Arens AAS17 sm 08 - Answers to Audit and Assurance Services PDF

Preview

Summary

Download Arens AAS17 sm 08 - Answers to Audit and Assurance Services PDF

Description

Chapter 8 Assessing the Risk of Material Misstatement 

Concept Checks

P. 242 1. The risk of material misstatement exists at two levels: the overall financial statement level and at the assertion level for classes of transactions, account balances, and presentation and disclosures. Auditing standards require the auditor to assess the risk of material misstatement at each of these levels and to plan the audit i n response to those assessed risks. 2. To obtain an understanding of the entity and its environment, including the entity’s internal controls, the auditor performs risk assessment procedures to identify and assess the risk of material misstatement, whether due to fraud or error. Risk assessment procedures include the followi ng:  Inquiries of management and others within the entity  Analytical procedures  Observation and inspection  Discussion among engagement team members  Other risk assessment procedures P. 257 1. The audit risk model is as follows: PDR

=

AARR IR x CR

Where PDR AAR IR CR

= = = =

Planned detection risk Acceptable audit risk Inherent risk Control risk

Planned detection risk A measure of the risk that audit evidence for a segment wi ll fail to detect misstatements that could be material, should such misstatements exist. Acceptable audit risk A measure of how willing the auditor is to accept that the financi al statements may be materially misstated after the audi t is completed and an unmodified opi nion has been issued. Inherent risk A measure of the auditor’s assessment of the susceptibility of an assertion to material misstatement before consideri ng the effectiveness of internal control.

Copyright © 2020 Pea rson Education Ltd.

8-1

Concept Check, P. 2 57 (continued) Control risk A measure of the audi tor’ s assessment of the risk that a material misstatement could occur in an assertion and not be prevented or detected and corrected by the client’s internal controls. Auditing standards note that the combination of i nherent risk and control risk reflects the risk of material misstatement. 2. An increase in planned detection risk may be caused by an increase in acceptable audit risk or a decrease in either control risk or inherent risk. A decrease in planned detection risk is caused by the opposite: a decrease in acceptable audit risk or an increase in control risk or i nherent risk.



Review Questions

8-1 The parts of planning are: accept client and perform i nitial planning, understand the client’ s busi ness and industry, perform preli minary analytical procedures, set preli minary judgment of materiality and performance materiality, identify significant risks due to fraud or error, assess i nherent risk, understand internal control and assess control risk, and fi nali ze overall audit strategy and audit plan . The evaluation of risk is an explicit component of part five (identify significant risks, i ncluding fraud risks ), part six (assess inherent risk), and part seven (control risk). 8-2 The risk of material misstatement at the overall financial statement level refers to risks that relate pervasively to the fi nancial statements as a whole and potentially affect a number of different transactions and accounts. It is important for the auditor to consider risks at the overall fi nancial statement level given those risks may increase the likeli hood of risks of material misstatement across a number of accounts and assertions for those accounts. 8-3 Auditing standards require the auditor to assess the risk of material misstatement at the assertion level for classes of transactions, account balances, and presentation and disclosure in order to determine the nature, timing, and extent of further audit procedures. The risk of material misstatement at the assertion level consists of two components: inherent risk and control risk. Inherent risk represents the auditor’s assessment of the susceptibility of an assertion to material misstatement before considering the effecti veness of the client’s internal controls. Control risk represents the auditor’s assessment of the risk that a material misstatement could occur in an assertion and not be prevented or detected on a timely basis by the client’s internal controls. Inherent risk and control risk are the client’s risks and they exist independent of the audit of the financial statements.

Copyright © 2020 Pea rson Education Ltd.

8-2

8-4 Concern about the client potentially recording revenues that did not occur would relate to the occurrence transaction-related audit objecti ve. In this case, the auditor would assess the risk of material misstatement for occurrence as high.

Copyright © 2020 Pea rson Education Ltd.

8-3

8-5 The auditor performs risks assessment procedures to identify and assess the risk of material misstatement, whether due to fraud or error. Risk assessment procedures include the followi ng: 1. Inquiries of management and others within the entity: Because management and others, including those charged with governance and internal audit, have important information to assist the auditor in identifying risks of material misstatements, the auditor will make a number of i nquiries of these indi viduals to understand the entity and its environment, including internal control, and to ask them about their assessments of the risks of material misstatements. 2. Analytical procedures: As noted in Chapter 8, auditors are required to perform preliminary analytical procedures as part of audit planni ng to better understand the entity and to assess client business risks. 3. Observation and inspection: Auditors observe the entity’s operations and they i nspect documents, such as the organization’s strategic plan, business model, and its organizational structure to increase the auditor’s understanding of how the business is structured and how it organizes key business functions and leaders in the oversight of dayto-day operations. 4. Discussion among engagement team members: Auditing standards require the engagement partner and other key engagement team members to discuss the susceptibility of the client’s financial statements to material misstatement. This includes explicit discussion about the susceptibility of the client’s financial statements to fraud, in addition to their susceptibility of material misstatement due to errors. 5. Other risk assessment procedures: The auditor may perform other procedures to assist in the auditor’s assessment of the risk of material misstatement. 8-6 In addition to making inquiries of i ndividuals i nvolved i n fi nancial reporting positions, auditors benefit from obtaining information or different perspectives through i nquiries of others within the entity, including employees with different levels of authority. Additionally, i nquiries of those charged with governance, such as the board of directors or audit committee, may provide important insights about the overall competitive environment and strategy of the business that may provide important insights about overall client business risks. Similarly, because internal auditors typically have exposure to all aspects of the client’s business and operations, they may have relevant information about risks at the overall financial statement level or assertion level. Most internal audi t functions develop their internal audit scope based on a risk assessment process that considers risks to design their audit strategies. 8-7 Auditing standards require the engagement partner and other key engagement team members to discuss the susceptibility of the client’s financial statements to material misstatement. Discussion among the engagement partner and other key members of the engagement team provides an opportunity for more experienced team members, i ncludi ng the engagement partner, to share Copyright © 2020 Pea rson Education Ltd.

8-4

8-7 (continued) their i nsights about the entity and its environment, including their understanding of internal controls, with other members of the engagement team. The discussion should include an exchange of ideas or brainstorming among the engagement team members about business risks and how and where the financial statements might be susceptible to material misstatement, whether due to fraud or error. By including key members of the engagement team in discussions with the engagement partner, all members of the engagement team become better informed about the potential for material misstatement of the financial statements in specific areas of the audit assigned to them, and it helps them gain an appreciation for how the results of audit procedures performed by them affect other areas of the audit. 8-8 Auditing standards explicitly require that discussion among engagement team members consider the susceptibility of the client’s financial statements to fraud, i n addition to their susceptibility of material misstatement due to errors. While auditing standards specifically require a discussion among the key engagement team members, including the engagement partner, about how and where the entity’s financial statements may be susceptible to material misstatement due to fraud, this can be held concurrently with the discussion about the susceptibility of the fi nancial statements to material misstatement due to error. These discussions should include an exchange of ideas or brainstorming among the engagement team members about business risks and how and where the financial statements might be susceptible to material misstatement, whether due to fraud or error. 8-9 While auditors perform risk assessment procedures to assess the risk of material misstatement due to fraud or error, auditing standards require the auditor to explicitly consider fraud risk because the risk of not detecti ng a material misstatement due to fraud is higher than the risk of not detecting a misstatement due to error. Fraud often involves complex and sophisticated schemes designed by perpetrators to conceal it, such as forgery of approvals and authorizations for unusual cash disbursement transactions or intentional efforts to not record a transaction in the accounting records. And, individuals engaged in conducting a fraud often intentionally misrepresent information to the auditor, and they may try to conceal the transaction through collusion with others. As a result, explicitly focusing on the risks of material misstatements due to fraud helps the auditor apply professional skepticism as part of the auditor’s planning procedures.

Copyright © 2020 Pea rson Education Ltd.

8-5

8-10 Because a number of high profile instances of fraudulent financial reporting have involved misstatements in revenue recognition, auditing standards require the auditor to presume that risks of fraud exist i n revenue recognition. As a result, risks related to audit objectives for revenue transactions and related account balances and disclosures are presumed to be significant risks in most audits. If the auditor determines that the presumption is not applicable to a particular audit engagement, the auditor must document this conclusion in the working papers. 8-11 Auditing standards require the auditor to inquire of management about their assessment of the risk that the financial statements may be materially misstated due to fraud. As part of those inquiries, the auditor should ask management to describe the frequency of management’s assessment and the extent of their consideration of risks due to fraud, includi ng discussion about management’s processes that are designed to identify, respond to, and monitor the risks of fraud in the organization. Auditing standards require the auditor to make inquiries of management and others within the entity about their knowledge of any actual, suspected, or alleged fraud affecting the client and whether management has communicated any information about fraud risks to those charged with governance. 8-12 A significant risk represents an identified and assessed risk of material misstatement that, in the auditor’s professional judgment, requires special audit consideration. Auditing standards require the auditor to obtain an understanding of the entity’s controls relevant to significant risks to evaluate the design and implementation of those controls, and the auditor must perform substantive tests related to assertions deemed to have significant risks. 8-13 Significant non-routi ne transactions represent transactions that are unusual, either due to size or nature, and that are infrequent in occurrence. The terms of that transaction may be based on significant negotiations that include various buy-back provisions and warranties that increase risks of material misstatement related to revenue recognition and receivables collection. It is the auditor’s responsibility to identify significant non-routine transactions which may increase the risk of material misstatement because they often involve a greater extent of management intervention, including more reliance on manual versus automated data collection and processing. Moreover, they can involve complex calculations or unusual accounting principles not subject to effective internal controls due to their infrequent nature. Related party transactions often reflect these characteristics, thereby increasing the likelihood of them bei ng considered to be significant risks. 8-14 Inherent risk and control risk relate to the risk of material misstatement at the assertion level. Inherent risk measures the auditor’s assessment of the susceptibility of an assertion to material misstatement, before considering the effecti veness of related internal controls. Control risk measures the auditor’s assessment of the risk that a material misstatement could occur in an assertion Copyright © 2020 Pea rson Education Ltd.

8-6

and not be prevented or detected and corrected on a timely basis by the client’s internal controls. 8-15 An increase in planned detection risk may be caused by an increase in acceptable audit risk or a decrease in either control risk or inherent risk. A decrease in planned detection risk is caused by the opposite: a decrease in acceptable audit risk or an increase in control risk or i nherent risk. 8-16 Audit assurance is the complement of acceptable audit risk. The concept of acceptable audi t risk can be more easily understood by thinking i n terms of a large number of audits. Transactions between parent and subsidiary companies, and those between management and the corporate entity, are examples of related party transactions as defi ned by accounting standards. Because these transactions do not occur between two i ndependent parties dealing at “arm’s length,” a greater likeli hood exists that they may be misstated or i nadequately disclosed, causi ng an increase in inherent risk. 8-17 Inherent risk is set for audit objectives for segments rather than for the overall audi t because misstatements occur at the objective level withi n a segment. By identifyi ng expectations of misstatements i n segments, the auditor is thereby able to modify audit evidence by searching for misstatements in those segments. When inherent risk is i ncreased from medium to high, the auditor should increase the audit evidence accumulated to determine whether the expected misstatement actually occurred. 8-18 Extensi ve misstatements in the prior year ’ s audit would cause inherent risk to be set at a high level (maybe even 100%). A n i ncrease in inherent risk would lead to a decrease in planned detection risk, which would require that the auditor i ncrease the level of planned audit evidence. 8-19 ‘Engagement risk’ is the risk that the auditor or audit firm wi ll suffer harm after the audit is fi nished, even though the audit report was cor rect. Engagement risk is closely related to client business risk and therefore acceptable audit risk. For example, if a client declares bankruptcy after an audit is complete, the likelihood of a lawsuit against the CPA firm is reasonably high, even if the quality of the audit was high. It is worth noti ng that auditors disagree about whether engagement risk should be considered in planning the audi t. Opponents of modifying evidence for engagement risk contend that auditors do not provide audi t opinions for different levels of assurance and therefore should not provide more or less assurance because of engagement risk. Proponents contend that it is appropriate for auditors to accumulate addi tional evidence, assign more experienced personnel, and review the audit more thoroughly on audits where legal exposure is high or other potential adverse actions affecting the auditor exist, as long as the assurance level is not decreased below a reasonably high level when low engagement risk exists. Copyright © 2020 Pea rson Education Ltd.

8-7

8-20 When the auditor is i n a situation where he or she believes that there is a high exposure to legal liability, the acceptable audit risk would be set lower than when there is little exposure to liability. Even when the audi tor believes that there is little exposure to legal liability, there is still a minimum acceptable audit risk that should be met. 8-21 Planned detection risk is the risk that audit evidence for a segment will fail to detect misstatements that could be material, should such misstatements exist. In order to reduce this risk, the audi tor would i ncrease the amount of evidence they collect for a specific audit objective. For example, if the auditor wanted a low level of risk that audit procedures designed to test the existence of inventory fail to detect a material misstatement, they would increase the amount of inventory tested and/or the number of audit procedures performed. 8-22 Exact quantification of all components of the audit risk model required to use the model i n a meani ngful way. A n und erstanding relationships among model components and the effect that changes components have on the amount of evidence needed allow practitioners the audi t risk model i n a meaningful way.

is not of the in the to use

8-23 The audi tor should revi se the components o f the audi t risk model when the evidence accumulated during the audit i ndicates that the auditor ’ s original assessments of inherent risk or control risk are too low or too high or the original assessment of acceptable audi t risk is too low or too high. The audi tor should exercise care in determi ning the additional amount of evidence that will be required. This should be done wi thout the use of the audit risk model. If the audit risk model is used to determine a revised planned detection risk, there is a danger of not increasi ng the evidence sufficiently.

Copyright © 2020 Pea rson Education Ltd.

8-8

8-24 Audi t risk i s a measure of how willing the audi tor is to accept that the financial statements may be materially misstated after the audit is completed and an unmodified opi nion has bee n issued. An auditor cannot assess the risk of material misstatement without first deciding the si ze of misstatements that will be considered material. Materiality and audit risk are considered together in planning the nature and extent of risk assessment procedures to be performed, identifyi ng and assessi ng the risks of material misstatement, determining the nature, timing and extent of audi t procedures, and evaluati ng audit findings. 

Discussion Questions And Problems

8-25 a.

The following terms are professional judgment:         

b.

decisions requiring

Preliminary judgment about materiality Control risk Risk of fraud Inherent risk Risk of material misstatements Planned detection risk Significant risk Acceptable audit risk Performance materiality

The following terms are audit conclusions resulting from application of audit procedures and requiring professional judgment:   

c.

audit planning

Estimated total misstatement i n a segment Estimate of the combined misstatement Known mi...