Chapter 3 Risk assessment I PDF

Preview

Summary

chapter 3 notes ...

Description

chapter 3: Risk assessment I Review questions 3.11

Explain the relationship between the risk assessment, risk response and r reporting phases of an audit.

The risk assessment phase is the first stage of an audit. During this phase the auditor adopts a broad view of the client as a whole and the industry in which it operates. The auditor focuses on gaining an understanding of the client during this phase in order to plan the audit. The auditor has to consider the risk of material misstatement in the client’s financial report. Where the risk assessment is higher, the auditor will usually plan to spend more time and/or do more extensive testing. The risk assessment phase includes  gaining an understanding of the client,  identifying significant accounts and transactions,  setting planning materiality,  identifying the factors that can go wrong in the audit,  gaining an understanding of key internal controls and  developing an audit strategy. The risk response phase is when the auditor does the detailed testing work for the audit (based on the results of the risk assessment phase). The reporting phase is when the auditor completes their work and issues the appropriate audit report.

3.12

What are the audit activities in the risk assessment phase of a financial report audit?

The risk assessment phase of a financial report audit helps the audit team identify the risks which could contribute to a material misstatement, and thus help identify the audit procedures that are most appropriate to the client’s characteristics and situation. An effective audit plan shows that a suitable amount of time is spent testing each major account and class of transaction. The audit procedures detailed in the plan are guided by the audit strategy chosen to suit the client’s risk factors and reporting requirements. The activities in the risk assessment phase focus on reading background material (including client documents and prior financial statements, industry and economy reports), interviewing senior management and board members, becoming familiar with the types of IT systems used by the client. Detailed testing is done in the risk response phase.

3.13

Why does an auditor need to consider the client’s corporate governance( 公司治 理) as part of the preliminary risk assessment?

The issues considered by the auditor during the preliminary risk assessment about corporate governance include: board structure, listing status, audit committee – overall, is governance likely to be effective(有效的)? Effective corporate governance ensures that companies are well managed and achieve their objectives. In particular, good corporate governance will be effective at identifying and controlling risks, including the risk of material misstatement in the financial report. An auditor will be interested in whether the corporate governance system at the client will be more effective in reducing risks in the financial report.

3.14

Why does an auditor need to understand a client’s IT system? Explain how IT issues affect the financial report.

IT is part of a company’s accounting processes, from transaction initiation to the financial reports. ASA 315 (ISA 315) requires the auditor to gain an understanding of client’s IT systems and its associated risks (para 18). Paragraphs A53-A59 (Application and other explanatory material) explain how IT benefits an entity’s internal controls but also poses specific risks to that internal control. For example, IT allows an entity to consistently perform complex calculations in processing large volumes of transactions or data. However, if that processing is inaccurate, reliance on those systems would be inappropriate because of the risk of material misstatement in the entity’s financial report. The auditor needs to understand where the risk of inaccurate processing lies within the IT system and whether the client has other controls (e.g. manual controls or other automated controls) over processing systems which would provide greater assurance that the reported figures are accurate.

3.15

What is a related party? Why is an auditor interested in identifying related parties during the risk assessment phase of an audit?

AASB124 Para 9 defines related party as a person or entity that is related to the entity preparing the financial statement( e.g. close member of the family has control or significant influence or holds a key management position in the reporting entity ; an entity is in joint venture or an associate of the reporting entity.) Auditors search for related parties during the risk assessment phase of an audit so that they consider the risks associated with transactions between the client and the related parties (such as whether sales between them are genuine and recorded at arm’s length), and to assess whether the client has made the required disclosures under AASB124 (IAS24). Omission(遗 漏) of required disclosure would require the auditor to issue a modified report ASA 550 (ISA 550) is a guidance for auditors’ responsibilities relating to related party relationships and transactions in an audit of a financial report As per Para 2, the standard notes that many related party transactions are in the normal course of business and pose no greater risk than any other transaction. However, under certain circumstances, transactions between the client and related parties can give rise to higher risks of material misstatements. The examples provided include: increased complexity of the arrangements and transactions; ineffective information systems for identifying or summarising the transactions and outstanding balances for related parties; transactions not conducted under normal market terms and conditions (e.g. no consideration).

3.16

When gaining an understanding of a client an auditor will be interested in an entity’s relationships with both its suppliers and customers. What aspects of these relationships will the auditor be interested in and how would they affect the assessment of audit risk?

Customers: Auditors are interested in the relationship between the audit client and its customers because this could affect the reliability of cashflow due to problems with collectability of debts from customers. If the relationship is poor, customers could withhold payment, hence, increases the settlement period for the accounts receivable (debtor). If the customers are not satisfied with the goods or services provided due to poor quality the audit client could be liable for warranty claims, therefore the auditor should check the reasonableness of provision for warranty claims (liability). Auditors are also interested in risks associated with the client’s reliance on a few major customers because non-payment or leaving of major customers can have significant effect on cashflow in the short term. However, in the long term, can be a going concern issues for the audit client

Suppliers:

Poor relations between the audit client and its suppliers could be indicators of cash flow problems for the client. The supplier could be supplying faulty goods, leading to issues with customers and problems with warranty claims. Poor relationship between the audit client and its suppliers could potentially affect the business operation of audit client and therefore affect the production and sales of the audit client. For audit client who entered into a contract with their suppliers could be locked into unfavourable arrangement over a period of time affecting its ability to survive as a going concern. If the client is not paying its suppliers on a timely basis, it might lose access to that supplier, affecting its ability to continue to trade. In both cases, the auditor would be interested in whether the other parties are located overseas because of the additional risks associated with international transactions and foreign exchange (which could apply to domestic trading partners as well).

3.17

What does the ‘entity’ level mean when gaining detailed knowledge of the client? How does this differ from the ‘industry’ level?

The entity level is the client firm level. The auditor gains knowledge about the specific client, such as the composition(组成) of the board of directors, the size of the client, how much debt it has, what IT systems it uses, who its related parties are, what are the significant accounts and classes of transactions and the closing procedures required for those accounts, the internal control system, and its related parties. The industry level is the information about the industry in which the client operates . Some clients operate across several industries, so the auditor would gather information about all the major industries in which the client operates. The information would include the nature and level of competition, whether the industry is exposed to foreign trade, whether sales and costs are generally increasing or not across the industry, the major companies operating in the industry, the major customers of, and suppliers to, the industry, the laws and regulations that affect the industry. The industry information is combined with the entity information (and the information about the broader economy factors) when considering whether the client is under pressure, for example as a going concern or factors increasing the risk of fraud.

3.18

Why would an auditor consider the state of the economy when gaining detailed knowledge of a client?

The auditor is interested in the state of the economy because it can affect an audit client in several ways. For example, if the economy is growing, the audit client is likely to be experiencing increased sales, but also difficulty getting qualified staff. Poorly qualified staff can be a risk because they are not properly training and can make mistakes. Growing economies can also cause increasing costs, such as fuel and rents. Managers may be under pressure to increase profits to demonstrate that they are a good investment. Economies that are in recession can have falling demand for the client’s products. Falling sales can lead to falling profits, and increase pressure on managers to inflate sales or cut corners in business operations. Managers could take the opportunity to ‘take a bath’ and overstate losses to allow rapid growth from a low base when conditions improve.

3.19

In the context of fraud, explain what ‘opportunities’ means.

The manager would be able to commit a fraud only if there is an opportunity to do so. An example of an opportunity would be an unlocked storeroom (for asset misappropriation) or loose controls over cut-off (to push a sale from one period to the next to create fraudulent financial reporting). If the manager did not have the incentive or pressure to commit the fraud, the opportunity would not lead to a fraud.

3.20 Explain the difference between ‘incentives and pressures’, and ‘attitudes and rationalisation’ in the context of fraud. Incentives and pressures are the motivating factors for the client’s personnel to commit fraud. For example, a regional manager could be under pressure to achieve a sales target to keep their job or to receive a bonus. This motivates the manager to consider fraud possibilities. Attitudes and rationalisation refer to the ethical beliefs of the manager and the more senior management of the client. If there is an attitude at the top that achieving sales targets is more important than following policies and procedures, then the manager could use this attitude to justify misstating sales for the period. Rationalisation refers to the view about the fraud, for example “They push me very hard and I work a lot of weekends, I am entitled to this bonus.” One way to characterise the difference between the two terms is that incentives and pressures ‘push’ someone towards committing fraud, and attitudes and rationalisation refer to the belief about fraud either before or after the event.

3.21

What does it mean when we say that a business is a ‘ going concern’ or, alternatively, has ‘going concern issues’? Why must an auditor specifically consider evidence about the going concern assessment for each client?

ASA 570 (ISA 570) states that under the going concern assumption, an entity is viewed as continuing in business for the foreseeable future. It also notes that a general purpose financial report is prepared on the going concern basis, unless management intends to liquidate the entity or to cease operations, or has no realistic alternative but to do so. When the going concern assumption is appropriate, assets and liabilities are recorded on the basis that the entity will be able to realise its assets and discharge its liabilities in the normal course of business. Therefore, if the going concern basis is not appropriate, the management should prepare a special purpose report which reflects that state. ‘Going concern issues’ mean that there is doubt about the going concern assumption’s applicability to the client’s financial report, and if these doubts are serious enough, the entity should prepare a special purpose report. The auditor must consider evidence about the appropriateness of the going concern assumption for the client in order to express the appropriate audit opinion. If there is not sufficient evidence to support the assumption, the auditor cannot issue an unqualified opinion on general purpose reports. If the going concern uncertainty is appropriately disclosed in the financial report by management and those charged with governance, the auditor can issue an unqualified audit opinion with an emphasis of matter paragraph. However, if adequate disclosure is not made in the financial report, the auditor shall express a qualified or adverse opinion.

3.22

What are mitigating( 减 轻 ) factors in the context of the going concern assessment? Give some examples of mitigating factors for a loss-making client.

Mitigating factors are factors that reduce the risk that the going concern assumption may be in doubt. For example, if the client has lost a key customer, this could raise doubt about its ability to continue as a going concern. However, this doubt would be mitigated by ongoing negotiations with a potential new customer. If the client is making a loss, doubt about its ability to continue in business could exist. This doubt could be mitigated by: - plans to introduce new profitable products - management planning to merge with another company - plans and progress towards expansion into another market - financial support from a parent (or any other factor indicating that the losses can be borne for some time without defaulting on debts etc.) - restructuring, retrenchment, downsizing plans (to cut costs)...