Audit Risk and Business Risk

Cha hapter pter 4 Audit Risk and Business Risk

Standards • ASA 210 Terms of Audit Engagements • ASA 315 Understanding the Entity and Its Environment and Assessing the Risks of  a er a ss a emen

• Four Four crit critic ical al co com m on onen ents ts of ris risk k affe affect ct the audi auditt approach and audit outcome: – En Ente terp rpri rise se risk risk:: risks that affect the operations and potential outcomes organisation activities – En Enga gage geme ment nt ris risk: k: comes with association with a specific client – Fin Financi ancial al repo reporti rting ng ris risk: k: risks that relate rec y o e recor ng ransac ons an e presentation of the financial statements – an unqualified opinion on financial statements

N ature of R isk (cont. ( cont.)) • Each Each of thes these e com compo ponen nents ts can can be be man manage aged. d. • Comp Compan any y sur survi viva vall dep depen ends ds on the the effectiveness of risk management processes.

M anage anagement ment (ERM (E RM ) • COSO def defines ERM as:  ‘ ’  directors, management and other personnel, a lied in strate settin and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to within its risk appetite, to provide reasonable assurance regarding the .’ 

M anagemen anagementt (cont. (co nt.)) • COSO COSO des descr crib ibes es ERM ERM as as con consi sist stin ing g of eight eight interrelated rocesses: – risk risk managemen managementt environm environment ent:: managemen managementt culture and attitude towards risk – event identificatio identification: n: identifi identificatio cation n of events that may affect the organisation’s ability to implement strategies or achieve objectives – risk assessment: assessment: assessing assessing risks risks to determin determine e response – risk risk resp respon onse se

M anagemen t (con t. t.)) – control control activi activities: ties: policies policies and procedur procedures es management’s directives and strategies are im lemented – inform informati ation on and and comm communi unicat cation ion – • An eff effec ecti tive ve ERM ERM proc proces ess s with within in an an that risks are identified, understood and addressed.

Responses • Once Once ris risk k has has been been iden identi tifi fied ed and and ass asses esse sed, d, an organ sa on as ou our c o ces: – co cont ntro roll the the ris risk k – s are or trans er t e ris – divers diversify ify agai against nst or or avoid avoid the the risk risk – ac acce cept pt the the ris risk. k. • Depen Dependi ding ng on on the the ci circ rcum umst stan ance ces, s, eac each h of  of  these may be an acceptable approach to manage the risk.

Risk Factors Affecting Affect ing the A udit – The risk auditors auditors incur incur by by being being associated associated – Risk Risk is high high wheneve wheneverr there there is increa increased sed • the audit auditor or is assoc associate iated d with with a failed failed client client • financial financial stateme statements nts contain contain material material misstat misstatemen ementt that the auditor fails to find.

– These conditions conditions increase increase the likelihood likelihood that

the Aud A udit it (cont. (co nt.)) • Clie Client nt acc accep epta tanc nce e or rete retent ntio ion n deci decisi sion on – Perhaps Perhaps the the most most import important ant audit decision decision – A decisio decision n affecte affected d by a range range of factor factors. s. The most important involve: • the qualit quality y of the client’s client’s corpo corporate rate govern governance ance • the clie client’ nt’s s financi financial al health health..

Corp orporate orate G overnan ce • The The key key fact factor ors s an aud audit itor or wil willl anal analys yse e incl include ude:: – manag managem ement ent inte integr grit ity y – indepen independenc dence e and comp compete etence nce of of the audit committee and board – quality quality of ERM and contro controls ls – regulat regulatory ory and and reportin reporting g requirem requirement ents s – partic participa ipatio tion n of key stak stakeho eholder lders s – existence existence of related related party party transactio transactions. ns.

Organisation Organisati on Financial Health • Ther There e are are a num number ber of reas reason ons s why why the the aud audit itor or needs to evaluate a potential client’s financial health: – The auditor auditor will most likely be sued if a client client goes onto liquidation. – Investors Investors and creditor creditors s who have lost lost money will look for recovery. – Lawyers Lawyers will will claim the financi financial al statement statements s were misstated and the auditors should have known they were misstated.

(cont.) •

e au or a so so nee s o un ers an e financial health in order to: – ’  misstate the financial statements – – identi identify fy accou account nt balanc balances es that that appear appear .

Other Factors A ffect ffecting ing E ngagem ent Ris ’  prospects to ensure important areas are investigated and the company is likely to stay in business. • High-r High-risk isk compani companies es are general generally ly charac character terise ised d by: by: – inade uate ca ital – lack of long-r long-run un strategic strategic and operati operational onal plans – low co cost en entr into the ma market – dependen dependence ce on limite limited d product product offer offerings ings – de endence on technolo sub ect to obsolescence – instab instabili ility ty of future future cash cash flow flows s –

• Fina Financ ncia iall miss missta tate teme ment nt ris risk k is inf influ luenc enced ed by – the company company’s ’s finan financia ciall health health – the quality quality of the the company’s company’s internal internal control controls s – the complex complexity ity of of the the company’s company’s transaction transactions s and financial reporting – manageme management’ nt’s s motivat motivation ion to misst misstate ate the nanc a repor . • Thes These e fact factor ors s are are int inter erre rela late ted. d. • The The audit auditor or wil willl gath gather er inf infor orma mati tion on on on thes these e issues through reviews of previous audits, or by talking with the predecessor auditor.

A c c e t i n N e w Cl Cl i e n t s : M inimising Risk • A new new audito auditorr shoul should d initi initiate ate discus discussio sions ns with with the change in auditors. •

ecause o e con en a y ru e, e successor must first obtain client permission to talk with .

M inimising R isk (con t. t.)) • The The succ succes esso sorr is par parti ticu cula larl rly y inte intere rest sted ed in in – mana managem gement ent inte integr grit ity y – substantive auditing or accounting issues – ’  reasons for the change – predecessor and management or audit committee regarding fraud, illegal acts or internal control matters.

e

ngagement

etter

• The The audi audito torr and and cli clien entt shou should ld hav have e a mut mutual ual unde unders rsta tand ndin in of the the audi auditt ro roce cess ss.. • The The audi audito torr shou should ld prep prepar are e an engag engagem ement ent let lette terr each party, and to summarise and document this understanding, including the: – nature nature of of the serv service ices s to be prov provided ided – timi timing ng of of thos those e serv servic ices es – expected expected fees fees and basis on which which they they will will be be billed (fixed fee, hourly rates)

The Engagem ent Letter (co nt. nt.)) • The The enga engagem gemen entt lett letter er sho shoul uld d also also des descr cribe ibe – auditor auditor responsi responsibiliti bilities, es, includi including ng the the search search – client responsibili responsibilities, ties, including including preparing preparing – need for for any any other other services services to be performe performed d b the firm.

M ateri ateriality ality and Audit A udit Risk audit that provides reasonable assurance that material misstatements will be detected • ‘Inf ‘Infor ormat matio ion n is mater material ial if its its omi omiss ssio ion, n, misstatement or non-disclosure has the potential, individually or collectively, to a n uence e econom c ec s ons o users taken on the basis of the financial report; or management or governing body of the entity.’  AASB 1031 ara. ara. 9

Materiality • Mater Material ialit ity y has thr three ee signi signifi fican cantt dimen dimensi sion ons: s: – size of the the misstat misstatement ement (dollar (dollar amount amount)) – circ ircumst umstan ance ces s – some ome thi things ngs are are view iewed more critica y t an ot ers – user user impa impact ct – impa impact ct on po potent tentia iall use users rs and and .

ater a ty co n t. • Determi Determinat nation ion of materia materialit lity y is is s situ ituati ationon-spec specifi ific. c. difficult, it allows the auditor to adjust the ri ou ourr of of the the audit audit to refle reflect ct the the ris risk k of of the the engagement. – The lower lower the the dollar dollar amount amount of of set materiality materiality,, the more rigorous the examination.

M ateriality G uid uidelines elines • Mo Most st firm firms s hav have e gui guidel delin ines es fo forr set setti ting ng . – usuall usually y involve involve apply applying ing percen percentag tages es to – may also also be be based based on nature nature of of the indu industr stry y • Audit Auditor ors s initi initial ally ly set set plann plannin ing g mater materia iali lity ty for for , this to individual accounts based on their susceptibility to misstatement.

• Audi Auditt risk risk is the the risk risk than han an audi audito torr ma ma is issu sue e an unqualified opinion on materially misstated financial statements. • The auditor auditor ass assess esses es engageme engagement nt risk risk firs first, t, then then sets audit risk. • Audit Audit risk risk is invers inversely ely related related to engagem engagement ent risk. risk. risk, they must conduct more rigorous audits. • • If the the audi audito torr acc accept epts s a cl clie ient nt with with lo low w ,

I nsepara nseparabilit bility y of  u s a er a

y

• Audit risk and en a ement risk relate to factors that might encourage someone to challenge the auditor’s work. • For For exa exampl mple, e, tran transa sact ctio ions ns tha thatt might might no nott be material to a ‘healthy’ company might be material to financial statement users for a company on the brink of bankruptcy. • The follow following ing factor factors s help help integra integrate te the concep concepts ts of  risk and materiality: – All audits involve involve sampling sampling and cannot cannot provid provide e 100 percent assurance. Audito

ust compet compete e in an active active market marketplace place

I ns nse arabilit of A udit Risk & M ateriality ateri ality (co (cont. nt.)) – Audito Auditors rs need need to unders understan tand d society society’s ’s ex ectations of financial re ortin and the audit process. – Auditors must identif the risk areas of a business to determine which accounts are more susceptible to material misstatement. – Auditor Auditors s need to devel develop op method methodolo ologies gies to allocate overall assessments of materiality to individual account balances.

• The The audi audito torr sets sets desir desired ed aud audit it ris risk k bas based ed on on assessed en a ement risk: AR = IR x CR x DR • AR = audit risk •

=

• CR = control risk •

= e ec on r s

e •

u

s

o e

e au r s mo mo e a ows consider the following: –

e au

con . or o

omp ex or unusua ransac ons are more likely to recorded in error than are simple or .

– Manageme Management nt may be be motivat motivated ed to missta misstate te . – Better Better inte interna rnall contro controls ls mean mean a lesser lesser . – The amou amount nt and and persuas persuasive ivenes ness s of audit audit

. • Inherent ri risk: susce tibilit of transactions to be recorded in error. Inherent risk is higher for some items. – omp ex transactions are more i e y to e misstated than simple transactions. – than fact-based balances. – The audi auditor tor asse assesse sses s inheren inherentt risk risk • Control risk: risk client controls will fail to – The quality quality of contro controls ls often often varies varies between between classes of transactions.

e

u

s

o e

con .

• combined. – misstatements occurring. • to detect material misstatements. – procedures and their application. – Is control controlled led by the the auditor auditor and is an integral integral part of audit planning. – The level level of dete detecti ction on risk risk set set direct directly ly

The Au Audit dit Risk M odel cont. AR = IR x CR x DR • Audit Audit risk risk is set invers inversely ely to the ass assess essed ed leve levell of  of  engagement risk. • After After audi auditt risk risk is is set, set, the auditor auditor ass assess esses es inher inherent ent and control (environment) risks. • The The aud audit itor or se sets ts dete detect ctio ion n ris risk k inversely to environment risk. For example, if the auditor is examining transactions wit ig in erent ris or weak controls, they will set a low detection risk: = IR x CR

not detecting material misstatements. •

v w r , u rw have to perform more rigorous substantive , , reliable forms of evidence, assign more experienced auditors, closer supervision, greater year-end (rather than interim) testing.

• The The aud audit it risk risk mode modell sho shows ws that that the the amou amount nt nature, and timing of audit procedures depends on the level of audit risk an auditor assumes an e eve o c en -re a e r s s

Audit Risk Model • Inhe Inhere rent nt ris risk k is dif diffi ficu cult lt to to form formall ally y asse assess ss.. • • The The mod model el treat treats s eac each h ris risk k com compo pone nent nt as as the case. • component can be accurately assessed. , the audit risk model as a functional, rather than mathematical, model.

Developing Dev eloping an Un derstanding M isstat isstatement ement Risks • If the there re are are maj major or pro probl blem ems s with within in a com compan pany, y, the evidence gathered from within that company . • Beca Becaus use e of of this this,, the the audi audito torr shou should ld – u n er s a n e company, s s ra eg es, an operations in depth – which the company operates – client transactions –

The Business Risk pproac o u ng • Develo understandin of mana ement’s risk management process • Deve Develo lop p unde unders rsta tand ndin ing g of the the bus busin ines ess s and the the risks it faces • Use the identi identifie fied d risk risks s to develop develop expecta expectatio tions ns about account balances and financial results • Ass Assess ess quality quality of contro controll s syst ystems ems to manage manage risks risks • Determ Determine ine residu residual al risk, risk, and update update expect expectati ations ons about account balances • anage rema n ng r s o accoun a ance misstatement by determining the direct tests of 

U n d erstan d in M an a em en t’s Risk M anag anagement ement P roc rocess ess • To under underst stan and d the the clie client nt’s ’s risk risk manag managem ement ent process, auditors will normally use the following – understand understand the process processes es used used to evaluate evaluate risks risks – internal auditing – interview interview management management about about its risk approach approach – review regulatory regulatory agency reports reports that that address address the company’s policies towards risk – rev ew company po ces an proce ures or addressing risk –

’  Risk M anagement P rocess roces s (cont. ( cont.)) – review review prior prior years years’’ work work to determ determine ine if  current actions are consistent with risk approach discussed with management – review review risk risk manageme management nt docum document ents. s. • If the the comp company any has has str stron ong g ris risk k mana manage gemen mentt processes, the auditor may focus on testing on account balances. , a comprehensive risk process, the auditor will assess engagement risk as high, set audit risk at .

Developing Dev eloping an Un derstanding of  Business Busi ness & Risks • Ther There e are are a num number ber of info inform rmat atio ion n sour source ces s (including electronic sources) that auditors use to – – – – – – – –

inte intell llig igen entt agent agents s onli on line ne se sear arch ches es comp co mpan any y webs websit ites es profes professio sional nal pract practice ice bulle bulletin tins s s oc ana ys s repor s

Business P roces rocesses ses • Each Each org organ anis isat atio ion n has a few few key key pro proce cess sses es tha thatt give them a competitive advantage (or disadvantage) • T e au itor s ou gat er su icient in ormation to understand: – y r c ss s – the industry industry factor factors s affectin affecting g key processes processes – ow managemen mon ors ey processes – the potential potential operati operational onal and financia financiall effects effects .

Sources of I nformation about Key P roces rocesses ses • • • • • • •

Mana anageme ement inq inquiries Pred Predec eces esso sorr aud audit itor or inqu inquir irie ies s Revi Review ew of of prio priorr-per perio iod d audi auditt wor work k paper papers s Revie eview w of of cli clien ent’ t’s s budg budget ets s Tour Tour of of clie client nt’s ’s fac facil ilit ities ies and and oper operat atio ions ns Revi Review ew data data proc proces essi sing ng ce cent ntre re Revi Review ew sig signi nifi fica cant nt debt debt cov covena enant nts s and and board board of  of  directors’ minutes • Revi Review ew rel relev evant ant gove govern rnmen mentt regu regula lati tion ons s and client’s legal obligations

Developing Dev eloping Expect Expectations ations • The The audi audito torr shou should ld use use infor informa mati tion on abo about ut the the company s ey processes an r s s o eve op expectations about its account balances and . • Thes These e exp expec ecta tati tion ons ss sho houl uld d be: be: – develo developed ped indepe independen ndently tly of of manageme management nt – documented, documented, along with a rationa rationale le for for the the expec a ons – commun communica icated ted to all all audit audit team memb members ers..

I nternal Controls Controls • Cont Contro rols ls inc inclu lude de poli polici cies es and and proce procedur dures es set set by . • The The audi audito torr is par parti ticu cula larl rly y inte intere rest sted ed in tho those se con ro s es gne o pro ec e company s ey processes and the measures used to monitor the .

Con ontro trols ls (con ( cont. t.)) • Exam Exampl ples es of of thes these e measu measure res s (key (key per perfo form rman ance ce r u : – backlo backlog g of work work in progres progress s – – increa increased sed dispu disputes tes regar regarding ding accou accounts nts – survey surveys s of custom customer er satisf satisfact action ion – – decr decreas eased ed produc producti tivi vity ty –

& Audit Risk • The The aud audit itor or mana manage ges s audi auditt ris risk k by by – adjusting adjusting audit audit staff staff to reflect reflect risk associated associated with a client – eve oping irect tests o account a ances consistent with detection risk – an c pa ng po en a m ss a emen s ey o be associated with account balances – overall audit risk.

Stat tatement ement Review : ec n ques xpec a ons • Audi Audito tors rs use use analy analyti tica call proce procedur dures es to dev devel elop op expectations of account balances. • Thes These e expec expecta tati tion ons s are com compar pared ed to rec recor orded ded boo book k values to identify misstatements.

P re r elim inar Financial Statement R eview : Techniq Techniques ues . • Sources of data commonl used: – financ financial ial inform informati ation on for prior prior period periods s – ex ected or lanned results from bud ets and forecasts – compar compariso ison n of linked linked accou accounts nts (such (such as interest expense and debt) – ratios ratios of of financi financial al inform informati ation on (such (such as common-size financial statements) – compan company y and and indus industry try trends trends relevan relevantt nonfinan nonfinancia ciall informat information ion

P reliminary Financial Stat S tatement ement Review : Techniq Techniques ues &  . • Tech Techni niqu ques es commo ommonl nly y us used – Tren Trend d anal analys ysis is – Compar Comparati ative ve financ financial ial state statemen ments ts (horizontal analysis) – Rati Ratio o anal analys ysis is – Common Common-si -sized zed financ financial ial state statement ments s (vertical analysis) • The result results s of of analy analytic tical al proc procedu edures res are placed placed in context when auditors compare client results to the client’s prior performance, industry data, or

Cond onduct uct of the Aud it • The The ris risk k appr approa oach ch means means audi audito tors rs must must understand the company and its risks as a basis for determining which account balances should be directly tested and which can be • Linka Linkage ge to to dire direct ct test tests s of acc accou ount nt bala balanc nces es:: if  an au or conc u es ere s a g r s o material misstatement they must: – – use procedur procedures es appropriat appropriate e for the level level risk risk .

R i s k A na n a l s i s & Co n d u c t o f   the Aud A udit it (cont. (co nt.)) • Quality Quality of acc accoun ountin ting g princ principl iples es used: used: The auditor auditor is required to assess the appropriateness of the . • Guidel Guidelines ines to evaluat evaluate e ‘appro ‘appropri priaten ateness ess’’ include include – accounting reflect the economic substance of  – Consistency Consistency of application application of accounting accounting standards – Acc Accoun ountin ting g estimat estimates: es: are are they based based on proven models, reconciled to actual results, based on valid economic reasons?