Chapter 9 Materiality and Risk

advertisement
Chapter 9
Materiality and Risk
Audit
Risk
CPA
9-1
Presentation Outline
I.
Steps in Applying Materiality
II. Risk in Auditing
III. Planning Model Relationships
IV. Evaluating Results
9-2
9-3
Step 1 in Applying Materiality
Set preliminary judgment about materiality.
Permissible misstatements are often less for smaller clients.
Although the FASB and AICPA are unwilling to provide specific
materiality guidelines to practitioners, bases are needed for
evaluating materiality. See Figure 9-2 on page 235.
Qualitative factors can affect materiality. See factors on pages
234-235.
The preliminary judgment about materiality is the maximum amount
the auditor believes the statements could be misstated and still not
affect the decisions of reasonable users. Decided early in audit. 9 - 4
Step 2 in Applying Materiality
Allocate preliminary judgment about materiality to
segments.
Most practitioners allocate materiality to balance sheet rather
than income statement accounts. This is because most income
statement misstatements have an equal effect on the balance sheet
because of the double-entry bookkeeping system.
The sum of the tolerable misstatement is allowed to exceed overall
materiality because (1) it is unlikely that all accounts will be
misstated by the full amount of tolerable misstatement, and (2) some
accounts are overstated while others are understated, resulting in a
net amount that is likely to be less than overall materiality.
An allocation is necessary because evidence is accumulated by
segments rather than the financial statements taken as a whole. The
allocation to account balances is known as the tolerable misstatement.
9-5
Illustration of Tolerable Misstatement
Allocation for Current Assets
Account
Cash
Accounts receivable
Inventory
Preliminary judgment
about materiality
Tolerable
Misstatement
$ 4,000
20,000
36,000
$50,000
9-6
Step 3 in Applying Materiality
Estimate total misstatement in segment.
$3,500 net misstatement of the inventory sample
÷
×
=
$50,000 total inventory sampled
$450,000 total recorded population value for inventory
$31,500 direct projection estimate of misstatement
$3,500 ÷ $50,000 × $450,000 = $31,500
One way to calculate the estimate of misstatement is to make a direct
projection from the sample to the population.
9-7
Illustration of Estimating Total
Misstatement in Segment
Account
Cash
Accounts receivable
Inventory
Tolerable
Direct Sampling
Misstatement Projection Error
Total
$ 4,000
$
0 $ N/A
$
0
20,000
12,000
6,000* 18,000
36,000
31,500
15,750* 47,250
Preliminary judgment
about materiality
$50,000
*estimate for sampling error is 50%
9-8
Step 4 in Applying Materiality
Estimate the combined misstatement.
Tolerable
Direct Sampling
Misstatement Projection Error
Total
$ 4,000
$
0 $ N/A
$
0
20,000
12,000
6,000* 18,000
36,000
31,500
15,750* 47,250
Account
Cash
Accounts receivable
Inventory
Total estimated
misstatement amount
Preliminary judgment
about materiality
$50,000
*estimate for sampling error is 50%
$43,500
$16,800
$60,300
9-9
Step 5 in Applying Materiality
Compare combined estimate with preliminary or
revised judgment about materiality.
Tolerable
Direct Sampling
Misstatement Projection Error
Total
$ 4,000
$
0 $ N/A
$
0
20,000
12,000
6,000* 18,000
36,000
31,500
15,750* 47,250
Account
Cash
Accounts receivable
Inventory
Total estimated
misstatement amount
$43,500 $16,800 $60,300
Preliminary judgment
about materiality
$50,000
*estimate for sampling error is 50%
Because the estimated combined misstatement exceeds the
preliminary judgment, the financial statements are not acceptable.
The auditor may perform additional audit procedures to reevaluate
the estimate, or require adjustment for the estimated misstatements.
9 - 10
II. Risk in Auditing
A. Components of Audit Risk
B. Acceptable Audit Risk
C. Inherent Risk
D. Control Risk
E. Planned Detection Risk
Audit
Risk
9 - 11
A. Components of Audit Risk
Total
misstatement
Inherent Risk
(IR)
Susceptibility of an assertion to
material misstatement assuming no
related internal controls.
Control Risk
(CR)
Risk of misstatements not being
detected by system of internal
control.
Detection Risk
(DR)
Risk of misstatements not being
detected by the auditor.
Audit Risk
(AR)
Misstatement that remains
undetected by the auditor.
Caught by
internal
controls
Caught by
auditor
=
Undetected
misstatement
B. Acceptable Audit Risk
Audit
Risk
The following factors mean that audit risk should be
kept lower:
1. Reliance by External Users
2. Likelihood of Financial Failure
3. Integrity of Management
9 - 13
1. Reliance by External Users
When external users place
heavy emphasis on the
financial statements,
acceptable audit risk should
be kept low. The following
generally results in more
users of the financial
statements:
 Larger clients
 Publicly held corporations
 Extensive use of liabilities
9 - 14
2. Likelihood of Financial Failure
There is a greater chance of
having to defend the quality
of the audit when there is a
financial failure. Failure
indicators include:
 Shortage of funds
 Declining net income or
continued losses
 Risky industries such as
technology
 Management lacking
competency to deal with
financial difficulties
9 - 15
3. Integrity of Management
If a client has questionable
integrity, the auditor is likely
to assess acceptable audit risk
lower. Indications of integrity
problems include:
 Frequent disagreements with
prior auditors, the IRS,
and/or SEC
 Frequent turnover of key
financial and internal audit
personnel
 Ongoing conflicts with labor
unions and employees
9 - 16
C. Inherent Risk
1. Nature of the Client’s Business
2. Results of Previous Audits
3. Initial vs. Repeat Engagement
4. Related Parties
5. Nonroutine Transactions
6. Judgment Required
7. Make-up of the Population
9 - 17
1. Nature of the Client’s
Business
Ricky’s Electronics
Inherent risk is likely to vary
from business to business for
accounts such as inventory,
accounts and loans receivable,
and property, plant, and
equipment.
 The nature of the business
should have little effect on cash,
notes payable, and mortgages
payable.

9 - 18
2. Results of Previous Audits

Misstatements found in
the previous year’s audit
have a high likelihood
of occurring again.
 Many types of
misstatements are
systematic in nature,
and organizations are
slow in making changes
to eliminate them.
9 - 19
3. Initial vs. Repeat Engagement
Most auditors use a larger
inherent risk for initial
audits than for repeat
engagements in which
no material
misstatements had been
found.
9 - 20
4. Related Parties
Examples of related
party transactions are
those between parent
and subsidiary
companies, and
management or owners
and the company.
 Increases inherent risk
because there is a
greater likelihood of
misstatement.

9 - 21
5. Nonroutine Transactions


Transactions that are
unusual for the client
are more likely to be
recorded incorrectly.
Examples include fire
losses, major property
acquisitions, etc.
9 - 22
6. Judgment Needed
Many account balances
require estimates and a
great deal of
management judgment
including:
 Uncollectible accounts
receivable
 Obsolete inventory
 Warranty liabilities
9 - 23
7. Make-up of the Population
Accounts receivable
where most accounts are
significantly overdue
 Transactions with
related parties
 Disbursements made
payable to cash
 Inventory with a slow
turnover

9 - 24
D. Control Risk
There are two basic phases to an auditor’s evaluation of
control risk:
1. Obtain an understanding of internal control. This
phase applies to all audits.
2. Test the internal controls for effectiveness. This
phase only applies when the auditor chooses to
assess control risk at below the maximum.
9 - 25
E. Planned Detection Risk
The auditor can reduce planned detection risk by
performing more substantive testing.
Increased audit
evidence
Lower
Detection
Risk
9 - 26
III. Planning Model
Relationships
A. Acceptable Audit Risk Relationships
B. Inherent Risk Relationships
C. Control Risk Relationships
D. The Overall Relationship of Components in
Planning the Audit Process
E. The Audit Risk Model for Planning
9 - 27
A. Acceptable Audit Risk Relationships
Acceptable
audit risk
Direct
Planned
detection risk
Inverse
Planned
audit evidence
Acceptable audit risk is the risk that the auditor is
willing to take of giving an unqualified opinion when
the financial statements are materially misstated.
 As acceptable audit risk increases, the auditor is
willing to collect less evidence (inverse) and
therefore accept a higher detection risk (direct). 9 - 28

B. Inherent Risk Relationships
D
Inherent
risk


I
Planned
detection risk
Planned
audit evidence
Inherent risk is the susceptibility of an assertion to
material misstatement assuming no related internal
controls.
As inherent risk increases, the auditor must reduce
detection risk (inverse) by collecting more audit
evidence (direct).
9 - 29
C. Control Risk Relationships
Planned
detection risk
Control
risk


I
Planned
audit evidence
D
Control risk is the risk of misstatements not being
detected by the client’s system of internal control.
As control risk increases, the auditor must reduce
detection risk (inverse) by collecting more audit
evidence (direct).
9 - 30
D. The Overall Relationship of
Components in Planning the Audit Process
Acceptable
audit risk
Inherent
risk
Control
risk
D
I
Planned
detection risk
I
D
I
I
Planned
audit evidence
D
I
Tolerable
misstatement
D = Direct relationship; I = Inverse relationship
9 - 31
E. The Audit Risk Model
for Planning
PDR = AAR ÷ (IR × CR)
PDR = Planned detection risk
AAR = Acceptable audit risk
IR = Inherent risk
CR = Control risk
9 - 32
IV. Evaluating Results
A. Audit Risk Model for Evaluating Results
B. Reducing Achieved Audit Risk
C. Revising Risks and Evidence
9 - 33
A. Audit Risk Model for
Evaluating Results
AcAR = IR × CR × AcDR
AcAR = Achieved audit risk
AcDR = Achieved detection risk
IR = Inherent risk
CR = Control risk
9 - 34
B. Reducing Achieved Audit Risk
The audit risk model for evaluating results is stated in SAS 47.
Research subsequent to the issuance of SAS 47 has shown
that it is not appropriate to uses this evaluation formula as
originally intended. However, the model does show three
possible ways to reduce achieved audit risk to an acceptable
level.
 Reduce inherent risk – not feasible unless new facts are uncovered
during the audit process.
 Reduce control risk – may be possible to reevaluate control risk to
a lower level by conducting more tests of internal controls.
 Reduce achieved detection risk – can be achieved by larger sample
sizes and/or additional audit procedures.
9 - 35
C. Revising Risks and Evidence


Great care must be used when revising the risk factors
when the actual results are not as favorable as planned.
When the auditor concludes that the original assessment
of control risk or inherent risk was understated or
acceptable audit risk was overstated, a two step approach
should be used:
1. The auditor must revise the original assessment of the
appropriate risk.
2. The auditor should consider the effect of the revision on
evidence requirements , without the use of the audit risk model.
Research shows that using the model in the evaluation stage
often results in an insufficient increase of evidence. 9 - 36
Summary
Audit Process
Applying
Materiality
 Risk and Audit
Planning
 Evaluating
Results

Risk
Internal Control
9 - 37
Download