Deck 9: Assessing the Risk of Material Misstatement

Inherent risk and control risk exist independent of the audit of the financial statements.

The performance of risk assessment procedures is designed to help the auditor obtain an understanding of the entity.

Audit reports issued under the PCAOB and the AICPA standards contain two important phrases that are directly related to materiality and to risk: obtain absolute assurance and free of material misstatement.

As management is responsible for the financial statements, failure to assess the risk of material misstatement is not detrimental to the auditor.

Name some examples where the auditor accepts some level of uncertainty in performing the audit function.

For well-planned audits, it is practical for auditors to provide assurances on immaterial amounts included in the financial statements.

Auditing standards require the engagement partner to be included in discussions about the susceptibility of the client's financial statements to material misstatements.

The phrase free of material misstatement informs users that the auditor's responsibility is not limited to only material financial information.

Significant changes in the industry may increase the risk of material misstatement at the assertion level.

Audit reports contain the phrase obtain reasonable assurance, which is intended to inform users that auditors do not guarantee or ensure the fair presentation of the financial statements which the audit reports cover.

The risk of material misstatement exists only at the overall financial statement level.

Auditors are not allowed to make inquires of employees who are not considered management, such as marketing or sales personnel.

Nonroutine transactions are unusual in nature but not infrequent in occurrence.

Risk assessment procedures are performed to identify and assess the risk of material misstatement. List three risk assessment procedures.

Revenue transactions and account balances subject to significant risk are not required to be documented in the working papers if the auditor determines significant risk does not apply in a particular audit engagement.

The application of professional skepticism consists of two primary components: a questioning mind and a critical assessment of the audit evidence obtained during the audit.

PCAOB auditing standards require the auditor to make inquiries of the audit committee about the risks of material misstatement.

Discussions, including exchanges of ideas or brainstorming among the engagement team members about business risks should include the financial statements, but not necessarily the related disclosures.

The auditor's risk assessment for fraud should be ongoing throughout the audit.

Nonroutine transactions may not necessarily increase the risk of material misstatement.

The auditor's consideration of the risk of material misstatement due to fraud is made primarily at the financial statement level, not at the assertion level.

The PCAOB, but not the AICPA, auditing standards require inquiry of internal audit personnel by the auditor when that function exists within the audit client.

The auditor must perform substantive tests related to assertions deemed to have significant risks.

Financial statement matters like estimates for the allowance for doubtful accounts and allowances for slow-moving inventories, are deemed significant matters which should be addressed by auditor in their assessment of the risk of material misstatement.

Auditing standards emphasize the benefits and importance of obtaining information or different perspectives through inquiries of others within the entity and employees with differing levels of authority within the organization.

Significant risks often relate to routine transactions.

Individuals engaged in conducting a fraud will generally not misrepresent information to the auditor.

The most important element of the audit risk model is control risk.

An example of where the auditor will accept very low risk (low acceptable audit risk) is for an audit client having an initial public offering.

The audit committee should determine the risk the CPA firm is willing to take that the financial statements are misstated after the audit is completed.

Using your knowledge of the relationships among acceptable audit risk, inherent risk, control risk, planned detection risk, performance materiality, and planned evidence, state the effect on planned evidence (increase or decrease) of changing each of the following factors, while the other factors remain unchanged.
1. an increase in acceptable audit risk ________
2. an increase in inherent risk ________
3. a decrease in control risk ________
4. an increase in planned detection risk ________
5. an increase in performance materiality ________

After assessing internal controls are being effective in the sales and collection cycle, the auditor can assume that internal controls will be effective at each of the client's other transaction cycles.

Audit assurance is the complement of planned detection risk, that is, one minus planned detection risk.

Inherent risk and control risk are directly related.

As control risk increases, the amount of substantive evidence the auditor plans to accumulate should increase.

For a private company client, auditors are required to test any internal controls they believe have not been operating effectively during the period under audit.

A planned detection risk (PDR) of .05 means the auditor plans to accumulate audit evidence until the risk of misstatement exceeding performance materiality is reduced to 5 percent.

The auditor assesses risks at the overall financial statement level but not at the audit objective level for the acquisition and payment cycle.

If acceptable audit risk is low, and inherent risk and control risk are both low, then planned detection risk should be high.

Describe the audit risk model and each of its components.

Why do auditors use the audit risk model when planning an audit?

A high detection risk equates to a low amount of audit evidence needed.

The audit risk model that must be used for planning audit procedures and evaluating audit results is:
= AAR.

There is a direct relationship between acceptable audit risk and planned detection risk.

If the audit assurance rate is 95%, then the level of acceptable audit risk is 5%.

Acceptable audit risk and the amount of substantive evidence required are inversely related.