Chapter 4
Audit Risk and Business Risk
LO1 - Define the Nature of Risk
In this chapter, we will look at three critical components of
risk that affect the audit approach and audit outcome
1. Engagement risk - comes with association with a
specific client
2. Financial reporting risk - those that relate directly to the
recording transactions and the presentation of the
financial statements
3. Audit risk - risk an auditor may provide an unqualified
opinion on financial statements that are materially
misstated
Each of these components can be managed. The
effectiveness of risk management processes will
determine whether the company continues to exist
LO3 - The
link between Risk &
Control
Controls are implemented to mitigate
against risks.
 Controls vary and not only include
financial controls e.g. bank reconciliation
but also includes policy controls which
ensue that certain operational procedures
and standards are maintained/

LO4 - Review
Risk Factors Affecting the
Audit
1. Engagement Risk



Risk auditors incur by being associated with a particular client
Risk is high whenever there is increased likelihood that
 Auditor is associated with a failed client
 Financial statements contain material misstatement that
the auditor fails to find
These conditions increase the likelihood that the auditor will
be sued
Client Acceptance or Retention Decision
 Perhaps the most important audit decision
 A number of factors affect this decision, but most important
involve
 Quality of the client's corporate governance
 Client's financial health
Risk Factors Affecting the Audit - Corporate
Governance

The key factors an auditor will analyze
include
 Management
integrity
 Independence and competence of the audit
committee and board
 Quality of ERM and controls
 Regulatory and reporting requirements
 Participation of key stakeholders
 Existence of related party transactions
Management integrity
- information sources









Predecessor auditor
Other professionals
Other auditors within the audit firm
News media and web searches
Public databases
Preliminary interviews with management
Audit committee members
Inquiries of federal regulatory agencies
Private investigation firms
Risk Factors Affecting the Audit Financial Health of the Organization
There are a number of reasons why the auditor needs to
evaluate a potential client's financial health:
 The auditor will most likely be sued if a client declares
bankruptcy



Investors and creditors who have lost money will look for
recovery
Attorneys will claim the financial statements were misstated and
the auditors should have known they were misstated
The auditor also needs to understand the financial health
in order to:



Assess management's motivation to misstate the financial
statements
Identify areas that are likely to be misstated
Identify account balances that appear unusual
Risk Factors Affecting the Audit - Other
Factors Affecting Engagement Risk
The auditor should evaluate the company's economic prospects
to help ensure that
 Important areas will be investigated
 The company will likely stay in business
High-risk companies are generally characterized by
 Inadequate capital
 Lack of long-run strategic and operational plans
 Low cost entry into the market
 Dependence on limited product offerings
 Dependence on technology subject to obsolescence
 Instability of future cash flows
 History of questionable accounting practices
 Previous inquiries by the SEC or other regulatory agencies
Review Risk Factors Affecting the Audit
2. Financial Reporting Risk
Financial reporting risk is influenced by
 The company's financial health
 The quality of the company's internal controls
 The complexity of the company's transactions
and financial reporting
 Management's motivation to misstate the
financial statements
These factors are interrelated
The auditor will gather information on these issues
through reviews of previous audits, or by talking
with the predecessor auditor
LO5 - Accepting
New Clients: Auditing
Standards on Auditor Changes



SAS 84 requires a successor auditor to initiate
discussions with the predecessor to discuss the
reasons for the change in auditors
Because of the confidentiality rule, the successor must
first obtain client permission to talk with predecessor
The successor is particularly interested in factors that
bear on
Management integrity
 Disagreements with management on any substantive
auditing or accounting issues
 The predecessor's understanding of the reasons for the
change
 Any communications between the predecessor and
management or audit committee regarding fraud, illegal acts
or internal control matter

Accepting New Clients: Engagement
Letter – see page 108-109


The auditor and client should have a mutual
understanding of the audit process
The auditor should prepare an engagement letter to
clarify the responsibilities and expectations of each
party, and to summarize and document this
understanding including the
 Nature
of the services to be provided
 Timing of those services
 Expected fees and basis on which they will be billed
(fixed fee, hourly rates)
 Auditor responsibilities including the search for fraud
 Client responsibilities including preparing information for
the audit
 Need for any other services to be performed by the firm
Define Materiality
The auditor is expected to plan and perform an audit that
provides reasonable assurance that material
misstatements will be detected
The FASB defines materiality as the

"magnitude of an omission or misstatement of accounting
information that, in light of surrounding circumstances,
makes it probable that the judgment of a reasonable
person relying on the information would have been
changed or influenced by the omission or misstatement"
Materiality has three significant dimensions:

Size of the misstatement (dollar amount)
 Circumstances - some things are viewed more critically than
others
 User impact - impact on potential users and the type of judgments
made
Comment on Materiality



Determination of materiality is situation specific
 Although this makes determination more difficult, it allows the
auditor to adjust the rigor of the audit to reflect the risk of the
engagement
 The lower the dollar amount of set materiality, the more
rigorous the examination
Most firms have guidelines for setting materiality
 Guidelines usually involve applying percentages to some base
e.g. Revenue, Assets, Pre-Tax income
 Guidelines may also be based on nature of the industry or
other factors
Auditors initially set planning materiality for the statements as a
whole, and then allocate this to individual accounts based on their
susceptibility to misstatement
LO6 – 3. Audit



Risk
Audit risk is the risk than an auditor may issue an
unqualified opinion on materially misstated
financial statements
The auditor assesses engagement risk first, then
sets audit risk
Audit risk is inversely related to engagement risk
 If
the auditor accepts a client with high engagement risk
 The auditor must conduct a more rigorous audit. The
auditor does this is by setting audit risk at a low level
 If the auditor accepts a client with low engagement risk
 The auditor can afford to set audit risk at a higher level
Review the Audit Risk Model
The auditor sets desired audit risk based on
assessed engagement risk
AR = IR x CR x DR
AR = Audit Risk, IR = Inherent Risk, CR = Control Risk
DR = Detection Risk
The audit risk model allows the auditor to consider the following:




Complex or unusual transactions are more likely to recorded in
error than are simple or recurring transactions
Management may be motivated to misstate earnings or assets
Better internal controls mean a lesser likelihood of misstatement
The amount and persuasiveness of audit evidence gathered
should vary directly with the likelihood of material misstatements
Explain the Audit Risk Model
Inherent Risk - Susceptibility of transactions to be recorded
in error
 Inherent risk is higher for some items:


Complex transactions are more likely to be misstated than
simple transactions
Estimated balances more likely to be misstated than fact based
balances
The auditor assesses inherent risk
Control Risk - Risk client controls will fail to prevent or
detect a misstatement
 The quality of controls often varies between classes of
transactions
 The auditor assesses control risk

Explain the Audit Risk Model - 2
Environment Risk - inherent and control risks
combined
Detection risk - risk audit procedures will fail to
detect material misstatements. It reflects the
likelihood of material misstatements occurring
 Relates
to the effectiveness of audit procedures and
their application
 Detection risk is controlled by the auditor and is an
integral part of audit planning
 The level of detection risk set directly determines the
rigor of the substantive audit work performed
LO7 - Audit
Risk Model
AR = IR x CR x DR
 Audit risk is set inversely to the assessed
level of engagement risk
 After audit risk is set, the auditor assesses
inherent and control (environment) risks
 The auditor sets detection risk INVERSELY
to environment risk
 Example,
if the auditor is examining transactions with
high inherent risk, or weak controls, the auditor will set
a low detection risk
Audit Risk Model (cont’d)

Low detection risk means a low probability of
NOT detecting material misstatements
 To
achieve low detection risk, the auditor will
have to perform more rigorous substantive testing
 For example, larger sample sizes, more reliable
forms of evidence, assign more experienced
auditors, closer supervision, greater year-end
(rather than interim) testing
The audit risk model shows that the amount,
nature, and timing of audit procedures depends
on the level of audit risk an auditor assumes,
and the level of client-related risks
Audit Risk Model: Limitations
Inherent risk is difficult to formally assess
 Audit risk is subjectively determined
 The model treats each risk component as
separate and independent when clearly, this is
not the case
 Audit technology is not so precise that each
component can be accurately assessed
Because of these limitations, many auditors use
the audit risk model as a functional, rather than
mathematical, model
Preliminary Financial Statement
Review: Techniques & Expectations
Auditors use analytical procedures to develop
expectations of account balances
These expectations are compared to recorded book
values to identify misstatements
Sources of data commonly used:
 Financial information for prior periods
 Expected or planned results from budgets and forecasts
 Comparison of linked accounts (such as interest
expense and debt)
 Ratios of financial information (such as common-size
financial statements)
 Company and industry trends
 Relevant non-financial information
Preliminary Financial Statement
Review: Techniques & Expectations
Techniques commonly used
 Trend analysis
 Comparative financial statements (horizontal
analysis)
 Common-sized financial statements (vertical
analysis)
 Ratio analysis
The results of analytical procedures are placed in
context when auditors compare client results to
the client's prior performance, industry data, or
client expectations (budgets and forecasts)
Projected
Key Ratios
Current ratio
Quick Ratio
Gross Margin
Income before taxes
Inventory Turnover
Receivable turnover
Account balances ( '000)
Inventory
Current assets
Net Income
Sales
Unaudited
Percentage
of change
1.50
1.00
28.70%
7.50%
2.85
3.00
1.52
0.98
27.80%
10.00%
2.82
3.00
1.33
(2.00)
(3.14)
33.33
(1.05)
0.00
1,500
4,496
270
6,000
1,650
4,646
360
6,000
10.00
3.34
33.33
0.00
LO9 - Comment
on Risk Analysis &
Conduct of the Audit
The risk approach means auditors must understand the
company and its risks as a basis for determining which
account balances should be directly tested and which
can be corroborated by analytical procedures
Linkage to direct tests of account balances
 If the auditor concludes there is a high risk of material
misstatement
s/he must
 Set materiality at an appropriate level
 Use procedures appropriate for the level risk to examine
the account balance
Comment on Risk Analysis &
Conduct of the Audit
Quality of accounting principles used
 The auditor is required to assess the
appropriateness of the accounting methods
used by management
 Guidelines to evaluate "appropriateness"
include:
 Representational
faithfulness - does the accounting
reflect the economic substance of the transactions
 Consistency of application of GAAP
 Accounting estimates - based on proven models,
reconciled to actual results, based on valid economic
reasons?