CHAPTER 2

Audit risk and audit risk assessment

Meaning of Audit Risk

Audit risk refers to the risk that an auditor might issue an

incorrect opinion on a company's financial statements. This risk
can arise due to various factors, and it's crucial for auditors to
assess and manage these risks to ensure the accuracy and
reliability of their audit.
Components or Types of Audit Risk

1. Inherent Risk
2. Control Risk
3. Detection Risk
1. Inherent Risk: This is the risk of material misstatement in the
financial statements due to factors inherent in the nature of
the business or industry. For example, a company in a
volatile industry or with complex financial instruments might
face higher inherent risk.
2. Control Risk: This is the risk that a company's internal controls
will not prevent or detect material misstatements. Even if
controls are in place, they might not be effective, which
increases the risk of misstatements going unnoticed.
3. Detection Risk: This is the risk that the audit procedures performed by
the auditor will not detect material misstatements. Detection risk can
be influenced by the effectiveness of the audit procedures and the
auditor's ability to apply them properly.
Auditors aim to reduce audit risk to an acceptable level through a
combination of assessing these risks and designing appropriate audit
procedures. This involves understanding the entity and its environment,
evaluating the design and implementation of internal controls, and
performing substantive testing to verify the accuracy of financial
statements.
Assessment of risk in Auditing

Assessment of risk in auditing is a crucial process that helps

auditors identify and evaluate potential issues that could
affect the accuracy and reliability of financial statements.
The goal is to ensure that the audit is focused on areas with
higher risk, allowing auditors to allocate resources
effectively and enhance the quality of their work .
 Key elements involved in assessing risk in
auditing
1. Understanding the Entity and Its Environment
• Business Environment: Gain insight into the organization’s industry,
regulatory environment, and overall business conditions.
• Internal Controls: Evaluate the effectiveness of the entity’s internal
controls and how they mitigate risks.
2. Identifying Risks of Material Misstatement
• Inherent Risk: The susceptibility of an assertion to a misstatement due to
factors such as complexity of transactions or the nature of the business.
• Control Risk: The risk that a material misstatement will not be prevented
or detected on a timely basis by the entity’s internal controls.
• Detection Risk: The risk that the auditor’s procedures will not detect a
material misstatement.
3. Assessing the Risk of Fraud
• Fraud Risk Factors: Identify red flags such as pressure on management,
opportunities for fraud, or rationalizations by employees.
• Fraud Risk Assessment: Develop a fraud risk assessment to address potential
fraudulent activities.
4. Designing Audit Procedures
• Risk-Based Approach: Tailor audit procedures based on the assessed risks.
For higher-risk areas, more rigorous and detailed audit tests are necessary.
• Substantive Testing: Perform procedures to detect material misstatements,
including analytical procedures and detailed testing.
5. Evaluating Audit Evidence
• Sufficiency and Appropriateness: Assess whether the evidence gathered
is sufficient and appropriate to support the audit opinion.
• Re-evaluation: Continuously evaluate risks throughout the audit to adjust
the audit approach as necessary.
6. Communicating Risks
• Audit Findings: Communicate identified risks and issues with the audit
committee or management as needed.
• Recommendations: Provide recommendations for improving internal
controls and mitigating identified risks.
7. Documenting Risk Assessment
• Audit Documentation: Maintain comprehensive documentation of the risk
assessment process, including how risks were identified, assessed, and
addressed.
Effective risk assessment in auditing ensures that auditors focus on areas with
the greatest potential for material misstatement and enhances the overall
reliability of the audit process.
Internal Control

Internal control refers to the processes and procedures

implemented by an organization to ensure the integrity of
financial and accounting information, promote operational
efficiency, and ensure compliance with laws and regulations.
These controls help safeguard the organization's assets, prevent
fraud, and ensure the accuracy and reliability of its financial
reporting.
Internal control comprises of the policies and procedures adopted by the management
of an entity to assist in achieving the following objectives:
(a) Orderly and efficient conduct of business.
(b) Adherence to management policies
(c) Safeguarding of assets
(d) Prevention and detection of fraud and errors
(e) Accuracy and completeness of accounting records
(f) Timely preparation of financial statements
 Components of Internal Control
Key components of internal control typically include:
1. Control Environment: The overall attitude of the organization regarding internal
controls. This includes the organizational structure, management's philosophy,
and the ethical values that guide employees.
2. Risk Assessment: The process of identifying and analyzing risks that could affect
the achievement of the organization’s objectives. This helps in designing
appropriate control measures.
3. Control Activities: The specific policies and procedures put in place to address
identified risks. Examples include segregation of duties, authorization
requirements, and physical controls over assets.
4. Information and Communication: Systems and processes that ensure
relevant information is communicated effectively within the organization
and to external stakeholders as needed.
5. Monitoring: Ongoing or periodic evaluations of the effectiveness of the
internal controls to ensure they are functioning as intended and making
necessary adjustments.
Effective internal controls help organizations achieve their objectives,
reduce the risk of errors and fraud, and ensure compliance with laws and
regulations.
 Objectives of Internal Control
1. To encourage adherence to prescribed policies: The system of internal control is
introduced to provide reasonable assurance that the various plans, policies and
procedures laid down by the entity are being followed.
2. To avoid frauds and errors: The main objective of any control system is to detect
and prevent frauds and errors by keeping an inherent check.
3. To promote operational efficiency: The internal controls within an organization
are meant to prevent unnecessary duplication of efforts, protect against waste and
discourage any inefficient use of resources of the organization.
4. To safeguard assets and records: The other important objective of
internal control system is to safeguard the assets and records from
unauthorized access, use and disposition.
5. To provide accurate and reliable data: The internal control system
ensures that all the transactions are recorded in the correct amount, in the
appropriate account and in the accounting period to which they relate.
6. To assist in timely preparation of Financial Information: Information is
of no use if it is not provided in time. Internal control system facilitates
timely preparation of financial statements.
 Internal Check
Internal check is used as tool for executing internal control. It is the arrangement
of duties of staff in such a manner that the work of one person is automatically
checked by another which minimizes the chances of errors and frauds.
According to Spicer and Pegler
“A system of internal check is an arrangement of staff duties whereby no one
person is allowed to carry through and to record every aspect of the transaction, so
that without collusion between two or more persons, fraud is prevented and at the
same time the possibilities of errors are reduced to the minimum.”
 Objectives of Internal Check
1. It helps in arranging the duties in such a way that work of one person is
automatically checked by another or work of one person is complementary to
another and there is no duplication of work.
2. The work is divided in such a way that no transaction is left unrecorded.
3. It ensures the reliability and accuracy of information provided by accounting
system.
4. It reduces the chances of errors and frauds as there is automatic checking.
5. It helps in fixation of responsibility as there is a clear division of work.
6. It helps in increasing the efficiency of accounting staff as the work is divided
among individuals according to their capacity and qualification.
 Duties of an Auditor in respect of Internal Check
1. A written statement should be received from the company regarding the system of internal check.
2. The auditor should assess its effectiveness instead of simply relying on its working.
3. He should find out the deficiencies, if any, which may result into errors or frauds.
4. An auditor may depend upon the effectiveness of the operation of the system only to a certain extent which is
primarily based on the size of the business concern.
5. In case the auditor is not satisfied through the test checking of the transaction, he may conduct careful
analysis.
6. Test checking of cash transaction should be avoided by the auditor even if he finds effective internal check
system in force.
7. If the system in force is not efficient, then the auditor can suggest ways to avoid the defects. In case his
suggestions are not implemented, he should unambiguously state the concern that he should not be held
responsible for any error at later date.
 Fundamental Principles of Internal Check
1. The business staff should allocate the process according to the duties,
responsibilities, and rights. There is no room for interference.
2. No single person should have independent control over the
all-important aspects of the business.
3. The duties among the business staff should be changed from time to
time so that no staff should be engaged in a particular job for a long
time.
4. Every staff member should be encouraged to go on leave at least once a year.
This will help in detecting concealed fraud.
5. An efficient system of internal checks should provide for automatic checking of
the work of an assistant by others.
6. The division of work should not be much expensive.
7. The self-balancing system should invariably be used.
8. The financial and administrative power should be assigned very judiciously to
different officers.
9. A person having physical custody of assets must not be permitted access to the
account books.
 Internal Check as regards certain transactions
Payment of Wages and Salaries
In case of manufacturing companies, the internal check system for payment of
wages and salaries is devised carefully because they employ a large number of
workers and there is a great possibility of frauds. The internal check system is so
planned
• To avoid incorrect time records or piecework records.
• To avoid the inclusion of dummy workers.
• To avoid the fraudulent manipulation of wage sheet.
• To avoid misappropriation of money, etc.
1. Proper Maintenance of Wage Records: The workers are paid wages either on the
basis of time spent by them or number of pieces produced by them. Therefore, there
should be proper time records or piecework records. The overtime records should
also be kept in the organization.
2. Preparation of Wage Sheets:
(i) The wage sheets should be prepared by a separate official.
(ii) The wage sheets should include all the essential particulars like name of
employee, number allotted, total time worked, rate, bonus, overtime, etc.
(iii) There should be proper checking of calculations made in the wage sheet. The
permissible amount (like Income Tax, Provident Fund, etc.) should be deducted from
gross wages to show the net wages payable to workers.
(iv) The wage sheet shall be signed by the person who has prepared it before making
any payment.
3. Actual Payment of Wages:
(i) Separate persons should be responsible for preparation of wage sheets, approval of
wage bills and the actual payment thereof.
(ii) Every worker who is to receive the wages should be personally present and he has
to prove his identity at that time.
(iii) If possible, wages should be disbursed in the presence of departmental foreman
concerned.
(iv) Signatures of the workers should be obtained whenever they receive the wages.
(v) There should be proper arrangement for dealing with unclaimed wages.
(vi) If possible, a separate bank account should be operated for wage payments. It will
help in maintaining track of such payments or disbursements.
 Cash Sales
1. Cash Sales: Sales at the Counter
1. The salesman, authorized to sell the goods at the counter, should be specifically
named. A specific number should be allocated to every salesman.
2. Cash memos shall be printed in numerical sequence.
3. The salesman sells goods to the customer and prepares four copies of cash memo,
three of them handed over to customer and one is retained by him.
4. The customer will carry all the three copies to the cashier. After collecting the cash,
the cashier will return two copies to the customer, duly stamp marked as cash paid.
5. Goods are handed over to the customer by gatekeeper and one copy of
cash memo is retained by the gatekeeper and the other one will remain
with the customer.
6. At the end of the day, salesman – cashier – gatekeeper prepares the
summaries of cash, sales separately and then they reconcile it, for any
difference.
7. The amount received from the cash sales should be deposited daily in the
bank.
 2. Cash Sales: Sales by Travelling Salesman/Agents
In some of the organizations, travelling salesman is appointed for direct sales
promotion and collection. In such a case, the internal check system should be:
1. The salesman should be authorized to issue money receipts.
2. They should deposit the entire cash collection daily to the cashier or to the bank account
of the company.
3. The salesman should submit the daily report of sales and collection.
4. The salesman should not keep any cash with him.
5. No cash collection should remain outstanding.
6. If possible, the salesman should be transferred from one area to another to avoid the
frauds.
 Cash Purchases
(i) The purchase order should be prepared on the basis of purchase requisition duly
authorized by a competent official.
(ii) The terms and conditions of purchase should be decided on the basis of comparative
tenders and quotations.
(iii) The materials purchased should be verified as regards quantity and quality by the
person independent of purchase department and store department.
(iv) The purchase-invoice should be verified with purchase order and goods received note.
(v) Payment against invoices should be authorized by a responsible official.
(vi) All the entries should be properly recorded in purchase book and cash book.
THANK YOU