Exam 10: Evidence About Management Assertions: Linking Residual Risks to Substantive Tests

Correct Answer:

Verified

a. The audit risk model should be thought of as an aid to understanding how various factors affect the amount of substantive testing done in an audit. Although the audit risk model is a mathematical formula, its use is more conceptual than computational, and auditors would generally not try to apply it as a tool for calculating risk. Rather, the model provides guidance as to a general level of substantive testing that is needed given the conditions of a client. The audit risk model is not a well specified model and the following concerns have been raised about it:
-The covariance between inherent risk and control risk or between business risk which affects audit risk and inherent risk are ignored
-It presumes a multiplicative form with unitary weights without empirical support for such a mathematical characterization
-Sampling risk on controls is not recognized
-Internal controls prevent as well as detect errors
-Often implemented by asking auditor to categorize as high, medium, or low risk or by number not empirically supported.
-auditors over rely on last year's parameter estimates because revision would require justification
b. When required detection risk is lower, substantive evidence will be more extensive for the assertion being examined. Note that this guidance is extremely general. The exact amount of evidence that is required to achieve the desired detection risk for any specific management assertion cannot be calculated through a mathematical formula. Audit evidence is rarely quantifiable. What the model does indicate when more and better substantive evidence is needed, in order to convince the auditor that the level of detection risk (and therefore audit risk) is as low as desired.
c. The benefit of using the audit risk model for planning substantive tests is that it provides guidance about the appropriate level of detection risk given the established level of audit risk and the assessed level of the risk of material misstatement. It also allows the auditor to focus on specific management assertions where risk of misstatement is most severe. In addition, the relationship between control risk and detection risk reflect the need for auditors to make choices concerning the ability to rely on controls. If controls can be relied upon, then detection risk can be higher thus reducing the need for relatively expensive substantive tests. Auditors must also be aware that the guidance from the model is only as good as the auditor's risk assessments.

Correct Answer:

Verified

In theory, audit risk (any risk, in fact) could vary from 0 percent (complete certainty that financial statements do not contain material misstatements) to 100 percent (complete certainty that financial statements contain material misstatements). However, the auditor must design the engagement to provide reasonable assurance that financial statements are free of material misstatement. Reasonable assurance implies a high level of assurance, and a low probability of misstatement. Therefore, most auditing firms require that engagements are conducted at relatively low audit risk percentages, usually no higher than 5 percent. Because an auditor cannot perform tests on all transactions and accounts, and because significant judgment is required for many financial statement measures, conventional wisdom suggests that an audit cannot be performed with an audit risk level below 1 percent. Thus, for most firms, audit risk is established somewhere between 1 and 5 percent. In practice, the costs associated with moving below 1 percent typically are very high relative to the reduction in audit risk.
The auditor must consider the audit firm's business risk when setting an acceptable audit risk. If the client is in financial distress or publicly listed and thus capable of drawing a class action suit, litigation and reputation risk will increase, thereby increasing auditor business risk and thus the auditor will want to reduce the acceptable audit risk. Since audit risk is premised on a level of materiality which is a user defined concept, it is important to understand who will be using the financial statements upon which the opinion will be expressed. For example, creditors and investors are focusing on different aspects of the financial statements.

Correct Answer:

Verified

DR is the only risk directly under the control of the auditor. If the auditor wants a low detection risk, the auditor must conduct extensive substantive tests of specific management assertions (tests of transactions, accounts, and presentation and disclosure). If the auditor decides that a higher level of DR is acceptable, then the auditor is willing to reach a conclusion about the fairness of financial statement based upon less substantive evidence, possibly substituting substantive analytical evidence for other substantive tests.