Chapter 4
Risk Assessment
McGraw-Hill/Irwin
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
LO# 1
Audit Risk
The risk that an auditor expresses
an unqualified opinion on materially
misstated financial statements.
Financial statement
level
Individual account
balance or class
of transactions level
4-2
LO# 2
The Audit Risk Model
Inherent risk and control risk:
Risk of material misstatement
Audit Risk = IR × CR × DR
Detection risk:
Risk that auditor will not detect misstatements
 Inappropriate audit procedure
 Fail to detect when using
appropriate audit procedure
 Misinterpreting audit results
Nonsampling
risk
Sampling
risk
4-3
LO# 2
Engagement Risk
Client and third
party lawsuits
An auditor’s exposure
to financial loss and
damage to
professional reputation.
Local audit
failure …
Negative
publicity
4-4
LO# 3
Using the Audit Risk Model: Quant approach
 Set a planned level of audit risk such that an opinion
can be issued on the financial statements.
 Assess the risk of material misstatement (IR x CR).
 Use the audit risk equation to solve for the appropriate
level of detection risk:
AR = IR × CR × DR
AR
DR = IR × CR
Auditors use this level of detection risk to design audit
procedures that will reduce audit risk to an acceptable level.
4-5
LO# 3
Relationship of the Entity’s Business Risks to the
Audit Risk Model
Figure 4-1
4-6
LO# 3
Audit Risk Model: IR and CR verbal
approach
Qualitative terms may also be used in the audit risk model.
Case
1
2a
2b
3
AR
Low
Low
Low
Low
IR
High
High
Moderate
Low
CR
High
Low
Moderate
Low
DR
Low
Moderate
Moderate
High
LO# 3
Audit Risk Model: RMM verbal approach
Qualitative terms may also be used in the audit risk model.
Case
1
2
3
AR
Low
Low
Low
RMM
High
Moderate
Low
DR
Low
Moderate
High
4-8
Limitations of the
Audit Risk Model
LO# 4
The audit risk model is a planning tool, but it has some limitations
that must be considered when the model is used to revise an audit
plan or to evaluate audit results.
The major limitation is that inherent risk and control risk are
estimates, and you cannot know how accurate those estimates are.
Thus, the model may suggest that detection risk should be high
(which means the amount of audit work needed to be done is low)
when detection risk should be low.
The Auditor’s Risk
Assessment Process
Auditors need to
identify business risks and
understand the potential
misstatements that
may result.
LO# 4
Business risks
are risks that result from
significant conditions, events,
circumstances or actions that
impair management’s ability
to execute strategies.
4-10
LO# 4
The Auditor’s Risk Assessment Process
Figure 4-2 An Overview of the Auditor’s Assessment of Business Risks and the Risk of
Material Misstatements
4-11
LO# 4
Auditor’s Risk Assessment Procedures
(How do we gather this evidence?)
Inquiries of Management,
Other Entity Personnel, and
Others Outside the Entity
Analytical
Procedures
Observation
and Inspection
4-12
LO# 4
Understanding the Entity
and Its Environment
4-13
LO# 4
Understanding the Entity
and Its Environment
Industry, Regulatory,
and External
Factors
Nature of
the Entity
Internal
Control
Objectives, Strategies,
and Business Risks
Entity Performance
Measures
4-14
LO# 4
Nature of the Entity
The entity’s organizational structure and
management personnel.
 The sources of funding of the entity’s operations
and investment activities, including the entity’s
capital structure, noncapital funding, and other
debt instruments.
 The entity’s investments.
 The entity’s operating characteristics, including
its size and complexity.
 The sources of the entity’s earnings, including
the relative profitability of key products and
services.
 Key supplier and customer relationships.

4-15
LO# 4
Industry, Regulatory, and Other External
Factors
4-16
LO# 4
Understanding the Entity
and Its Environment
4-17
LO# 5
Assessing the Risk of Material
Misstatement Due to Error or Fraud
Examples of misstatements include:




An inaccuracy in gathering or processing data
from which financial statements are prepared.
A difference between the amount of a reported
financial statement account and the amount
that would have been reported under GAAP.
The omission of a financial statement element,
account, or item.
An incorrect accounting estimate arising from
an oversight or misinterpretation of facts.
4-18
LO# 5
Assessing the Risk of Material
Misstatement Due to Error or Fraud
Errors are unintentional misstatements:



Mistakes in gathering or processing financial data used
to prepare financial statements.
Unreasonable accounting estimates arising from
oversight or misinterpretation of facts.
Mistakes in the application of accounting principles
relating to amount, classification, manner of
presentation, or disclosure.
4-19
LO# 6
Assessing the Risk of Material
Misstatement Due to Error or Fraud
Fraud involves intentional
misstatements. The fraud risk
identification process includes:

Sources of information about possible
fraud―
Communications among the audit team
 Inquires of management and others
 Analytical procedures
 Unexpected period-end adjustments

4-20
LO# 6
Assessing the Risk of Material Misstatement Due to Error or Fraud
The Fraud Triangle
Incentive or
motivation
or pressure
Opportunity
Attitude or
Rationaliz
ation (bad
ethics)
LO# 6
Assessing the Risk of Material Misstatement
Due to Error or Fraud
(See Table 4-4)
Fraudulent Financial Reporting
Risk Factors Relating to Incentive/Pressure include:
Excessive pressure
for management to
meet third party
expectations
Financial stability
or profitability
is threatened
Management’s personal
financial situation
is threatened
4-22
LO# 6
Assessing the Risk of Material Misstatement
Due to Error or Fraud
(See Table 4-5)
Fraudulent Financial Reporting
Risk Factors Relating to Opportunities include:
Nature of the
Industry or entity’s
operations
Ineffective
monitoring of
management
Complex or
unstable organizational
structure
Deficient
internal
control
4-23
LO# 6
Risk Factors Relating to
Attitudes/Rationalizations
Fraudulent Financial Reporting
Risk Factors Relating to Attitudes/Rationalizations include:
Weak or bad ethics on the
part of management
Most difficult of the 3
corners of the fraud
triangle to identify
Corporate or personal
Symptoms may - or may not be present
4-24
LO# 6
Assessing the Risk of Material
Misstatement Due to Error or Fraud
Fraud involves
intentional misstatements.
Fraudulent
financial reporting
Misappropriation
of assets
4-25
LO# 6
Assessing the Risk of Material
Misstatement Due to Error or Fraud
Fraudulent financial reporting includes acts
such as the following:



Manipulation, falsification, or alteration of
accounting records or supporting documents
used to prepare financial statements.
Misrepresentation in, or intentional omission
from, the financial statements of events,
transactions, or significant information.
Intentional misapplication of accounting
principles relating to amount, classification,
manner of presentation, or disclosure.
4-26
LO# 6
Assessing the Risk of Material
Misstatement Due to Error or Fraud
Misappropriation of assets involves the
theft of an entity’s assets to the extent
that financial statements are misstated.
Examples include:
Stealing
assets
Paying for
goods and services
not received by
the company
Embezzling
cash received
4-27
LO# 6
Assessing the Risk of Material
Misstatement Due to Error or Fraud
4-28
Auditor’s Response to
the Risk Assessment (See Figure 4-3)
LO# 7
Assess the risk of material misstatement at the financial statement and assertion levels.
Financial statement level risks
Do these
risks relate
pervasively to
the financial
statements?
No
Assertion level risks
Determine what can go wrong
at the account or assertion level.
Yes
Develop an overall
response.
Design audit
procedures for
assertion level risks.
4-29
LO# 7
Auditor’s Response to the Risk
Assessment
To respond appropriately to financial
statement level risks, the auditor may do the
following:




Emphasize to the audit team the need to maintain
professional skepticism.
Assign more experienced staff or those with
specialized skills.
Provide more supervision.
Incorporate additional elements of unpredictability in
the selection of audit procedures.
4-30
LO# 8
Evaluation of Audit
Test Results





At the completion of the audit, the auditor should consider:
1. Whether the accumulated results of audit procedures affect the
assessments of the entity’s business risk and the risk of material
misstatement, and
2. Whether the total misstatements cause the financial statements to be
materially misstated.
THEN …
If the financial statements are materially misstated, the auditor should:
1. Request management to eliminate the material misstatement, or
2. If management does not make needed adjustments, the auditor should
issue a qualified or adverse opinion.
4-31
Evaluation of Audit
Test Results
LO# 8
If the auditor determines that the misstatement is or may be
the result of fraud, and has determined that the effect could
be material, the auditor should:





Attempt to obtain audit evidence to determine whether, in fact,
material fraud has occurred and, if so, its effect.
Consider the implications for other aspects of the audit.
Discuss the matter and the approach to further investigation with
an appropriate level of management that is at least one level
above those involved in committing the fraud and with senior
management.
If appropriate, suggest that the client consult with legal counsel.
Consider withdrawing from the engagement.
4-32
Documentation of the
Auditor’s Risk Assessment
LO# 9
The auditor should document:
 Discussions among engagement personnel.
 Procedures performed to identify and assess the risks
of material misstatement due to fraud.
 Risks of identified material misstatement due to fraud
and a description of the auditor’s response to the risks.
 Fraud risks or other conditions that result in additional
audit procedures.
 The nature of the communications about fraud made to
management, the audit committee, and others.
4-33
LO# 10
Communications about Fraud
Whenever the auditor has found evidence that a fraud may exist,
that matter should be brought to the attention of an appropriate
level of management. Fraud involving senior management and
fraud that causes a material misstatement of the financial
statement should be reported directly to the audit committee of the
board of directors.
The auditor should reach an understanding with the audit
committee regarding the expected nature and extent of
communications about misappropriations perpetrated by lowerlevel employees.
4-34
LO# 10
Communications about Fraud
The disclosure of fraud to parties other than the client’s senior
management and its audit committee often is not part of the
auditor’s responsibility, as the auditor has ethical and legal duties
of confidentiality. However, the auditor must sometimes be a
whistle blower:
 If it is a public company, to comply with SEA of 1934 Section
10A on Illegal Acts, if the company fails to notify the SEC.
 If it is a public company, to alert users that the financials may
be materially misstated, and thus should not be relied upon, if
the company fails to notify the SEC.
 a successor auditor when the successor makes inquiries of the
predecessor auditor about the client.
 In response to a subpoena (court order).
4-35
End of Chapter 4
4-36