Scribd
Upload
20 views46 pages

Managing Detection Risk in Audits

The document discusses the various types of risk associated with an audit, including business risk, financial reporting risk, and audit risk. It defines these risks and explains how inherent risk, control risk, and detection risk contribute to the overall audit risk. The auditor must obtain an understanding of these risks and the client's internal controls in order to design an appropriate audit strategy and procedures.

Uploaded by

Thiran Vinhar
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views46 pages

Managing Detection Risk in Audits

The document discusses the various types of risk associated with an audit, including business risk, financial reporting risk, and audit risk. It defines these risks and explains how inherent risk, control risk, and detection risk contribute to the overall audit risk. The auditor must obtain an understanding of these risks and the client's internal controls in order to design an appropriate audit strategy and procedures.

Uploaded by

Thiran Vinhar
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Assessing Audit Risk


GENERALCONFERENCEAUDITINGSERVICE
SANDIEGO,CALIFORNIA
JUNE20,2011

Ann Gibson, PhD, CPA


Andrews University
TypesofRisk
2

Risksassociatedwithanaudit:

Business Risk

Financial Reporting Risk

Audit Risk
BusinessRisk
3
The risk that affects the operations and potential outcomes of organizational activities. Business risk comes from:

Economic climate
Technological change
Competition
Complexity of transactions
Geographic location


FinancialReportingRisk
4

Risks that relate directly to the recording of


transactions and the presentation of financial data in
the financial statements. Financial reporting risk
comes from:

Complex and subjective accounting transactions


Competence and integrity of management
Incentives for management to misstate financial statements
Human error
Inadequate internal controls
AuditRisk
5

The risk that the auditor expresses an inappropriate


audit opinion when the financial statements are
materially misstated.
AuditRiskMayBeControlled
6

May avoid audit risk by not accepting clients who are


risky.

May set audit risk at a level that mitigates the


likelihood that the auditor will fail to identify
material misstatements.
SettingAuditRisk
7

May be set quantitatively: 1% or 5%

May be set qualitatively: high medium low


SettingAuditRisk
8

GeneralObservation:

The amount and persuasiveness of audit evidence


gathered should vary inversely with the audit risk.

Lower audit risk (i.e., 1% or low) requires gathering


more persuasive evidence.
AuditRiskDefined
9

AR=IRxCRxDR
Where:
AR = audit risk
IR = inherent risk
CR = control risk
DR = detection risk
InherentRisk
10

Definition:

The initial susceptibility of a transaction or


accounting adjustment to be recorded in error, or for
the transaction not to be recorded in the absence of
internal controls.

Inherent risk recognizes that an error is more


likely to occur in some areas than in others.
11
InherentRisk
12

Factorsthataffectinherentrisk:

Complexity of accounting issue or the calculation.


Misstatements in prior periods.
Susceptibility of the asset to theft.
Expertise of the accounting personnel.
Volume of transactions.
ControlRisk
13

Definition:

The risk that the clients internal control system will


fail to prevent or detect a misstatement.
ControlRisk
14

Auditor must evaluate the design of the control and


determine whether it has been placed in operation.

Is the control capable of effectively preventing a


material misstatement? Of effectively detecting and
correcting a material misstatement?

Is the entity using the control?


ControlRisk
15

GeneralObservation:

The better the organizations internal controls, the


lower the likelihood of material misstatements.
ControlRisk
16

SecondStandardofFieldwork:

The auditor must obtain a sufficient understanding of


the entity and its environment, includingits
internalcontrol, to assess the risk of material
misstatement of the financial statements, whether due
to error or fraud, and to design the nature, timing, and
extent of further audit procedures.
ControlRisk
17

GeneralObservation:

The auditor should not rely too heavily on either the


clients internal controls nor on their audit procedures
to detect errors or frauds in the financial statements.
DetectionRisk
18

Definition:

The risk that the audit procedures will fail to detect a


material misstatement.
DetectionRisk
19

The auditor can control/manage detection risk


through:

Careful audit planning.


Effective audit procedures.
Performing those procedures with due professional
care.
DetectionRisk
20

Example:
Audit risk = 0.01 (high)
Inherent risk = 100%
Control risk = 100%

DR = AR / (IR x CR) = .01 / (1.0 x 1.0) = 1%

Client does not have effective internal control; high


risk that a transaction would be recorded incorrectly.
DetectionRisk
21

Conclusion:

Poor controls and a high likelihood of misstatement


lead to extended audit work to maintain audit risk at
an acceptable level.
DetectionRisk
22

Example:
Audit Risk = 0.05 (low)
Inherent Risk = 0.50
Control Risk = 0.20

DR = AR / (IR x CR) = .05 / (.50 x .20) = 50%

Client has simple transactions, well-trained staff; no


incentive to misstate; effective internal control
DetectionRisk
23

Conclusion:

Only minimal substantive tests of account balances are


needed to provide corroborating evidence on the
expectations that the accounts are not materially
misstated. However,theauditormusttest
whetherthecontrolswereoperatingeffectively
inordertosupportacontrolriskassessment
below100%.
LimitationsoftheAuditRiskModel
24

1. Inherent risk is difficult to formally assess.

2. Audit risk is judgmentally determined.

3. The model treats each risk component as separate and


independent.

4. Audit technology is not so precisely developed that each


component of the model can be accurately assessed.
Materiality
25

Audit risk and detection risk go hand in hand with


materiality. The size of the misstatement matters.

Materiality deals with the relative importance of


matters, individually or in the aggregate, for fair
presentation in the financial statements.
UnderstandingtheClient
26

Understandingtheclientincludesthe
following:

Industry, regulatory and other external factors.

Nature of the entity and its operations.

Objectives, strategies and related business risks.


UnderstandingtheClient
27

Measurement and review of the entitys financial


performance.

Internal controls, specifically those relating to the


entitys objective of preparing financial statements in
conformity with GAAP.
UnderstandingtheClient
28

Quiz Time: Andrews University


UnderstandingtheClient
29

Procedurestoobtainanunderstandingofthe
client:
Inquiries of management and others.

Analytical procedures.

Observation of activities.

Inspection of documents.
30
InternalControl
31

Theauditorrequiressufficientunderstandingto:
Identify types of potential misstatements.

Consider factors that affect the risks of material


misstatements.

Design tests of controls, when applicable, and


substantive procedures.
InternalControl
32

Specialauditconsiderationmayberequiredif:

There is risk of fraud.

There are risks associated with recent significant


economic or accounting developments.

The transactions are complex either due to accounting


principles or complex calculations.
InternalControl
33

There are significant related-party transactions.

There is subjectivity in the measurement of financial


information, including measurement uncertainty.

Significant non-routine transactions exist which are


outside the normal course of business and therefore
outside the normal effective controls.
InternalControl
34

Fiveelementsofcontrol:

[Link] control environment


[Link] entitys risk assessment
[Link] activities
[Link] of controls
[Link] information and communications systems
InternalControl
35

Twotypesofcontroldeficiencies:

Design deficiencies
A control is missing
A control is not properly designed to work even if operating

Operational deficiencies
A control does not operate as designed
Person performing control is unqualified or untrained
36
Documentation
37

Discussion among audit team members regarding


audit risk should be documented.

Documentation should include how and when the


discussion occurred, who participated, the significant
decisions reached related to the audit planning process
and the basis for that assessment.
Documentation
38

Appropriateresponsestothediscussioninclude:

Emphasizing the need to maintain professional


skepticism.

Assigning more experienced staff or those with


specialized skills.
Documentation
39

Using a specialist.

Providing more supervision.

Incorporating unpredictability into the selection of


the audit procedures to be performed.

Changing the nature, timing, and extent of further


audit procedures.
PracticeCase
40

In the practice case, YOU are the architect of the audit


of Adventist Academys Accounts Payable.

What is the audit risk by assertion?


What is the inherent risk?
What is the control risk?
What is the detection risk?
How would you change the basic audit program?
PracticeCase
41

Financial Statement Assertions:

Existence or occurrence
Completeness
Rights and obligations
Valuation or allocation
Accuracy or classification
Cutoff

Return
42

Return
43
44
45
AssessingAuditRisk
46

Questions?

You might also like