Audit Risk Flashcards Preview

AUD > Audit Risk > Flashcards

Flashcards in Audit Risk Deck (19):

Audit risk(AR) = risk of material misstatement (RMM) X detection risk(DR)

RMM= IR(inherent risk) X CR (control risk)


Control risk (CR) is the risk that a material misstatement that could occur in a relevant assertion WILL NOT be prevented or detected (and corrected) on a timely basis by the entity's internal control

CR is a function of the effectiveness of the design and operation of internal control. ( the auditor's evaluation of the effectiveness of the entity's internal control is what the auditor uses to assess control risk , NOT vice versa)

Detection Risk (DR) is the risk that the auditor WILL NOT detect a material misstatement that exists in a relevant assertion.

DR is a function of the effectiveness of audit procedure and of the manner in which they are applied.


Inverse relationship of RMM to DR (相反关系)
When the auditor determines that the RMM is high, DR should be set a low level. Conversely, when the DR is low, the auditor can justify a higher DR.

The auditor can change DR.
As the acceptable level of DR decrease, the assurance provided from substantive procedures should increase.
The auditor may:
1. change the nature of substantive tests from a less effective to a more effective procedure (依靠外部审计而非内部审计)
2. change the extent of substantive test (e.g. use larger sample size)
3. change the timing of substantive tests (e.g. perform substantive tests at year-end rather than an interim)


Detection risk can be divided into

Test of detail risk (TD) and Substantive analytical procedures risk (AP)

Test of details, such as observation of inventory, is generally more persuasive than substantive analytical procedures when obtaining evidence regarding existence of the inventory.


Even when the assessed RMM is low

Substantive procedures will ALWAYS be necessary for all relevant assertion related to material transaction classes, account balances, and disclosures.


The acceptable level of detection risk has a reverse relation to

the assurance directly provided from SUBSTANTIVE test.


Inherent risk (IR) is

the susceptibility of a relevant assertion to a material misstatement , assuming there no related controls.


Control risk (CR) is

the risk that a material misstatement will NOT be detected ( or prevented) on a timely basis by the entity's internal control

CR 针对的是CLIENT'S 自己的系统部分,AUDITOR 只能评估,不能控制。


Detection Risk (DR) is

the risk that the audit procedures implemented WILL NOT detect a misstatement that exists in a relevant assertion.


During planning, the audit team is required to discuss the potential for material misstatement due to fraud, and the fraud risk factors should be included in that discussion.

The auditor should determine whether and to what extent fraud risk factors are presented during the PLANNING stage of the audit, not during the final overall review stage.


Large amounts of liquid assets that are easily convertible to cash would heighten an auditor's concern about MISAPPROPRIATION of assets

NOT about fraudulent financial reporting.


The auditor is required to assess fraud risk THROUGHOUT the audit

and to evaluate, at the completion of the audit, whether accumulated audit results affect this assessment.


Certain conditions noted during fieldwork may affect the auditor's assessment of fraud risk, while such conditions suggest the possibility of fraud, they are not absolute evidence that fraud has occurred

a. discrepancies in the accounting records
b. conflicting or missing evidential matter
c. problematic relationship between the auditor and management.
d. objections by management to the auditor meeting privately with audit committee.
f. accounting policies that appear inconsistent with industry practices that are widely recognized and prevalent.
g. tolerance of violations of the company's code of conduct.


Fraudulent financial reporting involves intentional misstatement or omissions of amounts or disclosures in the F.S that are designed to deceive F.S users.
These are usually acts of management and may involve:

a. manipulation, falsification, or alteration of accounting records or supporting docs which F.S are prepared.
b. misrepresentation in, or intentional omission from, the F.S of events, transactions, or other significant info
c. intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosures.


Management's EXCESSIVE interest in maintaining or increasing the stock price and earnings trend Iis a fraud risk factor

but management's LACK of interest in maintaining an earning trend WOULD NOT constitute a fraud risk factor.


Analytical procedures are required during

1. planning stage
2.Final review stage


When the auditor's risk assessment is based on the effective functioning of internal control

The auditor should identify specific internal controls relevant to specific assertions that are likely to prevent or detect material misstatement in those assertions.


The auditor should document

1. the discussion among the audit team
2.key elements of the understanding of the entity and its environment (including each component of internal control), the sources of info used to develop the understanding, and the risk assessment procedures performed.
3. the assessment of the risks of material misstatement and the basis for the assessment.
4. the identified risks and related controls evaluated by the auditor
5. a more complex entity/environment results in more expensive audit procedures, which in turn should result in more expensive audit documentation.


The objective of tests of controls is to evaluate whether a control operated effectively.
Test of control would support the planned level of CONTROL risk, and would help evaluate management's assertion that internal control exist and are operating effectively.

An auditor of nonissuer should design test of DETAILS to ensure that sufficient audit evidence supports the planned level of assurance at the relevant assertion level.