Audit Planning- Risk and Risk Assessment

BUSINESS RISK

 Risk that auditor will suffer a loss or injury to professional practice due to litigation or adverse publicity in connection with an audit.  Always present whether or not the auditor conducts the audit in accordance with PSA hence cannot be directly controlled by auditor. AUDIT RISK

 Definition: Risk that the auditor gives an inappropriate audit opinion when the FS are materially misstated. 

Components: 1. Risk of material misstatement 2. Inherent risk 3. Control risk 4. Detection risk

The Audit Risk Model AR = IR x CR x DR Where: AR = audit risk IR = inherent risk CR = control risk DR = detection risk Relationships

 As the desired level of audit risk decreases, the auditor should design more effective substantive procedures.  As the assessed level of inherent risk increases, the auditor should design more effective substantive procedures.  As the assessed level of control risk increases, the auditor should design more effective substantive procedures.  As the acceptable level of detection risk decreases, the assurance directly provided from substantive tests increases. Thus, the auditor should design more effective audit procedures in order to achieve the desired level of assurance. Steps in using the audit risk model:

1. Set the desired level of audit risk. 2. Assess the level of inherent risk. - Knowledge of the client’s business and industry, preliminary analytical procedures.

3. Assess the level of control risk. - Studying and evaluating the effectiveness of the client’s accounting and internal control systems. 4. Determine the acceptable level of detection risk. - DR = AR / (IR x CR) 5. Design substantive tests. - Level of assurance provided is the complement of DR. - E.g. LOWER acceptable DR, greater assurance by: a. More effective substantive procedures (nature) b. Performing year-end procedures (timing) c. Using larger sample size (extent) - E.g. HIGHER acceptable DR, lower assurance by: a. Less effective substantive procedures (nature) b. Performing interim procedures (timing) c. Using smaller sample size (extent)

AUDIT RISK, MATERIALITY, AUDIT EFFORT 1. Inverse relationship between audit risk and materiality - Low audit risk suggests it would take larger amounts to be material 2. Inverse relationship between materiality and audit effort (hours worked) - Higher materiality threshold suggests less audit effort 3. Example: If after planning for specific audit procedures, the auditor determines that the acceptable materiality level is lower, audit risk is increased. The auditor would compensate for this by either: - Reducing assessed level of control risk by carrying out additional or extended tests of controls. - Reducing detection risk by modifying the nature, timing, and extent of planned substantive procedures. RISK ASSESSMENT AND THE AUDITOR'S RESPONSE Risk assessment procedures  Definition: Audit procedures performed to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the FS and assertion levels. Steps in assessing RMM: 1. Identify relevant FS assertions. 2. Understand the entity and its environment, including its internal controls. - Procedures: a. Inquiries of management and others within the entity b. Analytical procedures c. Observation and inspection - (PSA 315) RMM may be greater for significant non routine transactions from matters such as: a. Greater mgt intervention to specify acctg treatment b. Greater manual intervention for data collection and processing c. Complex calculations or accounting principles d. Nature of non routine transactions

- RMM may be greater for significant judgment matters that require use of estimates, such as: a. Accounting principles for acctg estimates or revenue recognition may be subject to differing interpretation. b. Required judgment may be subjective, complex, or require assumptions. 3. Make decisions about materiality. - PSA 320 4. Perform analytical procedures. 5. Identify risks that may result in material misstatements, including risk of fraud. - PSA 250: Consideration of laws and regulations. - PSA 240: Auditor’s responsibility to consider fraud. - PSA 330: Auditor’s Procedures in Response to Assessed Risks 6. Develop preliminary audit strategies. -ENDCopyright @philCPAReview