Flashcards in Becker AUD 3.3 - Audit Risk Deck (31):
What is Audit Risk?
The risk of giving the wrong opinion on the financial statements that are MATERIALLY MISSTATED.
Audit risk formula
AUD Risk = Inherent risk x Control Risk x Detection risk
What is the following:
Inherent risk = Relevant assertion to the material misstatement assuming there are no related (internal controls). OTHER-WORDS: some accounts are always higher risk of misstatement compared to others.
Control risk: The company's internal control cannot prevent nor detect material misstatement.
Detection risk: Auditor's audit procedures NOT able to find the material misstatement in the F/S.
Is Audit Risk eliminated or minimized?
Only minimized. This because Audit Risk can NEVER go away. It's always there no matter how many audit programs/plans/procedures used to do tests.
What is the reason to assess Control Risk?
The reason: auditor uses assessed level of control risk (together with assessed inherent risk level) to DETERMINE the assessed risk of material misstatements IN ORDER to determine the LEVEL of Detection Risk the auditor may accept in testing the F/S assertions on finding material misstatements to be revised by the client company's management.
FYI - Auditor first assess Control Risk and Inherent risk level in order to then determine Detection risk. Once set the Detection risk, then determine the Level of Assurance from nature, extent, timing of doing substantive testing.
True or false in each situation:
1) Auditor asses control risk before understanding the internal control.
2) Assessing the Control risk is required to obtain understanding of control environment or any of the other 4 COMPONENTS of internal control.
3) Assessing control is NOT related to assessing materiality levels
4) Inherent risk is assessed INDEPENDENTLY of any considerations of relevant controls Control risk does NOT affect inherent risk.
1) False. Assess control risk after understanding the internal control environment.
2) False. Assess control risk is NOT required in order to understand the control environment or any of other 4 internal control components.
When acceptable Detection RISK decreases, what increases?
Substantive testing increases.
FYI - This because in order to decrease Detection Risk, you must do more Substantive testing.
More Substantive testing leads to Decreased detection risk.
When Detection risk Decreases (which is caused by) substantive testing (assurance) Increases, what 3 things the auditor should do to increase Assurance, substantive testing in order to decrease detection risk?
1) Change NATURE of substantive testing from a less effective procedure to DO MORE EFFECTIVE procedures, (i.e. do DIRECT TESTS on independent parties outside company, do less tests on parties/documents inside the company)
2) Change TIMING of substantive tests (i.e. perform substantive tests at YEAR-END vs. at Interim date (Quarterly date)
3) Change EXTENT of substantive testing (i.e. change sample size from small to big; have a LARGER SAMPLE SIZE).
Risk of material misstatement consists of what 2 items?
Inherent risk and control risk
FYI - this is assessed by Auditor.
And it is the Company's management job to help deal with inherent risk and control risk in terms of proper documentation and series of controls (in the form of personnel and segregated duties or tools (computer/physical lock box, etc.)
True or false:
Internal controls are identified to specific control environment factors.
Control risk are assessed in terms of F/S assertions.
Internal controls are identified towards specific F/S assertions. Then, tests are performed on internal controls to determine their effectiveness in preventing material misstatements in those assertions.
Are control risk, detection risk, and inherent risk assessed in only quantitative terms? only non-quantitative terms? Or it's either quantitative or non-quantitative
It's either Quantitative (percentages %)
NON-quantitative (a range from minimum to maximum or high, medium, low)
What kind of procedures are used to assess risk of material misstatements?
Risk assessment procedures.
What is relevant assertion as per AICPA AU-C-00315?
Relevant assertion = A financial statement assertion that has a reasonable possibility of containing a misstatement or misstatements that would cause the financial statements to be materially misstated. The determination of whether an assertion is a relevant assertion is made without regard to the effect of internal controls. (Ref: par. .A117)
Which risk that the auditor can change at its discretion?
True or false
1) Inherent risk and control risk (both are components of Risk of material misstatements RMM)
2) Auditor can change the inherent risk and control Risk.
2) False. Inherent risk and control risk cannot be changed BY the auditor. This because inherent risk and control risk exits outside (independently) of the F/S.
Inherent risk and control risks independently of the audit.
Examples of Inherent risks' (assertions)
1) High volume transactions (i.e. revenue)
2) Complex transactions (i.e. derivative transactions, or LARGE COMPLEX SALE)
3) Derived from estimates (i.e. impairments, bad debt expenses, warranties, depreciated assets life/salvage value, contingencies).
Examples of other factors specific to entity and its environment that can INCREASE Inherent risk.
1) Technological developments that makes a product OBSOLETE
2) Lack of working capital
3) Decline in the industry or economy
When there is a higher risk assessment (higher inherent risk and control risk), then there is a ____ detection risk?
When there is a lower risk assessment (higher inherent risk and control risk), then there is a ____ detection risk?
Low Detection Risk.
FYI - HIGH (inherent risk, control risk) then LOW detection risk. This because there is a higher chance of so many errors/mistakes in the F/S that there is a low chance of not able to find a mistake in the F/S.
Higher detection risk
FYI - Low (inherent risk, control risk) then HIGH detection risk. This because the inherent risks and control risk is so low that it gives false confidence that the auditor will not find any material misstatements (thus higher detection risk, then higher chance to not able to find any material misstatements)
True or false:
1) Higher risk of material misstatement (risk assessment; Inherent risk x control risk) means low Detection Risk and MORE assurance from substantive procedures
2) Performing tests at year-end with more experienced staff is needed when experiencing more errors found in auditing accounts at INTERIM period.
3) Numerous unexpected errors in A/R may result in the auditor to INCREASE the dollar threshold of vouching customer invoices.
4) Negative confirmations provide less assurance than positive confirmations.
5) Analytical procedures are inefficient to obtain assurance.
3) False. Decrease the dollar threshold of vouching customer invoices when experiencing more errors in auditing A/R.
4) True. Negative confirmations does provide less assurance than positive confirmations. This because positive confirmations is where more assurance is obtained by getting customers to say yes that is the correct amount vs. a negative confirmations where there's less responses (customer only response if there is an error) so it's likely that the customer may forget to give a response that they experienced an error in the invoice.
5) False. Analytical procedures ARE EFFICIENT to obtain assurance to find misstatements not found in detailed evidence examination or when such detail is unavailable.
Tests of controls should be considered when deciding level of assurance on the nature of tests used. This is because??
Control tests (affects control risk) where HIGHER Control risk, means INCREASED ASSURANCE SUBSTANTIVE TESTING that results in LOWER detection risk.
More assurance as in increased substantive testing means less detection risk in not finding a misstatement. More assurance substantive tests is needed to help mitigate a HIGH Control risk (and a HIGH inherent risk) [HIGH risk of material misstatement].
Procedures should be applied to a particular engagement are a matter of auditor's professional judgment is an example of
Determine the nature of substantive testing (i.e. more effective testing, direct testing a particular situation)
True or false.
Auditor's would use their judgement to determine the nature of the substantive testing in having more effective or less effective audit test to directly test a particular area of the F/S accounts.
Inherent risk and control risk are assessed based on ___ and its ___.
Entity and its environment.
FYI - you do not assess inherent risks and control risk from judging on materiality.
What is the difference known misstatement and a likely misstatement?
Known misstatement = found and identified during an audit.
Likely misstatement = differences in dollar amounts, particularly estimates between the MGT's estimates and auditor's estimates.
4 types of known misstatements.
1) inaccuracies on collecting/processing data.
2) Departures from GAAP
4) Inappropriate selection or application of accounting policies.
What is the difference between tests of control and tests of details?
Test of controls:
* INQUIRY and Confirmation. For example, ask the credit controller about the way in which customers are encouraged to pay and ask how these customers are identified and how often they are followed up. This is a relatively weak source of evidence because the credit controller might exaggerate his or her efforts.
* INSPECTION. For example, the credit references or notes made by the credit controller of conversations.
* OBSERVATION. For example, observing the credit controller at work.
* Recalculation and Re-performance. For example, ensuring that the aged receivables analysis seems to be accurate.
TEST OF DETAILS:
* Writing to customers asking them to CONFIRM the amount owed (existence and ownership).
* TRACING , by inspection, some sales invoices to the Dr side of customers’ accounts (existence and ownership).
* OBSERVATION/INSPECTION of amounts received after year end. This gives evidence about valuation because if a payment is received subsequently the debt was obviously not bad.
* RECALCULATION of bad debt provisions.
True or False
1) Audit risks arises because of the auditor only obtains ABSOLUTE assurance about whether F/S are free of material misstatement.
2) Detection risk arise from factors relating to fraud.
3) Materiality means is that it deals with "realizes some matters, either INDIVIDUALLY or in the AGGREGATE, are important while other matters are NOT important.
4) Assessing the accounting principles used and evaluating the overall F/S presentation does NOT relates to determining that F/S are prepared in conformity with GAAP.
Audit risks arises because of the auditor only obtains REASONABLE assurance (NOT absolute assurance) about whether F/S are free of material misstatement.
FYI - You find this in the auditor's report stated as "obtains reasonable assurance about whether the F/S are free of material misstatements."
2) False. Detection risk does NOT arise from factors relating to FRAUD.
3) True. Materiality is to determine which item (individually or in aggregate (grand total)) matters more than others that can affect decision-making.
4) False. Assessing accounting principles used and evaluate the overall F/S DOES deal with F/S being in conformity with GAAP.
Where do you find this "is responsible for expressing an opinion on the financial statements, which are the responsibility of management" in the auditor's report?
In the MGT responsibility paragraph where it says that MGT is responsible for preparation and fair presentation in addition to MGT is responsible for design, implementation, maintaining internal controls.
In the Auditor's paragraph, the auditor's charge is to do tests and gather sufficient audit evidence to express an opinion on the F/S.
1) Do inherent risk bear any direct relationship to Control risk?
2) Does control risk and detection risk have an inverse relationship?
3) Auditor's evaluation of controls determines control risk. True or False.
4) True or False. Auditor assesses Control Risk level in order to determine Risk of material misstatement which results in measuring/accepting the Detection Risk level.
5) Analytical procedures can be used to verify design of internal controls.
6) Regardless of control risk level, substantive testing for significant transaction classes or balances cannot be entirely eliminated.
7) Can Determining Detection risk be used to determine Control risk?
8) Detection risk level has an inverse relationship with Assurance level provided by substantive tests.
1) No. it is not.
2) yes, it does. This is where High control risk means INCREASED assurance from substantive test therefore LOWER Detection risk.
LESS control risk means DECREASED assurance from substantive testing (less substantive testing) therefore HIGH detection risk.
5) False. Analytical procedures is not used to determine evaluate internal controls. Analytical procedures are used on F/S related items.
7) No. Do control risk and inherent risk assessments FIRST before doing assessment on Detection Risk not vice versa.
8) Yes, low Detection Risk means HIGH Assurance from substantive tests. HIGH Detection risk means LOW assurance from substantive tests.
When Detection risk INCREASES then change the following on:
Timing of substantive tests from year-end to ___ date
Nature of substantive tests from MORE effective to __ ___ procedures.
Extent of test of details from a large sample size to ___ sample size.
Hint: DR UP means Assurance substantive testing DOWN
Less effective procedures
small sample size
When Detection risk DECREASES then change the following on:
Timing of substantive tests from interim date to ___ date
Nature of substantive tests from less effective to __ ___ procedures.
Extent of test of details from a small sample size to ___ sample size.
Hint: DR UP means Assurance substantive testing UP
MORE effective procedures
LARGE sample size