f8 lecture 6 audit risk
TRANSCRIPT
-
7/27/2019 F8 Lecture 6 Audit Risk
1/27
Audit and assurance
engagementsLecture 6 Audit Risk
Copyright myaccanotes.com -
-
7/27/2019 F8 Lecture 6 Audit Risk
2/27
-
7/27/2019 F8 Lecture 6 Audit Risk
3/27
Audit risk Take a look at this diagram!
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
AbsoluteAssurance
Re
asonable
As
surance
Limited
Assurance
ZeroRisk
HighLevelofAssurance
Low
Levelof
Assurance
LowRisk
High
Risk
-
7/27/2019 F8 Lecture 6 Audit Risk
4/27
-
7/27/2019 F8 Lecture 6 Audit Risk
5/27
Audit riskStatutory audits provide users with a reasonable or high level of assurance
In order to achieve this objective the auditor must ensure that after he has
performed his audit he can say that he has reduced audit risk to a low level!
Only after an auditor has reduced audit risk to a low level can he provide users
with a high level of assurance!
Audit risk is defined as the risk that an auditor expresses in an inappropriate audit
opinion on the financial statements
This means that the auditor in his opinion is stating that the financial statements
are free from material misstatements when in actual fact they are not!
Dont worry about material misstatement we will study in this in detail in the
next lecture! Right now just consider it as a mistake in the FS
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
6/27
Audit risk
Inherentrisk Controlrisk Detectionrisk
Audit riskcomponents of audit risk
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
7/27
Audit risk:inherent risk (IR)Definition: the susceptibility of a class of transaction, account balance or disclosure to a
misstatement that could be material, either individually or in aggregate, before
consideration of related controls
Its easier to understand this definition by looking at a few examples:
Poor reputation of client management (i.e. have been investigated or penalized by regulatory bodies)
Complex organizational structure (i.e. a number of divisions & sub divisions) with accounting record
dispersed
Inexperienced management have failed to maintain proper books of account
Complex transactions or account balances which require a high degree of estimation
Client is exporting &/or importing & thus there are many foreign currency transactions
Client operates in a very dynamic industry (e.g. fashion or digital tech) Directors bonuses are linked to annual profits
Client intends to approach bank or investors in order to generate funds
Clients business is geographically dispersed with record maintained at each office
Clients business is of complex or specialized nature (e.g. pension provider) etc
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
8/27
Audit risk:Control risk (CR) Definition: the risk that a misstatement will not be prevented, detected & corrected on a
timely basis by the entities internal controls
Basically we are saying that the clients internal control system is ineffective or weak
An effective system of internal control would mean fewer fraud & errors in the books ofaccount & consequently in the financial statements & vice versa
Lets look at a few examples:
No passwords on computers
No anti virus software on computers
No backups maintained on computer
Inventory accessible by all
Inventory lying in open area & thus exposed to weather
Lack of supervision of junior staff
No CCTV cameras used etc
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
9/27
Audit risk:Detection risk (DR)Definition: the risk that procedures performed by the
auditor will not detect material misstatements either
individually or in aggregate
Lets look at a few examples:
Auditor performs inappropriate audit procedures
Auditor misinterprets the evidence he collects
Evidence collected is misleading
Auditor relies on management representations which turn out to
be false (this could be an intentional or an unintentional act from
management)
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
10/27
Audit risk:inherent risk (IR)
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
11/27
Audit risk:Sampling riskDefinition: sampling risk is the risk that the auditors conclusion based on a sample is
different from the conclusion that would be reached in the whole population were
tested
Example:
Suppose a bag contains 70 blue balls & 30 red balls
Total population size is 100 & break up is 70% blue & 30% red
Suppose the auditor reaches into the bag & pulls out 10 balls
Thus auditor is taking a sample comprising of 10 balls (which is 10% of the total population)
If 9 of these balls are red & 1 is blue (there is a chance!) then the auditor will conclude (based
on the sample collected) that 90% of the balls in the bag are red & only 10% are blue
Thus the auditor will make an incorrect assessment about the total population because the
sample he collected was unrepresentative of the total population
This is called a sample error
Whenever an assessment is made about a population using a sample (as opposed to studying the
entire population) then there will exist a sampling risk
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
12/27
Audit risk:non-sampling riskDefinition: non-sampling risk is the risk that the auditors
conclusion is inappropriate because of any reason other than
sampling error
Example:
Auditor performs inappropriate audit procedures
Auditor misinterprets the evidence he collects
Auditor relies on management representations which turn out to befalse (this could be an intentional or an unintentional act from
management)
Evidence collected is misleading sampling error/risk!
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
13/27
Audit risk:the relationship between IR & CR & DR AR = IR x CR x DR
Note that both IR & CR are not under the auditors control
The auditor merely assesses whether IR & CR are high, medium
or low
The auditor cannot reduce IR & CR from high to low they are
not under his control rather they are under the control of clientmanagement (to some extent)
However what is under the auditors control is DR!
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
14/27
Audit risk:the relationship between IR & CR & DR
If the auditor assess IR & CR as high then the auditor
must increase his audit procedures & gather sufficient
appropriate audit evidence to be able to reduce DR &
thus AR to low!
AR = IR x CR x DR
Low = High x High x Low
By increasing work performed & reducing DR to L the
auditor is able to achieve his objective of providing
reasonable assurance/reducing AR to low
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
15/27
Audit risk:the relationship between IR & CR & DR If the auditor assesses IR & CR as low then the auditor may reduce the work he performs
leaving DR as high & still achieve his objective of giving a reasonable level of
assurance/low AR!
AR= IR x CR x DR
Low = Low x Low x High
Essentially what we are saying is that if:
Clients management have integrity
Clients business is simple
Client have installed a robust internal control system
Then the auditors job is made easy!
The auditor can take advantage of the above & reduce the amount of work he performs &
still be able to collect sufficient appropriate audit evidence to provide a reasonable level
of assurance!
In the end how much work the auditor performs is a matter of professional judgment
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
16/27
Audit risk:audit approach In order for the auditor to decide
Just how much work he needs to perform
& which areas to focus on (i.e. spend more time & resources)
the auditor must first assess IR & CR
In this lecture we will focus on IR whereas CR will be
looked at in later lectures (youll understand why later!)
This is often referred to as a risk based approach to
auditing or risk based audit methodology
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
17/27
Audit risk:benefits of a risk based audit methodologyHelps focus time & resources on high risk areas in the FS & less on low risk areas in the FS (and
not vice versa)
A preliminary assessment of audit risk will help in developing an effective audit strategy & audit
plan (discussed in next lecture)
Assists in deciding size & composition of audit team (high risk audits require bigger teams withmore experienced members)
Assists in allocating staff (i.e. more experienced staff to the more high risk areas of the audit)
Audit firms are private sector profit making entities & they like others want to minimize costs in
order to maximize their profits (efficient audit)
thus audit firms dont want to spend more time than is necessary & will reduce work done by placing relianceon an entities internal control system if it is evaluated as strong/effective/robust!
Ultimately achieve their objective of providing reasonable assurance (an effective audit) & avoid
litigation or damage to reputation
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
18/27
Audit risk:how to assess IR ISAs require that auditors gain an understanding of the
entity & its environment in order to assess IR
Standards require auditors gain knowledge of:
1. Relevant industry, regulatory & other external factors
2. Nature of the entity & selection of accounting policies
3. Objectives & strategies & related business risks
4. Review of entities financial performance
5. Internal controls
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
19/27
Audit risk:relevant industry, regulatory & other external factors
Industry conditions:
Competitive environment
Suppliers & customers
Technological developments
Regulatory environment
Financial reporting framework
Political environment
Economic conditions
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
20/27
Audit risk:nature of the entityBusiness operations
Ownership
Corporate governance arrangements
Organizational structure Capital structure
Classes of transactions, account balances & disclosures
Related party transactions
Selection of accounting policies
Are they appropriate for its business &
Consistent with the applicable financial reporting framework &
Consistent with policies used in the industry
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
21/27
Audit risk:objectives & strategies & related business risks
Objectives
Strategies developed to achieve objectives
Business risks facing entity
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
22/27
Audit risk:review of entities financial performance
External performance measures
Analysts reports
Credit ratings agencies
Internal performance measures
Budgets
Segment or divisional information
Departmental performance
Benchmarking with industry competitors
This information:
May indicate pressure on management
May indicate unexpected results
May indicate unusual trends
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
23/27
Audit risk:internal control
We will look at this section in detail in later
lectures!
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
24/27
Audit risk:where does this information come from?
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
25/27
Audit risk: ir ISAs require auditors to perform the following procedures when assessing IR:
Enquiries with client management & staff including:
Those charged with governance
Internal audit personnel
Staff responsible for recording complex or unusual transactions
In-house legal counsel Staff responsible for marketing & business strategies
Perform analytical procedures
Discussed in next slide
Observation
Observation of entity activities & operations
Visit to entity premises & plant
Inspection
Inspection of documents (e.g. management reports, interim FS)
Tracing transactions through the IS
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
26/27
Audit risk:analytical procedures (AP)Definition: the evaluation of financial information through the analysis of plausible relationships
among both financial & non-financial data
Analytical procedures (or analytical review) involves making comparisons:
Example: comparing financial with non-financial data
Power bill with units produced or Units produced with cost of production
Example: comparing financial data with financial data
Sales & delivery costs, sales returns & warranty claims
Example: comparing client data & information with benchmarks
Budget & actual output or Industry growth rate & client sales increase
Example: comparing current with past trend
Current year sales growth with that of past 5 years
Example: comparing current with forecasts
Actual with that of management forecast
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq
-
7/27/2019 F8 Lecture 6 Audit Risk
27/27
Audit risk:analytical procedures (AP)Definition: the evaluation of financial information through the analysis of
plausible relationships among both financial & non-financial data
Analytical procedures (also referred to as analytical review) can be used at:
Start of the audit: to assess IR & to develop audit plan
During the audit: as an audit procedure designed to gather audit evidence
End of audit: to review audit before forming opinion
ISAs however state that APs must be used at the planning & review stage of an
audit
Copyright myaccanotes.com - Founder & CEO: Muhammad Bilal Farooq