AUDITING A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT

9th Edition
Karla M. Johnstone | Audrey A. Gramling | Larry E. Rittenberg

CHAPTER 7 PLANNING THE AUDIT: IDENTIFYING AND RESPONDING TO THE RISKS OF MATERIAL MISSTATEMENT

Copyright 2014 South-Western/Cengage Learning

LEARNING OBJECTIVES
1.

2.

3. 4.

Define the concept of material misstatement and discuss the importance of materiality judgments in the audit context Identify the risks of material misstatement and describe how they relate to audit risk and detection risk Assess factors affecting inherent risk Assess factors affecting control risk

7-2 Copyright 2014 South-Western/Cengage Learning

LEARNING OBJECTIVES
5.

6.

Use preliminary analytical procedures and brainstorming to identify areas of heightened risk of material misstatement Describe how auditors make decisions about detection risk and audit risk

7-3 Copyright 2014 South-Western/Cengage Learning

LEARNING OBJECTIVES
7.

8.

Respond to the assessed risks of material misstatement and plan the procedures to be performed on an audit engagement Apply the frameworks for professional decision making and ethical decision making to issues involving materiality, risk assessment, and risk responses

7-4 Copyright 2014 South-Western/Cengage Learning

THE AUDIT OPINION FORMULATION PROCESS

7-5 Copyright 2014 South-Western/Cengage Learning

PROFESSIONAL JUDGMENT IN CONTEXT - RISKS ASSOCIATED WITH FINANCIAL STATEMENT MISSTATEMENTS

Risk: Expresses uncertainty about events and/or their outcomes having a material effect on the organization According to ISA 315 the risks:
Are associated with operational and financial reporting decisions Are sometimes hard to quantify and are judgmental in nature Are present but the organization does not have material misstatements, thus making it difficult for auditors to know when a risk factor truly is leading to a material misstatement for their particular clients
7-6 Copyright 2014 South-Western/Cengage Learning

PROFESSIONAL JUDGMENT IN CONTEXT - RISKS ASSOCIATED WITH FINANCIAL STATEMENT MISSTATEMENTS

What conditions would cause these types of risks to lead to a material misstatement in the financial statements? (LO 1, 2, 3, 4, 5) What types of risks do these examples represent? (LO 2, 3, 4) How do these risks affect detection risk and audit risk? (LO 2, 7)

7-7 Copyright 2014 South-Western/Cengage Learning

LEARNING OBJECTIVE 1

DEFINE THE CONCEPT OF MATERIAL MISSTATEMENT AND DISCUSS THE IMPORTANCE OF MATERIALITY JUDGMENTS IN THE AUDIT CONTEXT

ASSESSING MATERIALITY
Misstatement: An error, either intentional or unintentional, that exists in a transaction or financial statement account balance
Essential to understand materiality in the context of designing and conducting a quality audit

7-9 Copyright 2014 South-Western/Cengage Learning

ASSESSING MATERIALITY
Materiality Magnitude of an omission or misstatement of accounting information that, in view of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement

7-10 Copyright 2014 South-Western/Cengage Learning

ASSESSING MATERIALITY
According to ISA 320, Materiality in Planning and Performing an Audit
Auditors judgments about materiality should be made based on a consideration of information needs of users as an overall group

According to the Supreme Court of the United States

Fact should be viewed by reasonable investors as having significantly altered total mix of information made available

7-11 Copyright 2014 South-Western/Cengage Learning

MATERIALITY GUIDANCE
Audit firms provide auditors with:
Specific written guidance Decision aids

Levels considered by auditors

Materiality for the financial statements as a whole Performance materiality for particular classes of transactions, account balances, or disclosures

7-12 Copyright 2014 South-Western/Cengage Learning

MATERIALITY GUIDANCE
Performance materiality: Amount set by auditor at less than materiality level for financial statements as a whole or for particular classes of transactions, account balances, or disclosures
Used to:
Assess risks of material misstatement Determine the nature, timing, and extent of audit procedures

7-13 Copyright 2014 South-Western/Cengage Learning

MATERIALITY GUIDANCE
Tolerable misstatement: Amount of misstatement in an account balance that the auditor could tolerate and still not judge underlying account balance to be materially misstated Clearly trivial amount (posting materiality) Inconsequential, whether:
Taken individually or in the aggregate Judged by any criteria of size, nature, or circumstances

7-14 Copyright 2014 South-Western/Cengage Learning

SEC VIEWS ON MATERIALITY

Criticisms of the auditing profession
Netting material misstatements Not applying materiality concept to swings in accounting estimates Consistently passing on individual adjustments that may not be considered material

7-15 Copyright 2014 South-Western/Cengage Learning

SEC VIEWS ON MATERIALITY

Qualitative reasons for considering quantitatively small misstatement material
Hiding failure to meet analysts consensus expectations Changing a loss into income, or vice versa Concerning a segment playing significant role in operations or profitability Affecting compliance with regulatory requirements Affecting compliance with loan covenants Effecting the increases in managements compensation
Copyright 2014 South-Western/Cengage Learning

7-16

SITUATIONS NECESSITATING CHANGE IN MATERIALITY JUDGMENTS

Initial materiality judgments were based on estimated or preliminary financial statement amounts, which are different from the audited amounts Financial statement amounts initially used in the making of materiality judgments have changed

7-17 Copyright 2014 South-Western/Cengage Learning

CHANGES IN MATERIALITY JUDGMENTS

Auditors make professional judgments about size of material misstatements providing a basis for:
Determining nature and extent of risk assessment procedures Identifying and assessing risks of material misstatement Determining nature, timing, and extent of tests of controls and substantive audit procedures

7-18 Copyright 2014 South-Western/Cengage Learning

LEARNING OBJECTIVE 2

IDENTIFY THE RISKS OF MATERIAL MISSTATEMENT AND DESCRIBE HOW THEY RELATE TO AUDIT RISK AND DETECTION RISK

EXHIBIT 7.1 - RISKS RELEVANT TO AN AUDIT

7-20 Copyright 2014 South-Western/Cengage Learning

RISK OF MATERIAL MISSTATEMENT

Exists at the financial statement level and assertion level
Categories of risk within these levels
Inherent risk Control risk

Risk of material misstatement high - Auditor accepts less audit risk Risk of material misstatement lower - Auditor accepts more audit risk
7-21 Copyright 2014 South-Western/Cengage Learning

RISK OF MATERIAL MISSTATEMENT

Detection risk: Level of audit effort that auditor will expend on engagement depends on level of detection risk
Increase in evidence obtained through substantive audit procedures

When risk of material misstatement is higher

Detection risk is set lower

7-22 Copyright 2014 South-Western/Cengage Learning

AUDITING IN PRACTICE - WHAT MAKES A RISK SIGNIFICANT?

AU-C 315:
Whether the risk is a risk of fraud Whether the risk is related to recent significant economic, accounting, or other developments and, requires specific attention Complexity of transactions Whether the risk involves transactions with related parties Degree of subjectivity in measurement of financial information related to risk Whether the risk involving significant transactions outside normal course of business
7-23 Copyright 2014 South-Western/Cengage Learning

LEARNING OBJECTIVE 3

ASSESS FACTORS AFFECTING INHERENT RISK

FACTORS FOR ASSESSMENT OF INHERENT RISK AT THE ASSERTION LEVEL AT A HIGHER LEVEL
Account represents an asset that can be easily stolen Account balance made up of complex transactions Account balance requires a high level of estimation to value Account balance subject to adjustments that are not in the ordinary processing routine Account balanced composed of a high volume of nonroutine transactions
7-25 Copyright 2014 South-Western/Cengage Learning

BUSINESS RISKS
Inherent risk at financial statement level that affects business operations and potential outcomes of organizational activities Factors affecting such risk
Overall economic climate Technological changes Competitor actions Geographic locations of suppliers

7-26 Copyright 2014 South-Western/Cengage Learning

FACTORS FOR ASSESSMENT OF INHERENT RISK OF OPERATIONS AT HIGHER LEVEL

Lack of expertise to deal with changes in industry Uncertain likelihood of successful introduction of new product and acceptance by market Information technology being incompatible across systems Expansion of business for which demand not accurately estimated Implementation of incomplete business strategy New regulatory requirements increase legal exposure
7-27 Copyright 2014 South-Western/Cengage Learning

FACTORS FOR ASSESSMENT OF INHERENT RISK OF OPERATIONS AT HIGHER LEVEL

Alternative products, services, competitors, or providers posing a threat to current business Significant supply chain risks Complex production and delivery processes Mature and declining industry Inability to control costs with possibility of unforeseen costs Producing products that have multiple substitutes
7-28 Copyright 2014 South-Western/Cengage Learning

SOURCES OF INFORMATION FOR ASSESSING BUSINESS RISKS

Management inquiries Review of clients budget Tour of clients plant and operations Review government regulations and clients legal obligations Knowledge management systems Online searches Review of SEC filings Company Web sites Economic statistics Professional practice bulletins Stock analysts reports Company earnings calls
7-29 Copyright 2014 South-Western/Cengage Learning

INHERENT RISK AT FINANCIAL STATEMENT LEVEL - FINANCIAL REPORTING RISKS

When assessing this risk, auditors consider all items on a companys financial statements that are subjective and based on judgment
Inherent risk at the financial statement level is affected by:
Competence and integrity of management Potential incentives to misstate the financial statements

7-30 Copyright 2014 South-Western/Cengage Learning

SOURCES OF INFORMATION REGARDING MANAGEMENT INTEGRITY

Predecessor auditor Other professionals in business community Other auditors within audit firm News media and Web searches Public databases Preliminary interviews with management Audit committee members Inquiries of federal regulatory agencies Private investigation firms
7-31 Copyright 2014 South-Western/Cengage Learning

AUDITING IN PRACTICE - AN EXAMPLE OF INHERENT RISK AT FINANCIAL STATEMENT LEVEL

Former CFO of Maxim Integrated Products was held liable for securities fraud for engaging in a scheme to backdate stock option grants
Aided Maxims failure to maintain accurate accounting records, resulting in inaccurate financial reporting

Management integrity was a fundamental problem leading to this fraud Assessing management integrity is no easy task

7-32 Copyright 2014 South-Western/Cengage Learning

FACTORS FOR ASSESSMENT OF INHERENT RISK OF FINANCIAL REPORTING AT HIGHER LEVEL

Discrepancies in accounting records Unusual relationships between auditor and management Lack of management competence Company history of meeting analyst estimates or high earnings growth expectations An impending initial public offering of stock Disagreements over financial reporting with prior auditors Auditor resignation Unusual transactions with outsiders or significant related party transactions

7-33 Copyright 2014 South-Western/Cengage Learning

FACTORS FOR ASSESSMENT OF INHERENT RISK OF FINANCIAL REPORTING AT HIGHER LEVEL

Transactions for which most of the revenue or expense is recognized at inception of transaction Financial results that seem too good to be true Complex business arrangements that serve little practical purpose Evasiveness from management regarding questions about financial statements Insistence by CEO or CFO to be present at all meetings Accounting methods appearing to favor form over substance
7-34 Copyright 2014 South-Western/Cengage Learning

AUDITING IN PRACTICE - APPLICATION OF ACCOUNTING PRINCIPLES AND RELATED DISCLOSURES Auditor needs to:
Determine whether managements decisions are appropriate and consistent with financial reporting framework Develop expectations about appropriate disclosures that are necessary Compare those expectations to disclosures made by management in assessing inherent risks

7-35 Copyright 2014 South-Western/Cengage Learning

LEARNING OBJECTIVE 4

ASSESS FACTORS AFFECTING CONTROL RISK

CONTROL RISK
Relates to susceptibility that a misstatement will not be prevented or detected on a timely basis by internal control system Its assessment can be made at:
Overall financial statement level Account or assertion level

7-37 Copyright 2014 South-Western/Cengage Learning

ASSESSING FACTORS AFFECTING CONTROL RISK

Poor controls in specific countries or locations Difficulty gaining access to the organization or determining the controllers of the organization Little interaction between senior management and operating staff Weak tone at the top leading to a poor control environment Inadequate accounting staff and information systems
7-38 Copyright 2014 South-Western/Cengage Learning

ASSESSING FACTORS AFFECTING CONTROL RISK

Growth of organization exceeding accounting system infrastructure Disregard of regulations for prevention of illegal acts No internal audit function, or lack of respect for internal audit function by management Weak design, implementation, and monitoring of internal controls Lack of supervision of accounting personnel
7-39 Copyright 2014 South-Western/Cengage Learning

AUDITING IN PRACTICE - LACK OF OVERSIGHT AS A CONTROL WEAKNESS LEADS TO EMBEZZLEMENT Rita Crundwell and the City of Dixon, Illinois $50+ million fraud Auditors need to be aware of weak internal controls and negative consequences for a clients financial statements
Control risk assessment as high means a need to perform additional substantive procedures Assessment of control risk as low means a need to test those controls for operational efficiency
7-40 Copyright 2014 South-Western/Cengage Learning

TECHNIQUES TO UNDERSTANDING MANAGEMENTS RISK ASSESSMENT

Understand processes used by the board and management to manage risk Review risk-based approach used by internal audit function with its director and audit committee Interviewing management about:
Risk approach Risk preferences Risk appetite Relationship of risk analysis to strategic planning
7-41 Copyright 2014 South-Western/Cengage Learning

TECHNIQUES TO UNDERSTANDING MANAGEMENTS RISK ASSESSMENT

Review outside regulatory reports Review company policies and procedures Review company compensation schemes Review prior years work Determine how management and board:
Monitor risk Identify changes in risk React to mitigate, manage, or control the risk
7-42 Copyright 2014 South-Western/Cengage Learning

LEARNING OBJECTIVE 5

USE PRELIMINARY ANALYTICAL PROCEDURES AND BRAINSTORMING TO IDENTIFY AREAS OF HEIGHTENED RISK OF MATERIAL MISSTATEMENT

PRELIMINARY ANALYTICAL PROCEDURES

Developing an expectation Determining when the difference between auditors expectation and clients records would be significant Computing that difference

Following up on significant differences

7-44 Copyright 2014 South-Western/Cengage Learning

TYPES OF ANALYTICAL TECHNIQUES

Trend analysis: Based on the history of changes in the account, year-to-year comparisons of:
Account balances Graphic presentations Analysis of financial data Histograms of ratios Projections of account balances

7-45 Copyright 2014 South-Western/Cengage Learning

TYPES OF ANALYTICAL TECHNIQUES

Ratio analysis: Identifies significant differences between the client results and a norm or between auditor expectations and actual results
Identifies potential audit problems that may be found in ratio changes between years

7-46 Copyright 2014 South-Western/Cengage Learning

EXHIBIT 7.3 - COMMONLY USED RATIOS

7-47 Copyright 2014 South-Western/Cengage Learning

RATIO AND TREND ANALYSIS

Carried out through a comparison of client data with expectations:
Based on industry data Based on similar prior-period data Developed from industry trends, client budgets, other account balances, or other bases of expectations

7-48 Copyright 2014 South-Western/Cengage Learning

BRAINSTORMING
A group discussion designed to encourage auditors to creatively assess client risks
Particularly those relevant to possible existence of fraud in an organization

Occur during the early planning phases of audit Repeated if actual fraud is detected Attended by entire engagement team and led by audit partner or manager

7-49 Copyright 2014 South-Western/Cengage Learning

GUIDELINES FOLLOWED DURING BRAINSTORMING SESSION

Suspension of criticism Freedom of expression Quantity of idea generation Respectful communication

7-50 Copyright 2014 South-Western/Cengage Learning

STEPS IN BRAINSTORMING SESSIONS

Reviewing prior year client information

Considering client information, particularly with respect to the fraud triangle Integrating information from previous steps into an assessment of likelihood of fraud in engagement

Identifying audit responses to fraud risks

7-51 Copyright 2014 South-Western/Cengage Learning

LEARNING OBJECTIVE 6

DESCRIBE HOW AUDITORS MAKE DECISIONS ABOUT DETECTION RISK AND AUDIT RISK

DETERMINING DETECTION RISK AND AUDIT RISK

Auditor determines level of detection risk on the basis of:
Assessment of risk of material misstatement at all levels Consideration of desired level of audit risk

Determining detection risk influences nature, amount, and timing of substantive audit procedures

7-53 Copyright 2014 South-Western/Cengage Learning

DETECTION RISK AND AUDIT RISK

Detection risk is affected by:
Effectiveness of substantive auditing procedures performed Extent to which the procedures were performed with due professional care

High level of detection risk

Audit firm is willing to take higher risk of not detecting a material misstatement Audit risk is also high
7-54 Copyright 2014 South-Western/Cengage Learning

DETECTION RISK AND AUDIT RISK

Low level of detection risk
Audit firm is not willing to take as much of a risk of not detecting material misstatement Audit risk is also low

Audit risk usually set at between 1% and 5% Detection risk ranges from 1% to 100%

7-55 Copyright 2014 South-Western/Cengage Learning

EXHIBIT 7.4 - RISKS AND THEIR EFFECTS ON AUDIT WORK

7-56 Copyright 2014 South-Western/Cengage Learning

EXHIBIT 7.4 - RISKS AND THEIR EFFECTS ON AUDIT WORK

7-57 Copyright 2014 South-Western/Cengage Learning

HIGH RISK OF MATERIAL MISSTATEMENT

Assuming an account with many complex transactions and weak internal controls
Inherent risk and control risk assessed at their maximum Audit risk set at a low level

Audit risk model

Audit Risk = Inherent Risk Control Risk Detection Risk 0.01 = 1.00 1.00 Detection Risk Detection Risk = 0.01 / (1.0 1.0) = 1%

7-58 Copyright 2014 South-Western/Cengage Learning

LOW RISK OF MATERIAL MISSTATEMENT

Assuming an account with simple transactions and well-trained personnel with no incentive to misstate financial statements
Inherent risk and control risk assessed at 50% and 20% respectively Audit risk set at 5%
Audit Risk = Inherent Risk Control Risk Detection Risk 0.05 = 0.50 0.20 Detection Risk Detection Risk = 0.05 / (0.50 0.20) = 50%
7-59 Copyright 2014 South-Western/Cengage Learning

AUDITING IN PRACTICE - AN EXPANDED VERSION OF AUDIT RISK MODEL

7-60 Copyright 2014 South-Western/Cengage Learning

LEARNING OBJECTIVE 7

RESPOND TO THE ASSESSED RISKS OF MATERIAL MISSTATEMENT AND PLAN THE PROCEDURES TO BE PERFORMED ON AN AUDIT ENGAGEMENT

PLANNING AUDIT PROCEDURES TO RESPOND TO THE ASSESSED RISKS OF MATERIAL MISSTATEMENT

Auditor should design:
Controls reliance audit Substantive audit

When considering risk responses, auditor should:

Evaluate reasons for assessed risk of material misstatement Estimate likelihood of material misstatement due to inherent risks of client

7-62 Copyright 2014 South-Western/Cengage Learning

PLANNING AUDIT PROCEDURES TO RESPOND TO THE ASSESSED RISKS OF MATERIAL MISSTATEMENT

Consider the role of internal controls, and determine whether control risk is relatively high or low Obtain more relevant and reliable evidence with increase in assessment of risk of material misstatement

7-63 Copyright 2014 South-Western/Cengage Learning

EXHIBIT 7.5 - EFFECT OF RISK ASSESSMENT ON RISK RESPONSE

7-64 Copyright 2014 South-Western/Cengage Learning

NATURE OF RISK RESPONSE

Types of audit procedures applied given the nature of account balance and relevant assertions regarding that account balance
Procedures
Assembling audit team with more experienced auditors Including on audit team outside specialists Increasing emphasis on professional skepticism

7-65 Copyright 2014 South-Western/Cengage Learning

TIMING OF RISK RESPONSE

When audit procedures are conducted and whether they are conducted at announced or predictable times When risk of material misstatement is heightened
Audit procedures conducted closer to year end on an unannounced basis Some element of unpredictability included in timing

7-66 Copyright 2014 South-Western/Cengage Learning

TIMING OF RISK RESPONSE

Introducing unpredictability
Performance of some audit procedures on low risk accounts, disclosures, and assertions Change in timing of audit procedures from year to year Selection of items for testing that are lower than prioryear materiality Performance of audit procedures on a surprise or unannounced basis Varying location or procedures year to year
7-67 Copyright 2014 South-Western/Cengage Learning

TIMING OF RISK RESPONSE

Procedures that can be completed only at or after period end
Comparison of financial statements to accounting records Evaluation of adjusting journal entries made by management in preparing financial statements Conduct procedures to respond to risks that management may have engaged in improper transactions at period end
7-68 Copyright 2014 South-Western/Cengage Learning

EXTENT OF RISK RESPONSE

Amount of evidence that is necessary given clients assessed risks, materiality, and level of acceptable audit risk
When risk of material misstatement is heightened, auditor increases extent of audit procedures and demands more evidence

7-69 Copyright 2014 South-Western/Cengage Learning

AUDITING IN PRACTICE - THE CITY OF DIXON, ILLINOIS SUES ITS AUDITOR RELATED TO RITA CRUNDWELL EMBEZZLEMENT The lawsuit alleges:
Professional negligence Negligent misrepresentation Certain deficiencies in audit procedure

Severe consequences to all parties involved

When auditors fail to assess and appropriately respond to risk of material misstatement

7-70 Copyright 2014 South-Western/Cengage Learning