecting elements

unassociated with sapling risk factors

Concerning control risk (CR) we must highlight

that if the client elaborates internal controls that the

auditor wants to use, it is necessary first of all to

evaluate thse controls and then to test them in order

to prove a degree of safety.

The safty degree supplied by the internal

controls depends of the error rate descovered when

testing the way those are applied (control tests).

The control risk factors are presented in the

following table:

Degree of safety Criterion Risk

Seminficative Under 2% error rate 13,5%

Moderate Under 5% error rate 23%

Low Under 10% error rate 56%

Zero Over 10% error rate 100%

Table 5. Control risk factors

According with the model we propose,

elaborating the extent of the samples is realised

following the algorithm presented under [2].

1. Audit risk assesment (AR);

2. Ihnerent risk assesment (IR)

2.a. general ihneret risk assesment

2.b. specific ihnerent risk assesment

3. Control risk assesment (CR)

4. Risk of not detecting errors without sampling

(RDUS)

5. Determining the samples to be tested, (RDLS)

risk of not detecting linked with sampling.

Concerning the risk of not detecting errors by

using the sampling technique (RDLS) we must

underline that it is in inverse proportion with the

extent of the samples, and is determined using the

risk broadband represented by the multiplication

of:

IR x RDUS x CR (7)

Marked as Y, thus the equation of risk becomes:

AR = Y x RDLS (8)

The audit risk (AR) is a variable that the auditor

determines from the beginning of the audit, usually

not greater than 5%, Y is found in the tables below

established using statistic models and differs

depending on the extent of the sample population.

For small populations, under 400 elements, the

risk bandwidth is determined as [2]:


ISBN: 978-960-474-323-0 396

Risk bandwidth

(RDLS)

Extent of

samples

78,4% to 100% 53

58,5% to 78,3% 48

43,8% to 58,4% 43

33,0% to 43,7% 38

24,9% to 32,9% 33

18,9% to 24,8% 28

14,4% to 18,8% 23

11,1% to 14,3% 18

8,5% to 11,0% 13

6,6% to 8,4% 8

0 to 6,5% 3

Table 6.Risk bandwidth - less than 400 elements

For large populations, over 400 elements, the

risk bandwidth is determined as [2]:

Risk bandwidth

(RDLS)

Extent of

samples

72,1% to 100% 59

58,7% to 72,0% 52

47,8% to 58,6% 48

39,0% to 47,7% 44

30,2% to 38,9% 40

23,4% to 30,1% 35

18,1% to 23,3% 30

14,0% to 18,0% 25

10,9% to 13,9% 20

8,4% to 10,8% 15

6,5% to 8,3% 10

Table 7.Risk bandwidth-more than 400 elements

The extent of samples is determined taking in

concern the dimension of the population, based

on the following algorithm:

1. Determining the risk bandwidth:

RISK = IR x CR x RDUS (9)

2. Selecting the extent of samples according

with the determined risk bandwidth.

4. Determining the audit risk using the

sampling algorithm – study case We shall exemplify the model described by SAS

107 and by the model we propose in a study case by

establishing the extent of sampling at a company

for year 2012. The company has as object of

activity the production of furniture and registered

the following financial indicators: turnover of

5.417.900 Euro, profit before tax of 649.910 Euro

and total assets of 3.822.100 Euro.

When planning the audit engagement, the

materiality threshold is set at 0,5% of the turnover,

meaning 270.889 Euro [2]. We would like to

underline that the materiality threshold represents

the importance of an amount over which the auditor

considers that an error or omission can affect the

fair image of the financial position, of the

performances of the company and can change the

opinion of a reasonable user of the audit report [3].

The materiality threshold determination is

presented in the documentation of the audit, in one

of the work sheets from above:

No

Financial

situations of

the current

year

Prior years

2011

Total assets

1%

2%

1

2

38,221 euro

76,443 euro

18,828 euro

37,656 euro

Turnover

0,5%

1%

3

4

27,089 euro

54,179 euro

14,759 euro

29,518 euro

Profit before

tax

5%

10%

5

6

32,495 euro

64,991 euro

10,778 euro

21,557 euro

Materiality

threshold

Planning stage

Expressing the

opinion stage

27,089 euro

38,221 euro

Table8.Materiality threshold assessment work sheet

A few details concerning the determination of

the materiality threshold must be presented. First of

all the materiality threshold assessed in the planning

stage, is used generally, for establishing the extent

of the samples and in the stage of opinion

expressing to determine if there are needed further

adjustments. The materiality thresholds are not used

to verify the remuneration of managers or other

sensitive elements. Second of all, if there are not

estimations or a budget for the current year, the

materiality threshold is to be determined using the

amounts from prior financial years and is to be

revised after consulting the amounts from the

current year. Third of all, the unrevised errors that

are not significant must be summed in order to

observe if aggregated overpass the materiality

threshold.


ISBN: 978-960-474-323-0 397

By applying the algorithm of establishing the

extent of sampling, described earlier, the auditor

should use the following professional judgement[2]:

1. Audit risk assesment (AR)

The auditor accepts a maximum audit risk of

5%. Thus, all the risks that influence the audit risk

(ihnerent risk, control risk and the risk of not

detecting errors) must be estimated according with

the maximum accepted audit risk [5].

2. Ihnerent risk assesment (IR)

The ihnerent risk is determined by completing

the audit sheets of general ihnerent risk and

specific ihnerent risk, for each audit section [6].

2.a. General ihneret risk assesment

The general ihnerent risk is set at a low level

becuse of the following factors:

� General evaluation of management risk: the risk

associated with management was apreciated as

low because the auditor observed a high degree

of profesionalism and responsabiliy of the

managerial team and the risks that appear do not

coduct to the ”make up” of the accounts in the

interest of the management.

� General evaluation of the accounting risk: the

auditor analised the accounting risk as low

because the accounting function of the

enterprise presents few risks due to good

organisation and high degree of professionalism

and implicaton of accounting department

personnel.

� General evaluation of activity risk: the activity

risk was set as medium because the domanin of

activity is one with few risks, the auditor

observed few risks refferning to creditors.

� General evaluation of audit risk: due to the

managemnt transparency, cooperation and fair

registration of all economic events in the

documents, the audit risk is appreciated as low.

2.b. Specific ihnerent risk assesment

The specific risks, diferentiated on sections,

are identified responding to six questions, in such a

manner that a positive response represents a risk.

Based on the table 3 presented earlier and

taking into concern the general ihnerent risk set as

low, the auditor associated a risk percentage for

each audit section. The below table presents the

audit documentation of ihnerent specific risk.

Materiality

threshold =

2% x total

assets =

29.354 euro

Specific ihnerent

risks

Ihnerent

risk

General

ihnerent risk

= low

Questions Evaluat

ion

1 2 3 4 5 6

Fixed assets - - √ - - - Low 50%

Accounts of

the

investment

group

- √ - - - - Low 50%

Merchandise

and products √ - √ √ - - Low 70%

Debitors √ - - - - - Low 50%

Short

terminvestm

ents

- - - - - - Low 50%

Cash and

bank

payments

- - - - - - Low 50%

Cash and

bank cash in - - - - - - Low 50%

Bank

accounts

verified with

bank

statements

- - - - - - Low 50%

Creditors - - √ - - - Low 50%

Long term

creditors - - - - - - Low 50%

Sales - - √ - - - Low 50%

Aquisitions - - - - - - Low 50%

Costs - - √ - - - Low 50%

Salaries - - - - - - Low 50%

Other audit

sections - - - - - - Low 50%

The trial

balance - - - - - - Low 50%

Preliminary

financial

situations

- - - - - - Low 50%

Table 9. Ihnerent specific risk work sheet

3. Control risk assesment (CR)

The control risk is a variable in the audit risk

equation because the auditor depends on the

control system of the audited company [6]. In this

case the auditor should complete the column

corresponding from the below audit work sheet

based on table 4 presented earlier. In the situation

where, for certain elements, the auditor can not

depend on the control system of the client, the

control risk (CR) is not to be used in the equation,

meaning it should have 1 or 100% value.


ISBN: 978-960-474-323-0 398

IR

Tb.9

Rdus

Tb.5

CR

Table 4

Risk

band

Sample

dim

Tb 6,7

Fixed

assets 50% 56% 56,0% 15,68% 23

Investment

group accnt 50% 56% 56,0% 15,68% 23

Merchandis

products 70% 99% 100,0% 70,0% 52

Debitors 50% 56% 23,0% 6,44% 3

Short term

investments 50% 31% 13,5% 2,09% 3

Cash, bank

payments 50% 56% 56,0% 15,68% 23

Cash, bank

cash in 50% 56% 56,0% 3,78% 23

Bank

accounts

verified

with bank

statements

50% 56% 56,0% 3,78% 23

Creditors 50% 56% 23,0% 6,44% 3

Long term

creditors 50% 56% 23,0% 6,44% 3

Sales 50% 56% 56,0% 15,68% 23

Aquisitions 50% 56% 56,0% 15,68% 23

Costs 50% 56% 56,0% 15,68% 23

Salaries 50% 56% 23,0% 15,68% 23

Other audit

sections 50% 56% 23,0% 6,44% 3

Trial

balance 50% 56% 23,0% 6,44% -

Preliminary

financial

situations

50% 56% 23,0% 6,44% 3

Table 10. Determination of samples work sheet

4. Risk of not detecting errors without

sampling (RDUS) The determination of the risk on not detecting

erors based on sampling (RDUS) represents the risk

that the analytical procedures do not conduct in

finding errors or dissacords in the financial

situations. RDUS is determined based on the

information presented in table 6, described earlier.

5. Determining the samples to be tested,

(RDLS) risk of not detecting errors linked with

sampling.

The dimension of the samples is determined

taking in concern the extent of the population, using

the following algorithm, with the specification that

the maximum audit risk accepted is 5%.

a. The risk bandwidth determination is:

RISK = IR x CR x RDUS (10)

b. Selecting the dimension of the samples

according with the risk bandwidth determined base

on table 6 and 7 depending on the extent of the

population.

5. Conclusion We consider that this work presented an audit

model based on sampling that an auditor should

use to reduce the audit risk, audit failure and

economic failure. In this context we need to

underline that in many cases auditors are sued

because of economic failure that means in the

worst case bankruptcy due to wrong management

decisions and not because of audit failure, for

which the auditor is indeed responsible, wrong

audit opinion expressed by the auditor due to

misapplying of the proposed audit risk model [1].

Audit failure has cost large amounts of money

and for many audit and accounting companies

meant bankruptcy because of negative advertising.

An auditor or audit team should think twice when

assessing the audit risk that it is very important for

risk standards (104-111) and the model we propose

to be implemented by an audit firm and should take

in concern the opinion presented in this article that

has as a result the improvement of audit quality,

effectiveness and efficiency.

The author considers that the subject treated

brings new insights to audit risk mainly by the

methods proposed to be used by the auditor and

will still be of interest to the public in the future

when new ways of improvement are implemented

in the field of audit risk.

References:

[1] Arens, A., J. Loebbecke., Auditing: An Integrated

Approach, Prentice Hall Publishing House, 2008.

[2] Chamber of Financial Auditors of Romania, Guide for

an quality audit, Economic Publishing House, 2011,

ISBN 9735905299;

[3] Fogarty, J., Graham, L. & Schubert, D., Assessing

and Responding to Risks in a Financial Statement Audit,

Journal of Accountancy, Vol. 202, Iss. 1, p.43, 2008;

[4] Graham, L. & Messier, W., Audit Risk and

Materiality in Conducting an Audit, Journal of

Accountancy, Vol. 201, Iss. 5, p. 116-119, 2008;

[5] Rotaru, H., Audit risk and initiatives of improvement,

Annals of DAAAM 2008, ISSN 1726-9679, DAAAM

International Publishing House, 2008, p. 1195-1196;

[6] William M. Jr & Lizabeth A., Inherent risk and

control risk assessments, Auditing, Vol. 19, Iss. 2, 2009;

[7] SAS no. 107 „Audit Risk and Materiality in

Conducting an Audit”.


ISBN: 978-960-474-323-0 399

audit risk and materiality threshold

Documents