Flashcards in Planning: Materiality And Risk Deck (26):
What is the audit process?
1. Assessing client acceptance and retention decision
2. Understanding the client
3. Obtain evidence about controls and determining the impact on the audit
4. Obtain substantive evidence about account assertions
5. Wrap up the audit and make reporting decision
What is the broad 4-step audit process? (mayhew combines 1+2)
Planning, control evaluation, substantive testing, completion
What is risk?
- Exposure to chance of injury or loss. If we know it's going to happen, it's not a risk.
- 2 components: probability x outcome
Bottom line of risk
- we need to mitigate/ reduce/ manage risk
- we must lower the probability or the loss or both
- always a cost/benefit to managing risk (cost of quantifiable, benefit is not)
What is engagement risk?
- Risk to the auditor of serving the client
- Risk is 0 if we do not audit the client (we must have some clients)
- can lead to "bad publicity"
- Biggest part = financial failure
Other events that put the auditor at risk: financial failure, management integrity failure, materially misstated financial statements, questionable client practices (AIG)
What is enterprise risk? (business risk)
- the risk a client company will suffer a significant loss
- derives from client's operations and the potential outcomes of organization activities
How can a client manage enterprise risk?
Enterprise risk management system: identifies risks, enacts controls to address risks where possible, and provides information, communication, and monitoring for management and the corporate governance circle.
What is financial reporting risk?
- relates to client
- the risk the financial statements do not comply with GAAP
- affected by :
- company's financial health
- quality of internal controls
- complexity of company's transactions and financial reporting
- management's motivation to misstate the financial statements (short term incentives are sketchy)
Which risk do auditors struggle most with?
What is audit risk?
- The risk we give the wrong opinion, an unqualified opinion on materially misstated financial statements (subset of engagement risk)
- it is within the auditor's control
- doesn't typically go the other way
- related to financial reporting risk (fin reporting risk should be lower after an audit, how much lower depends on audit risk level set by the auditor)
- if fin reporting risk is 0, audit risk is 0
- that never happens, but lower FRR means lower AR
What is materiality?
- The level of misstatement which under the circumstances makes it probable that a reasonable person's judgment would've changed.
- super complicated and circumstantial
- were not looking for perfection
- hard to develop a pure quantitative measure
- affects audit risk
What could affect materiality assessment? (qualitative)
Would correcting the error enable the company to...
- beat analysts expectations
- beat last year's earnings
- report income instead of loss
- avoid debt covenants
What is overall materiality?
What we think will probably affect users
Planning materiality - tolerable misstatement
< overall materiality
- applied to account balances for testing purposes
What is posting materiality?
- minimum cut-off for tracking of misstatements by the auditor
- auditor lists misstatements above this amount during the audit
- evaluates in aggregate at end of audit
All else equal, if we change the materiality level does it change audit risk?
All else equal, what happens when we increase materiality?
Audit risk decreases
- as the size of acceptable error increases, we have less risk we will miss the error
What happens when we decrease materiality (all else equal)?
Audit risk increases
- as the size of acceptable error decreases, we have more risk we will miss it
How does the auditor set desired audit risk?
The auditor sets desired audit risk based on assessed engagement risk, and then insiders three component risks (inherent risk, control risk, and detection risk)
What is the audit risk model?
AR = IR x CR x DR
- very conceptual
What factors impact the auditor's risk of getting the wrong opinion (3)?
1. The risk the client's financial statements are wrong (fin stmt risk)
- inherent risk (economy, climate, industry)
- control risk (their controls suck)
2. The risk the auditor fails to detect the misstatements
- detection risk
3. The materiality of the misstatement
What is inherent risk?
- Auditor's assessment of the likelihood the financial statements (or account or assertion) contains a material error independent of internal controls.
- impacted by business and financial reporting risks
- somethings are inherently riskier than others
High tech more than utilities
High growth more risky than cash cows
Inventory more risky than cash
Valuation of A/R more risky than completeness
What is control risk?
- the auditor's assessment of whether misstatements will be prevented or detected by the client's internal controls
- need some measure of a tolerable misstatement to implement
- identify internal controls - what should be and what is
- evaluate controls to determine if they are functioning
- keep in mind internal controls are always overridden
- test of controls will later confirm or refute the assessment in an integrated audit
What is risk of material misstatement (RMM)?
- Control risk x inherent risk
- the risk the client's financial statements are misstated prior to the audit
What is detection risk?
- the risk the auditor's test of controls or substantive tests will fail to detect a material misstatement
- the risk depends on the auditor's actions or lack of actions
- auditor chooses procedures/processes to manage or achieve a desired detection risk
- has nothing to do with the client
- WE CONTROL AUDIT RISK VIA DETECTION RISK