Assessing Risks and Internal Control

advertisement
Assessing Risks and Internal
Control
Audit Risk Assessment
Auditing is fundamentally a risk management process.
CAS 200
•
•
Reasonable assurance is
Obtained when auditor has
This reduces
•
Audit risk is related to information risk
•
•
Auditors strive to lower audit risk
•
Auditors need to assess risk in audit related terms
2
Definition of Audit Risk
The probability that an auditor will fail to express a
reservation that financial statements are materially
misstated is audit risk.
•
•
•
Audit risk, at best, can be controlled
Audit risk is greater if
•
Audit risk is inversely proportionate to
Audit risk is dependent on user reliance.
•
Audit risk is also applied to
3
Auditors Assessment of
Risk from Accepting the
Engagement
Audit Risk that Can Be
Accepted
Auditor Decision
Extremely high
Extremely low level, near
zero
It is probably impossible to
achieve a near zero risk, so
do not accept the
engagement
High
Lowest
Accept the engagement only
if auditor can achieve a very
low audit risk by performing
extensive audit work
Moderate
Moderate
Accept engagement, plan to
achieve a moderate audit
risk level, and perform a
less extensive level of audit
work
Low
High
Accept engagement, plan to
achieve a somewhat higher
audit risk, and perform a
relatively lower level of audit
work
4
The Audit Risk Model
AR = IR x CR x DR
Audit risk will occur when:
•
a material misstatement has been made
•
and internal controls fail to
•
audit procedures also fail to
•
Auditors usually like to limit audit risk to less than
5
Inherent Risk
The probability of material misstatement occurring in
transactions entering the accounting system or being in the
account balances is inherent risk.
•
Auditors do not create or control inherent risk.
•
•
Who does?
Auditors only try
•
The auditor will consider
6
Some inherent risk factors:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Non-routine accounts or transactions
Complex transactions
Accounts that require a lot of estimates
The competency of the clients accounting staff
Negative economic conditions
Assets that can be easily lost or stolen
Suspected or actual knowledge of a fraud
The client has multiple locations
Management lacks integrity
Prior year problems. E.g. material misstatement
7
Control Risk
The risk that the client’s internal control system will not
prevent or detect a material misstatement is control risk.
•
Auditors do not create or control, control risk
•
The auditor’s assessment of internal control is
8
Control risk assessment provides only an indirect assessment of
monetary misstatements in the financial statements.
•
Control testing is also called compliance testing
•
In this compliance testing the auditor wants to see if the controls
are operational
•
•
The auditor can thus assess control risk as a number or
qualitatively
If the controls are operational the auditor can rely on them
•
Control risk should not be assessed so low
9
Detection Risk
The risk that any material misstatement that has not been
corrected by the client’s internal control will not be detected by
the auditor is detection risk.
•
Auditors can control this risk by
•
•
Substantive procedures include audit of details of transactions and
balances, and analytical procedures applied to dollar amounts in the
accounts.
As detection risk is decreased
10
•
Assume that the auditor made the following risk assessments in
examining inventories
Desired audit risk
Inherent risk
Control risk
•
•
•
5%
50%
50%
•
DR
•
The auditor may decide that the inherent risk cannot be quantified and
use a conservative approach
= AR / (IR x CR)
= 0.05/(0.5 x 0.5)
= 0.2
IR =
The auditor may decide that the system of internal control will not be tested.
CR =
11
Inherent Risk
Control Risk
Detection Risk
HIGH
•Small
•Few
.70
Audit risk
.6 x .8 x.7 = .34
Samples
substantive
tests
•Extensive
reliance
on IC
HIGH
.80
•System
poorly designed
•System
poorly executed
•Not
tested (CR = 1.00)
LOW
.10
•Large
samples
•Many
substantive
.6 x .8 x .1 = .05
tests
HIGH
•Assets
•New
.60
reliance on IC
susceptible to theft
client
•Integrity
•Non
•No
HIGH
doubtful
•As
.70
.6 x .2 x .7 = .08
.30
.6 x .2 x .3 = .04
above
profitable and
needs financing
LOW
.20
•System
well designed and
well executed
•Audit
tests show system
effective
LOW
•As
above
12
Inherent Risk
Control Risk
Detection Risk
HIGH
•Small
•Few
.70
Audit risk
.4 x .8 x.7 = .22
Samples
substantive
tests
•Extensive
reliance
on IC
HIGH
.80
•System
poorly designed
•System
poorly executed
•Not
tested (CR= 1.00)
LOW
.30
•Large
samples
•Many
substantive
.4 x .8 x .3 = .10
tests
LOW
.40
•Assets
not susceptible to
•No
theft
•Old
reliance on IC
HIGH
client
•Integrity
.4 x .2 x .7 = .06
.30
.4 x .2 x .3 = .02
above
believed high
•Profitable
financed
•As
.70
and easily
LOW
.20
•System
well designed and
well executed
•Audit
tests show system
effective
LOW
•As
above
13
How Materiality and Audit Risk
are Related
Materiality refers to the magnitude of a misstatement; audit risk
refers to the level of assurance that material misstatement does
not exist.
•
The auditor will make these assessments independently.
•
Both deal with sufficiency of evidence and extent of audit
evidence that will be collected.
14
Effects of IT and E-Commerce
on Business Risk
Analyzing the effects of IT and e-commerce is also an important
component of business risk analysis.
•
More involvement in e-commerce and more complex information
systems
•
The auditor needs to understand how e-commerce and IT integrate
into the business processes.
15
Accounting Processes and the
Financial Statements
There are two important points to remember about client financial
statements:
•
Management is responsible for preparing them
•
The financial statement numbers are produced by the company's
accounting system and are summarized
16
Management’s Financial
Statements
To simplify the audit plan, auditors typically group the accounts
into several accounting processes
(1) revenues and collection
(2) acquisition and expenditure
(3) production and conversion
(4) finance and investment
The purpose of using business cycles is to group together related
accounts by transactions that normally affect them.
17
Trial
Balance
Revenue
Payments
Production
Financing
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X Cash
Accounts receivable
Allowance for doubtful accounts
Sales
Sales returns
Bad debt expense
Inventory
Capital assets
Accum. Amortization
Accounts payable
Accrued expenses
General expenses
Cost of goods sold
Amortization expense
X Bank loans
X Long term notes
X Accrued interest
X Share capital
X Retained earnings
X Dividends declared
X Interest expense
X Income tax expense
Debit
484
400
Credit
30
8,500
400
50
1,940
4,000
1,800
600
10
1,955
5,265
300
750
400
40
2,000
900
40
196
15,030
15,030
18
Business Risk and the Risk of
Material Misstatement
Risks can be managed in any of four ways. Risk can be:
2.
avoided
reduced to acceptable levels
3.
tolerated
4.
transferred to another party
1.
19
Internal Control Components
Internal control is defined as the process designed, implemented,
and maintained by management to provide reasonable assurance
about:
•
•
•
the reliability
effectiveness and efficiency
compliance with
20
Internal Control Components
Internal control consists of the following:
a.
b.
c.
d.
e.
the control environment,
the entity’s risk assessment process,
the information system and business processes
control activities, and
the monitoring of controls.
Control activities are controls over processes, applications, and transactions.
21
Control Environment
Characterized by management attitudes, structure, effective
communication of control objectives and supervision of
personnel and activities.
Elements of control environment:
•
•
•
operating style and
organizational structure
•
operation of the board of directors
management monitoring methods
•
computerized systems
22
Control Activities
Controls are policies and procedures that ensure the achievement
of the entity’s goals, including financial reporting goals.
•
Controls can be categorized as
•
•
General controls relevant to the audit
Application controls include checks on
23
Monitoring of Controls
Management’s monitoring of controls includes considering
whether they are operating as intended.
•
Monitoring may include
•
Controls are modified as required to accommodate changes in
business conditions.
24
How Internal Control Relates to the
Risk of Material Misstatement
To assess the risk of material misstatement at the financial
statement level, the auditor needs a detailed knowledge of
internal control components relevant to financial reporting.
25
Problem 6-1, Page 237
Audit Risk Model
Audit risks for particular accounts and disclosures can be conceptualized in this model: AR = IR x CR x DR
Required:
Use this model as a framework for considering the following situations and deciding whether the auditor’s conclusion is
appropriate:
a.
Olsen, PA, has participated in the audit of Limberg Cheese Company for five years, first as an assistant accountant and the
last two years as the senior accountant. He has never seen an accounting adjustment recommended. He believes the inherent
risk must be zero.
b.
Jones, PA, has just (November 30) completed an exhaustive study and evaluation of the internal control system of Lang’s
Derfer Foods, Inc. (fiscal year ending December 31). She believes the control risk must be zero because no material errors
could possibly slip through the many error checking-procedures and review layers by Lang’s.
c.
Fields, PA, is lazy and does not like audit jobs in Toronto, anyway. On the audit of Hogtown Manufacturing Company, he
decided to use detail procedures to audit the year-end balances very thoroughly to the extent that his risk of failing to detect
material errors and irregularities should be 0.02 or less. He gave no thought to inherent risk and conducted only very limited
review of Hogtown’s internal control system.
d.
Shad, PA, is nearing the end of a “dirty” audit of Allnight Protection Company, Allnight’s accounting personnel all resigned
during the year are were replaced by inexperienced people. The controller resigned last month in disgust. The journals and
ledgers were a mess because one computer specialist was hospitalized for three months during the year. Shad thought
thankfully, “I’ve been able to do this audit in less time than last year when everything was operating smoothly.”
26
Problem 6-2, Page 237
Planning, Inherent and Control Risk, Manufacturing Business
Darter Ltd. Is a medium-sized business involved in manufacturing and assembling consumer electronic
products, such as DVD players, radios, and satellite receivers. It is privately owned. Its minority shareholders
requested that the annual financial statements be audited for the first time this year. Your firm is engaged to do
the current year’s audit. You are now reviewing Darter’s preliminary general ledger trial balance in order to
begin preparing the planning memorandum. Consider the following accounts that appear in this trial balance.
•
Cash
•
Inventory, finished goods
•
Inventory, work-in-process
•
Inventory, unassembled components
•
Inventory, spare parts
•
Property, plant, and equipment
•
Deferred development costs
•
Goodwill
•
Accounts payable
•
Warranty provision
•
Bank loan, long term
•
Share capital, common shares
•
Retained earnings
•
Revenue
•
Cost of goods sold
•
General and administrative expenses
27
Download