Johnstone_9e_Auditing_Chapter7_PPtFINAL.pdf

(1)

A U D I T I N G

A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT

9th_Edition

Karla M. Johnstone | Audrey A. Gramling | Larry E. Rittenberg

PLANNING THE AUDIT: IDENTIFYING AND RESPONDING TO THE RISKS OF MATERIAL

(2)

LEARNING OBJECTIVES

1. Define the concept of material misstatement and

discuss the importance of materiality judgments in the audit context

2. Identify the risks of material misstatement and

describe how they relate to audit risk and detection risk

(3)

7-3

LEARNING OBJECTIVES

5. Use preliminary analytical procedures and

brainstorming to identify areas of heightened risk of material misstatement

6. Describe how auditors make decisions about

(4)

LEARNING OBJECTIVES

7. Respond to the assessed risks of material

misstatement and plan the procedures to be performed on an audit engagement

8. Apply the frameworks for professional decision

making and ethical decision making to issues involving materiality, risk assessment, and risk responses

(5)

7-5

THE AUDIT OPINION FORMULATION

PROCESS

(6)

PROFESSIONAL JUDGMENT IN CONTEXT - RISKS ASSOCIATED WITH FINANCIAL STATEMENT

MISSTATEMENTS

• Risk: Expresses uncertainty about events and/or their

outcomes having a material effect on the organization

• According to ISA 315 the risks:

• Are associated with operational and financial reporting decisions

• Are sometimes hard to quantify and are judgmental in nature • Are present but the organization does not have material

(7)

7-7

PROFESSIONAL JUDGMENT IN CONTEXT - RISKS ASSOCIATED WITH FINANCIAL STATEMENT

MISSTATEMENTS

• What conditions would cause these types of risks to

lead to a material misstatement in the financial statements? (LO 1, 2, 3, 4, 5)

• What types of risks do these examples represent?

(LO 2, 3, 4)

• How do these risks affect detection risk and audit

(8)

DEFINE THE CONCEPT OF MATERIAL MISSTATEMENT AND DISCUSS THE IMPORTANCE OF MATERIALITY

JUDGMENTS IN THE AUDIT CONTEXT

(9)

7-9

ASSESSING MATERIALITY

• Misstatement: An error, either intentional or

unintentional, that exists in a transaction or financial statement account balance

• Essential to understand materiality in the context of designing and conducting a quality audit

(10)

ASSESSING MATERIALITY

•Magnitude of an omission or misstatement of accounting information that, in view of surrounding circumstances, makes it

probable that the judgment of a reasonable person relying on the

information would have been changed or

(11)

ASSESSING MATERIALITY

• According to ISA 320, Materiality in Planning and Performing an Audit • Auditors’ judgments

about materiality should be made based on a

consideration of

information needs of

users as an overall group

• According to the

Supreme Court of the United States

• Fact should be viewed by reasonable investors as having significantly

altered total mix of information made available

(12)

MATERIALITY GUIDANCE

• Audit firms provide auditors with:

• Specific written guidance • Decision aids

• Levels considered by auditors

• Materiality for the financial statements as a whole • Performance materiality for particular classes of

(13)

7-13

MATERIALITY GUIDANCE

• Performance materiality: Amount set by auditor at

less than materiality level for financial statements as a whole or for particular classes of transactions,

account balances, or disclosures

• Used to:

• Assess risks of material misstatement

• Determine the nature, timing, and extent of audit procedures

(14)

MATERIALITY GUIDANCE

• Tolerable misstatement: Amount of misstatement in

an account balance that the auditor could tolerate and still not judge underlying account balance to be materially misstated

• Clearly trivial amount (posting materiality)

• Inconsequential, whether:

(15)

7-15

SEC VIEWS ON MATERIALITY

• Criticisms of the auditing profession

• Netting material misstatements

• Not applying materiality concept to swings in accounting estimates

• Consistently passing on individual adjustments that may not be considered material

(16)

SEC VIEWS ON MATERIALITY

• Qualitative reasons for considering quantitatively

small misstatement material

• Hiding failure to meet analysts’ consensus expectations

• Changing a loss into income, or vice versa

• Concerning a segment playing significant role in operations or profitability

(17)

7-17

SITUATIONS NECESSITATING CHANGE

IN MATERIALITY JUDGMENTS

• Initial materiality judgments were based on

estimated or preliminary financial statement amounts, which are different from the audited amounts

• Financial statement amounts initially used in the

(18)

CHANGES IN MATERIALITY

JUDGMENTS

• Auditors make professional judgments about size of

material misstatements providing a basis for:

• Determining nature and extent of risk assessment procedures

• Identifying and assessing risks of material misstatement

• Determining nature, timing, and extent of tests of controls and substantive audit procedures

(19)

IDENTIFY THE RISKS OF MATERIAL

MISSTATEMENT AND DESCRIBE HOW THEY RELATE TO AUDIT RISK AND DETECTION RISK

(20)

EXHIBIT 7.1 - RISKS RELEVANT TO AN

AUDIT

(21)

7-21

RISK OF MATERIAL MISSTATEMENT

• Exists at the financial statement level and assertion

level

• Categories of risk within these levels

• Inherent risk • Control risk

• Risk of material misstatement high - Auditor accepts

less audit risk

• Risk of material misstatement lower - Auditor

(22)

RISK OF MATERIAL MISSTATEMENT

• Detection risk: Level of audit effort that auditor will

expend on engagement depends on level of detection risk

When risk of material misstatement is

higher

Detection risk is set lower Increase in evidence obtained through substantive audit procedures

(23)

7-23

AUDITING IN PRACTICE - WHAT MAKES

A RISK SIGNIFICANT?

• AU-C 315:

• Whether the risk is a risk of fraud

• Whether the risk is related to recent significant economic, accounting, or other developments and, requires specific attention

• Complexity of transactions

• Whether the risk involves transactions with related parties • Degree of subjectivity in measurement of financial

information related to risk

• Whether the risk involving significant transactions outside normal course of business

(24)

ASSESS FACTORS AFFECTING INHERENT RISK

(25)

7-25

FACTORS FOR ASSESSMENT OF INHERENT RISK

AT THE ASSERTION LEVEL AT A HIGHER LEVEL

• Account represents an asset that can be easily stolen • Account balance made up of complex transactions • Account balance requires a high level of estimation

to value

• Account balance subject to adjustments that are not

in the ordinary processing routine

• Account balanced composed of a high volume of

(26)

BUSINESS RISKS

• Inherent risk at financial statement level that affects

business operations and potential outcomes of organizational activities

• Factors affecting such risk

• Overall economic climate • Technological changes • Competitor actions

(27)

7-27

FACTORS FOR ASSESSMENT OF INHERENT

RISK OF OPERATIONS AT HIGHER LEVEL

• Lack of expertise to deal with changes in industry • Uncertain likelihood of successful introduction of

new product and acceptance by market

• Information technology being incompatible across

systems

• Expansion of business for which demand not

accurately estimated

• Implementation of incomplete business strategy

(28)

FACTORS FOR ASSESSMENT OF INHERENT

RISK OF OPERATIONS AT HIGHER LEVEL

• Alternative products, services, competitors, or

providers posing a threat to current business

• Significant supply chain risks

• Complex production and delivery processes • Mature and declining industry

• Inability to control costs with possibility of

(29)

7-29

SOURCES OF INFORMATION FOR

ASSESSING BUSINESS RISKS

• Management inquiries • Review of client’s

budget

• Tour of client’s plant

and operations

• Review government

regulations and client’s legal obligations

• Knowledge

management systems

• Online searches

• Review of SEC filings • Company Web sites • Economic statistics • Professional practice

bulletins

• Stock analysts’ reports • Company earnings calls

(30)

INHERENT RISK AT FINANCIAL STATEMENT

LEVEL - FINANCIAL REPORTING RISKS

• When assessing this risk, auditors consider all items

on a company’s financial statements that are subjective and based on judgment

• Inherent risk at the financial statement level is affected by:

• Competence and integrity of management

(31)

7-31

SOURCES OF INFORMATION

REGARDING MANAGEMENT INTEGRITY

• Predecessor auditor

• Other professionals in business community • Other auditors within audit firm

• News media and Web searches • Public databases

• Preliminary interviews with management • Audit committee members

• Inquiries of federal regulatory agencies • Private investigation firms

(32)

AUDITING IN PRACTICE - AN EXAMPLE OF

INHERENT RISK AT FINANCIAL STATEMENT LEVEL

• Former CFO of Maxim Integrated Products was held

liable for securities fraud for engaging in a scheme to backdate stock option grants

• Aided Maxim’s failure to maintain accurate accounting records, resulting in inaccurate financial reporting

• Management integrity was a fundamental problem

leading to this fraud

(33)

7-33

FACTORS FOR ASSESSMENT OF INHERENT RISK OF

FINANCIAL REPORTING AT HIGHER LEVEL

• Discrepancies in

accounting records • Unusual relationships

between auditor and management

• Lack of management competence

• Company history of

meeting analyst estimates or high earnings growth expectations

• An impending initial public offering of stock • Disagreements over

financial reporting with prior auditors

• Auditor resignation

• Unusual transactions with outsiders or significant

(34)

FACTORS FOR ASSESSMENT OF INHERENT RISK OF

FINANCIAL REPORTING AT HIGHER LEVEL

• Transactions for which most of the revenue or expense is recognized at inception of transaction • Financial results that

seem too good to be true • Complex business

arrangements that serve

• Evasiveness from

management regarding questions about financial statements

• Insistence by CEO or CFO to be present at all

meetings

(35)

7-35

AUDITING IN PRACTICE - APPLICATION OF ACCOUNTING PRINCIPLES AND RELATED DISCLOSURES

• Auditor needs to:

• Determine whether management’s decisions are appropriate and consistent with financial reporting framework

• Develop expectations about appropriate disclosures that are necessary

• Compare those expectations to disclosures made by management in assessing inherent risks

(36)

ASSESS FACTORS AFFECTING CONTROL RISK

(37)

7-37

CONTROL RISK

• Relates to susceptibility that a misstatement will not

be prevented or detected on a timely basis by internal control system

• It’s assessment can be made at:

• Overall financial statement level • Account or assertion level

(38)

ASSESSING FACTORS AFFECTING

CONTROL RISK

• Poor controls in specific countries or locations • Difficulty gaining access to the organization or

determining the controllers of the organization

• Little interaction between senior management and

operating staff

• Weak tone at the top leading to a poor control

(39)

7-39

ASSESSING FACTORS AFFECTING

CONTROL RISK

• Growth of organization exceeding accounting system

infrastructure

• Disregard of regulations for prevention of illegal acts • No internal audit function, or lack of respect for

internal audit function by management

• Weak design, implementation, and monitoring of

internal controls

(40)

AUDITING IN PRACTICE - LACK OF OVERSIGHT AS A CONTROL WEAKNESS LEADS TO EMBEZZLEMENT • Rita Crundwell and the City of Dixon, Illinois

• $50+ million fraud

• Auditors need to be aware of weak internal controls

and negative consequences for a client’s financial statements

• Control risk assessment as high means a need to perform additional substantive procedures

(41)

7-41

TECHNIQUES TO UNDERSTANDING

MANAGEMENT’S RISK ASSESSMENT

• Understand processes used by the board and

management to manage risk

• Review risk-based approach used by internal audit

function with its director and audit committee

• Interviewing management about:

• Risk approach • Risk preferences • Risk appetite

(42)

TECHNIQUES TO UNDERSTANDING

MANAGEMENT’S RISK ASSESSMENT

• Review outside regulatory reports

• Review company policies and procedures • Review company compensation schemes • Review prior years’ work

• Determine how management and board:

• Monitor risk

(43)

USE PRELIMINARY ANALYTICAL PROCEDURES AND BRAINSTORMING TO IDENTIFY AREAS OF

HEIGHTENED RISK OF MATERIAL MISSTATEMENT

(44)

PRELIMINARY ANALYTICAL

PROCEDURES

Developing an expectation

Determining when the difference between auditor’s expectation and client’s records would be significant

(45)

7-45

TYPES OF ANALYTICAL TECHNIQUES

• Trend analysis: Based on the history of changes in

the account, year-to-year comparisons of:

• Account balances

• Graphic presentations • Analysis of financial data • Histograms of ratios

(46)

TYPES OF ANALYTICAL TECHNIQUES

• Ratio analysis: Identifies significant differences

between the client results and a norm or between auditor expectations and actual results

• Identifies potential audit problems that may be found in ratio changes between years

(47)

7-47

EXHIBIT 7.3 - COMMONLY USED

RATIOS

(48)

RATIO AND TREND ANALYSIS

• Carried out through a comparison of client data with

expectations:

• Based on industry data

• Based on similar prior-period data

• Developed from industry trends, client budgets, other account balances, or other bases of expectations

(49)

7-49

BRAINSTORMING

• A group discussion designed to encourage auditors

to creatively assess client risks

• Particularly those relevant to possible existence of fraud in an organization

• Occur during the early planning phases of audit • Repeated if actual fraud is detected

• Attended by entire engagement team and led by

(50)

GUIDELINES FOLLOWED DURING

BRAINSTORMING SESSION

Suspension of criticism Freedom of expression

(51)

7-51

STEPS IN BRAINSTORMING SESSIONS

Reviewing prior year client information

Considering client information, particularly with respect to the fraud triangle

Integrating information from previous steps into an assessment of likelihood of fraud in engagement

(52)

DESCRIBE HOW AUDITORS MAKE DECISIONS ABOUT DETECTION RISK AND AUDIT RISK

(53)

7-53

DETERMINING DETECTION RISK AND

AUDIT RISK

• Auditor determines level of detection risk on the

basis of:

• Assessment of risk of material misstatement at all levels

• Consideration of desired level of audit risk

• Determining detection risk influences nature,

(54)

DETECTION RISK AND AUDIT RISK

• Detection risk is affected by:

• Effectiveness of substantive auditing procedures performed

• Extent to which the procedures were performed with due professional care

• High level of detection risk

• Audit firm is willing to take higher risk of not detecting a material misstatement

(55)

7-55

DETECTION RISK AND AUDIT RISK

• Low level of detection risk

• Audit firm is not willing to take as much of a risk of not detecting material misstatement

• Audit risk is also low

• Audit risk usually set at between 1% and 5% • Detection risk ranges from 1% to 100%

(56)

EXHIBIT 7.4 - RISKS AND THEIR

EFFECTS ON AUDIT WORK

(57)

7-57

EXHIBIT 7.4 - RISKS AND THEIR

EFFECTS ON AUDIT WORK

(58)

HIGH RISK OF MATERIAL

MISSTATEMENT

• Assuming an account with many complex

transactions and weak internal controls

• Inherent risk and control risk assessed at their maximum

• Audit risk set at a low level

• Audit risk model

(59)

7-59

LOW RISK OF MATERIAL

MISSTATEMENT

• Assuming an account with simple transactions and

well-trained personnel with no incentive to misstate financial statements

• Inherent risk and control risk assessed at 50% and 20% respectively

• Audit risk set at 5%

Audit Risk = Inherent Risk × Control Risk × Detection Risk

0.05 = 0.50 × 0.20 × Detection Risk Detection Risk = 0.05 / (0.50 × 0.20) = 50%

(60)

AUDITING IN PRACTICE - AN EXPANDED

VERSION OF AUDIT RISK MODEL

(61)

RESPOND TO THE ASSESSED RISKS OF MATERIAL MISSTATEMENT AND PLAN THE PROCEDURES TO

BE PERFORMED ON AN AUDIT ENGAGEMENT

(62)

PLANNING AUDIT PROCEDURES TO RESPOND TO

THE ASSESSED RISKS OF MATERIAL MISSTATEMENT

• Auditor should design:

• Controls reliance audit • Substantive audit

• When considering risk responses, auditor should:

• Evaluate reasons for assessed risk of material misstatement

(63)

7-63

PLANNING AUDIT PROCEDURES TO RESPOND TO

THE ASSESSED RISKS OF MATERIAL MISSTATEMENT

• Consider the role of internal controls, and determine whether control risk is relatively high or low

• Obtain more relevant and reliable evidence with

(64)

EXHIBIT 7.5 - EFFECT OF RISK

(65)

7-65

NATURE OF RISK RESPONSE

• Types of audit procedures applied given the nature

of account balance and relevant assertions regarding that account balance

• Procedures

• Assembling audit team with more experienced auditors • Including on audit team outside specialists

(66)

TIMING OF RISK RESPONSE

• When audit procedures are conducted and whether

they are conducted at announced or predictable times

• When risk of material misstatement is heightened

• Audit procedures conducted closer to year end on an unannounced basis

(67)

7-67

TIMING OF RISK RESPONSE

• Introducing unpredictability

• Performance of some audit procedures on low risk accounts, disclosures, and assertions

• Change in timing of audit procedures from year to year • Selection of items for testing that are lower than

prior-year materiality

• Performance of audit procedures on a surprise or unannounced basis

(68)

TIMING OF RISK RESPONSE

• Procedures that can be completed only at or after

period end

• Comparison of financial statements to accounting records

• Evaluation of adjusting journal entries made by management in preparing financial statements • Conduct procedures to respond to risks that

(69)

7-69

EXTENT OF RISK RESPONSE

• Amount of evidence that is necessary given client’s

assessed risks, materiality, and level of acceptable audit risk

• When risk of material misstatement is heightened, auditor increases extent of audit procedures and demands more evidence

(70)

AUDITING IN PRACTICE - THE CITY OF DIXON, ILLINOIS SUES ITS AUDITOR RELATED TO RITA CRUNDWELL

EMBEZZLEMENT • The lawsuit alleges:

• Professional negligence

• Negligent misrepresentation

• Certain deficiencies in audit procedure

• Severe consequences to all parties involved

• When auditors fail to assess and appropriately respond to risk of material misstatement