Planning: Materiality And Risk Flashcards Preview

Audit > Planning: Materiality And Risk > Flashcards

Flashcards in Planning: Materiality And Risk Deck (26):

What is the audit process?

1. Assessing client acceptance and retention decision
2. Understanding the client
3. Obtain evidence about controls and determining the impact on the audit
4. Obtain substantive evidence about account assertions
5. Wrap up the audit and make reporting decision


What is the broad 4-step audit process? (mayhew combines 1+2)

Planning, control evaluation, substantive testing, completion


What is risk?

- Exposure to chance of injury or loss. If we know it's going to happen, it's not a risk.
- 2 components: probability x outcome


Bottom line of risk

- we need to mitigate/ reduce/ manage risk
- we must lower the probability or the loss or both
- always a cost/benefit to managing risk (cost of quantifiable, benefit is not)


What is engagement risk?

- Risk to the auditor of serving the client
- Risk is 0 if we do not audit the client (we must have some clients)
- can lead to "bad publicity"
- Biggest part = financial failure
Other events that put the auditor at risk: financial failure, management integrity failure, materially misstated financial statements, questionable client practices (AIG)


What is enterprise risk? (business risk)

- the risk a client company will suffer a significant loss
- derives from client's operations and the potential outcomes of organization activities


How can a client manage enterprise risk?

Enterprise risk management system: identifies risks, enacts controls to address risks where possible, and provides information, communication, and monitoring for management and the corporate governance circle.


What is financial reporting risk?

- relates to client
- the risk the financial statements do not comply with GAAP
- affected by :
- company's financial health
- quality of internal controls
- complexity of company's transactions and financial reporting
- management's motivation to misstate the financial statements (short term incentives are sketchy)


Which risk do auditors struggle most with?

Business risk


What is audit risk?

- The risk we give the wrong opinion, an unqualified opinion on materially misstated financial statements (subset of engagement risk)
- it is within the auditor's control
- doesn't typically go the other way
- related to financial reporting risk (fin reporting risk should be lower after an audit, how much lower depends on audit risk level set by the auditor)
- if fin reporting risk is 0, audit risk is 0
- that never happens, but lower FRR means lower AR


What is materiality?

- The level of misstatement which under the circumstances makes it probable that a reasonable person's judgment would've changed.
- super complicated and circumstantial
- were not looking for perfection
- hard to develop a pure quantitative measure
- affects audit risk


What could affect materiality assessment? (qualitative)

Would correcting the error enable the company to...
- beat analysts expectations
- beat last year's earnings
- report income instead of loss
- avoid debt covenants


What is overall materiality?

What we think will probably affect users


Planning materiality - tolerable misstatement

< overall materiality
- applied to account balances for testing purposes


What is posting materiality?

- minimum cut-off for tracking of misstatements by the auditor
- auditor lists misstatements above this amount during the audit
- evaluates in aggregate at end of audit


All else equal, if we change the materiality level does it change audit risk?



All else equal, what happens when we increase materiality?

Audit risk decreases
- as the size of acceptable error increases, we have less risk we will miss the error


What happens when we decrease materiality (all else equal)?

Audit risk increases
- as the size of acceptable error decreases, we have more risk we will miss it


How does the auditor set desired audit risk?

The auditor sets desired audit risk based on assessed engagement risk, and then insiders three component risks (inherent risk, control risk, and detection risk)


What is the audit risk model?

AR = IR x CR x DR
- very conceptual


What factors impact the auditor's risk of getting the wrong opinion (3)?

1. The risk the client's financial statements are wrong (fin stmt risk)
- inherent risk (economy, climate, industry)
- control risk (their controls suck)
2. The risk the auditor fails to detect the misstatements
- detection risk
3. The materiality of the misstatement


What is inherent risk?

- Auditor's assessment of the likelihood the financial statements (or account or assertion) contains a material error independent of internal controls.
- impacted by business and financial reporting risks
- somethings are inherently riskier than others
High tech more than utilities
High growth more risky than cash cows
Inventory more risky than cash
Valuation of A/R more risky than completeness


What is control risk?

- the auditor's assessment of whether misstatements will be prevented or detected by the client's internal controls
- need some measure of a tolerable misstatement to implement
- identify internal controls - what should be and what is
- evaluate controls to determine if they are functioning
- keep in mind internal controls are always overridden
- test of controls will later confirm or refute the assessment in an integrated audit


What is risk of material misstatement (RMM)?

- Control risk x inherent risk
- the risk the client's financial statements are misstated prior to the audit


What is detection risk?

- the risk the auditor's test of controls or substantive tests will fail to detect a material misstatement
- the risk depends on the auditor's actions or lack of actions
- auditor chooses procedures/processes to manage or achieve a desired detection risk
- has nothing to do with the client


How does detection risk affect audit risk?

- We use the model to determine how much effort we need to exert to achieve the desired audit risk.
- we solve for detection risk and use it to plan our testing procedures
- basically, choose a level of audit risk and set detection risk to achieve that goal of audit risk