Chapter 4

Risk Assessment

Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Chapter OverviewLO# 1

4-2

This chapter will help you understand the audit risk model and the auditor’s risk assessment process.

Audit RiskThe risk that an auditor expresses

an inappropriate audit opinion when the financial statements are

materially misstated.

LO# 1

4-3

In simple terms, audit risk is the risk that an auditor will issue an unqualified opinion on materially misstated financial

statements.

Audit Risk

Financial statement level

Individual account balance or disclosure

level

LO# 1

Assertion level

مستوى التأكد

4-4

While the auditor is ultimately concerned with audit risk at the financial statement level, as a practical matter audit risk must beconsidered at the account balance and disclosure levels. Wewill use the term assertion to refer to consideration of audit risk at even lower levels.

The Audit Risk ModelLO# 2

4-5

The Audit Risk ModelLO# 2

4-6

The Audit Risk Model LO# 2

4-7

Inherent risk (IR). The susceptibility of an assertion in anaccount or disclosure to a misstatement due to error orfraud that could be material, either individually or incombination with other misstatements, before consideration of any related controls.

المعين حساب رصيد من التأكد عند القابلية بأنها المتالزمة المخاطر تعرف

أو خطأ من ناتجة صحيحة غير بيانات لوجود المعامالت من معين نوع أو

مع وذلك أخرى أخطاء مع اجتمع إذا أو بمفرده جوهريا يكون قد احتيال

”به تتعلـق الداخلية للرقابة إجراءات وجود عدم

The Audit Risk ModelLO# 2

4-8

Control risk (CR). The risk that a misstatement that could occur in an assertion about an account ordisclosure and that could be material, either individually or in combination with other misstatements, will not beprevented, or detected and corrected, on a timely basis by the entity’s internal control.

أحد في خطأ حدوث عن الناتجة المخاطر“ بأنها الرقابية المخاطر تعرف

مع اجتمع إذا جوهريا يكون قد ، المعامالت من معين نوع في أو األرصدة

أو منعه يمكن وال المعامالت من آخر نوع أو أخرى أرصدة في خطأ

الداخلية الرقابة إجراءات طريق عن مناسب وقت في اكتشافه

The Audit Risk ModelLO# 2

4-9

Detection risk (DR) is the risk that the procedures performed by the auditor will not detect a misstatement that exists and that could be material, either individually or in combination with other misstatements.

المراجعة إجراءات أن في المتمثلة المخاطر“ بأنها االكتشاف مخاطر تعريف تم

في أو األرصدة أحد في خطأ وجود عدم مؤداها نتيجة إلى بالمراجع تؤدي قد

ويكون موجودا الخطأ هذا فيه يكون الذي الوقت في المعامالت من معين نوع

.المعامالت من آخر نوع أو أخرى أرصدة في أخطاء مع اجتمع إذا جوهريا

The Audit Risk Model

Audit Risk = IR CR DR

Inherent risk and control risk:Risk of material misstatement

Nonsampling risk

Sampling risk

Detection risk:Risk that auditor will not detect misstatements

Inappropriate audit procedure Improper or incomplete use of an audit procedure Misinterpreting audit results

LO# 2

4-10من العمليات% 100ال يمكن اختبار

Engagement Risk

An auditor’s exposureto financial loss and

damage toprofessional reputation.

Litigation

Adverse publicity

LO# 2

Local audit failure …

4-11

Using the Audit Risk Model Set a planned level of audit risk such that an opinion can be issued on the financial statements. Assess the risk of material misstatement (IR x CR). Use the audit risk equation to solve for the appropriate level of detection risk:

AR = IR CR DR

DR = ARIR CR

Auditors use this level of detection risk to design audit procedures that will reduce audit risk to an acceptable level.

LO# 3

4-12

The Audit Risk Model LO 3

4-13

Limitations of theAudit Risk Model

Preliminary Assessment Level of Risk

Actual or Achieved Level of Risk

LO# 3

+ / –

The audit risk model is a planning tool, but it has some limitations that must be considered when the model is used to revise an audit plan or to evaluate audit results. • The desired level of audit risk may not actually be achieved. • It does not consider potential auditor error. • There is no way of knowing what the preliminary level of risk of material misstatement actually was.

4-14

The Auditor’s Risk Assessment ProcessFigure 4-2 An Overview of the Auditor’s Assessment of Business Risks and the Risk of

Material Misstatements

LO# 4

4-15

Errors are unintentional misstatements of amounts or disclosures in the financial statements.

Fraud refers to an intentional act by one or more among management, those charged with governance, employees, or third parties, involving the use of deception that results in a misstatement in the financial statements.

LO# 5 LO# 5

Assessing the Risk of Material Misstatement

4-16

Fraud involves intentional misstatements. The fraud risk identification process includes:

Sources of information about possible fraud―

Communications among the audit team

Inquires of management and others

Analytical procedures

Investigation of unexpected period-end adjustments

LO# 6 LO# 6

The Fraud Risk Assessment Process

4-17

Three conditions usually exist when fraud occurs.

Incentive or pressure to

perpetrate fraud

Opportunity to carry out

the fraud

Attitude or rationalization to justify fraud

LO# 6

Conditions Indicative of Fraud and Fraud Risk Factors

4-18

Auditor’s Response tothe Risk Assessment (See Figure 4-3)

Financial statement level risks

Develop an overall response.

Determine what might go wrong at the assertion level.

LO# 7

Assess the risk of material misstatement at the financial statement and assertion levels.

Do these risks relate

pervasively to the financial statements?

Design audit procedures for

assertion level risks.

Assertion level risks

Yes

No

4-19

Evaluation of AuditTest Results

At the completion of the audit, the auditor should consider: 1. Whether the total misstatements cause the financial statements to be

materially misstated. THEN …

If the financial statements are materially misstated, the auditor should: 1. Request management to eliminate the material misstatement, or 2. If management does not make needed adjustments, the auditor should

issue a qualified or adverse opinion.

LO# 8

4-20

Documentation of theAuditor’s Risk Assessment

The auditor should document: Discussions among engagement personnel. Procedures performed to identify and assess the risks

of material misstatement due to error or fraud. Fraud risks or other conditions that result in additional

audit procedures. The nature, timing, and extent of procedures performed

in response to fraud risks identified and the results of that work.

The nature of the communications about error or fraud made to management, the audit committee, and others.

LO# 9

4-21

Communications about Fraud Whenever the auditor has found evidence that a fraud may exist, that matter should be brought to the attention of an appropriate level of management. Fraud involving senior management and fraud that causes a material misstatement of the financial statement should be reported directly to the audit committee of the board of directors.

The auditor should reach an understanding with the audit committee regarding the expected nature and extent of communications about misappropriations perpetrated by lower-level employees.

LO# 10

4-22