Manila * Cavite * Laguna * Cebu * Cagayan De Oro * Davao
Since 1977
AT.3210
Identifying and Assessing
Risks of Material Misstatements
References:
a. PSA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements
b. PSA 315, Identifying and Assessing the Risks of Material Misstatements
c. PSA 330, The Auditor’s Responses to Assessed Risks
LECTURE NOTES
Why do auditors identify and assess risks of material
misstatement (ROMM)?
Auditors find it more effective and efficient to focus the audit
work on the areas that are riskier and therefore have a
greater possibility of being materially misstated. The
process of identifying and assessing risks of material
misstatement is very much a matter of professional
judgment.
How do auditors identify and assess ROMM?
This activity utilizes the auditor’s thorough understanding of
the entity, and therefore, is central to the process of
identifying and assessing the risks of material
misstatement. Without these understanding auditors are
unlikely be able to effectively identify the risks of material
misstatement in the financial statements.
The greater the magnitude of the material class of
transaction, account balance, or disclosure, the greater is
the potential for that material class of transaction, account
balance, or disclosure to give rise to a risk of material
misstatement.
What is Risk of Material Misstatement (ROMM)?
Risk of material misstatement is the risk that the financial
statements are materially misstated prior to audit.
The auditor is required to identify and assess the risks of
material misstatement at:
• the financial statement level; and
• the assertion level for classes of transactions, account
balances, and disclosures consisting of two
components: inherent risk and control risk.
Identification and Assessment of ROMM
The auditor, in identifying and assessing risks of material
misstatement, is required to:
1. Identify risks throughout the process of obtaining an
understanding of the entity and its environment,
including relevant controls that relate to the risks, and
by considering the classes of transactions, account
balances, and disclosures in the financial statements;
2. Assess the identified risks, and evaluate whether they
relate more pervasively to the financial statements as a
whole and potentially affect many assertions;
3. Relate the identified risks to what can go wrong at the
assertion level, taking account of relevant controls that
the auditor intends to test; and
4. Consider the likelihood of misstatement, including the
possibility of multiple misstatements, and whether the
potential misstatement is of a magnitude that could
result in a material misstatement.
Page 1 of 6 www.teamprtc.com.ph
SOLIMAN/UY/RICAFRENTE
MAY 2022
Process of Identifying Risks of Material Misstatement
Information gathered by performing risk assessment
procedures, including the audit evidence obtained in
evaluating the design of controls and determining whether
they have been implemented, is used as audit evidence to
support the risk assessment. The risk assessment
determines the nature, timing, and extent of further audit
procedures to be performed.
Conditions and Events that May Indicate Risks of Material
Misstatement
The following are examples of conditions and events that
may indicate the existence of risks of material
misstatement.
• Operations in regions that are economically unstable.
• Operations exposed to volatile markets.
• Operations that are subject to a high degree of complex
regulation.
• Going concern and liquidity issues including loss of
significant customers.
• Constraints on the availability of capital and credit.
• Changes in the industry in which the entity operates.
• Changes in the supply chain.
• Developing or offering new products or services.
• Expanding into new locations.
• Changes in the entity such as large acquisitions or
reorganizations or other unusual events.
• Entities or business segments likely to be sold.
• The existence of complex alliances and joint ventures.
• Use of off-balance-sheet finance, special-purpose
entities, and other complex financing arrangements.
• Significant transactions with related parties.
• Lack of personnel with appropriate accounting and
financial reporting skills.
• Changes in key personnel including departure of key
executives.
• Weaknesses in internal control, especially those not
addressed by management.
• Inconsistencies between the entity’s IT strategy and its
business strategies.
• Changes in the IT environment.
• Installation of significant new IT systems related to
financial reporting.
• Inquiries into the entity’s operations or financial results
by regulatory or government bodies.
• Past misstatements, history of errors or a significant
amount of adjustments at period end.
• Significant amount of non-routine or non-systematic
transactions.
• Transactions that are recorded based on management’s
intent, for example, debt refinancing.
• Application of new accounting pronouncements.
AT.3210
EXCEL PROFESSIONAL SERVICES, INC.
• Accounting measurements that involve complex
processes.
• Events or transactions that involve significant
measurement uncertainty, including accounting
estimates.
• Pending litigation and contingent liabilities, for example,
sales warranties, financial guarantees and
environmental remediation.
Assessing Risks of Material Misstatement, and Evaluating
Whether Pertaining to Financial Statements Level
Note that when the identified and assessed risks of material
misstatement pertain to financial statement level, the
auditor shall relate those risks to assertion level since the
auditor’s further audit procedures (i.e., test of controls and
substantive procedures) are only at assertion level.
Relating Controls to Assertions
In making risk assessments, the auditor may identify the
controls that are likely to prevent, or detect and correct,
material misstatement in specific assertions. Generally, it is
useful to obtain an understanding of controls and relate
them to assertions in the context of processes and systems
in which they exist because individual control activities often
do not in themselves address a risk. Often, only multiple
control activities, together with other components of
internal control, will be sufficient to address a risk.
What are Significant Risks?
Significant risk is an identified and assessed risk of material
misstatement that, in the auditor’s
judgment, requires special audit consideration. The auditor
shall determine whether any of the risks identified are, in
the auditor’s judgment, a significant risk.
Auditors are required to obtain an understanding of the
entity’s controls, including control activities, relevant to
significant risks. For example, where there are one-off
events such as the receipt of notice of a significant lawsuit,
consideration of the entity’s response may include such
matters as whether it has been referred to appropriate
experts (such as internal or external legal counsel), whether
an assessment has been made of the potential effect, and
how it is proposed that the circumstances are to be
disclosed in the financial statements.
DISCUSSION QUESTIONS
Introduction: Audit Risk
1. Audit risk consists of inherent risk, control risk, and
detection risk. Which of the following statements is not
true regarding audit risk assessment?
a. The auditor studies the business and industry and
applies analytical procedures as a basis for
assessing inherent risk.
b. The auditor studies and evaluates internal control
policies and procedures for assessing control risk.
c. The auditor designs substantive audit procedures to
reduce detection risk to an acceptable level.
d. When control risk and inherent risk are high, the
auditor increases detection risk to maintain overall
audit risk at the desired level.
2. Which of the following best describes the relationship
between IR, CR, and DR?
Page 2 of 6 www.teamprtc.com.ph
What are the risks for which Substantive Procedures
Alone Do Not Provide Sufficient Appropriate Audit
Evidence (SAAE)?
These risks may relate to:
• the inaccurate or incomplete recording of routine and
significant classes of transactions or account balances,
• the characteristics of which often permit highly
automated processing with little or no manual
intervention.
For example, the auditor may consider this to be the case
in circumstances where a significant amount of an entity’s
information is initiated, recorded, processed, or reported
only in electronic form such as in an integrated system. In
such cases:
• Audit evidence may be available only in electronic form,
and its sufficiency and appropriateness usually depend
on the effectiveness of controls over its accuracy and
completeness.
• The potential for improper initiation or alteration of
information to occur and not be detected may be
greater if appropriate controls are not operating
effectively.
The entity’s controls over such risks are relevant to the audit
and the auditor shall obtain an understanding of them.
Revision of Risk Assessment
The auditor’s assessment of the risks of material
misstatement at the assertion level may change during the
course of the audit as additional audit evidence is obtained.
Documentation
The auditor shall document:
• The identified and assessed risks of material
misstatements at the financial statements level and at
the assertion level; and
• The risks identified, and related controls about which
the auditor has obtained an understanding.
a. DR does not vary from one assertion to another.
b. IR, CR, and DR vary from assertion to assertion.
c. IR and CR do not vary from assertion to assertion,
but DR does vary from assertion to assertion.
d. When IR increases, DR decreases.
3. Which of the following statements is true?
a. The risk that material misstatement will not be
prevented or detected on a timely basis by internal
control can be reduced to zero by effective controls.
b. Detection risk is a function of the efficiency of an
auditing procedure.
c. The existing levels of inherent risk, control risk, and
detection risk can be changed at the discretion of
the auditor.
d. Cash is more susceptible to theft than an inventory
of coal because it has a greater inherent risk.
AT.3210
EXCEL PROFESSIONAL SERVICES, INC.
4. Inherent risk and control risk differ from detection risk
in that inherent risk and control risk
a. arise from the misapplication of auditing procedures
b. may be assessed in either quantitative or
nonquantitative terms
c. exist independently of the financial statement audit
d. can be changed at the auditor’s discretion
5. Which of the following is an incorrect statement?
a. Detection risk cannot be changed at the auditor’s
discretion
b. Detection risk bears an inverse relationship to
inherent and control risks
c. The greater the inherent and control risks the
auditor believes exists, the less detection risk that
can be accepted
d. The auditor might separate or combined
assessments of inherent risk and control risk
The risk of material misstatements on financial
statements
6. A risk of material misstatement is
a. an identified and assessed risk of material
misstatement that, in the auditor’s judgment,
requires special audit consideration.
b. a risk that may relate to the inaccurate or
incomplete recording of routine and significant
classes of transactions or account balances, the
characteristics of which often permit highly
automated processing with little or no manual
intervention.
c. the risk that the financial statements are materially
misstated prior to audit.
d. the risk that relate pervasively to the financial
statements as a whole, and potentially affect many
assertions that could be considered material.
7. Which of the following is(are) risks of material
misstatement levels an auditor is required to identify
and assess?
a. at the assertion level for each material account and
disclosure consisting of two components: inherent
risk and control risk.
b. at the financial statement level as a whole
potentially affecting many assertions.
c. either a or b.
d. both a and b.
8. The auditor uses the understanding of the entity and its
environment, including internal control, to identify and
assess risks of material misstatement. The process of
identifying and assessing risks of material misstatement
include
a. Evaluating whether the risks relate more
pervasively to the financial statements as a whole
and potentially affect many assertions
b. Identifying material account balances, class of
transactions, and disclosures in financial
statements.
c. Relating the risks identified to financial statements
assertions.
d. All of the above.
9. It refers to an account or disclosure that has a
reasonable possibility of containing a material
misstatement regardless of the effect of internal
controls.
a. Significant account or disclosure
b. Pervasive account or disclosure
Page 3 of 6 www.teamprtc.com.ph
c. Significant assertion
d. Pervasive assertion
10. In determining which financial statement accounts and
disclosures are material, an auditor shall consider
a. Quantitative factor by using the materiality levels.
b. Qualitative factors taking into account the
possibility of material misstatement.
c. Both a and b.
d. Neither a nor b.
11. Which of the following is most likely a risk of material
misstatement at the assertion level?
a. Weak control environment.
b. Going concern problem.
c. Declining economy.
d. Delayed recording of accounts payable.
12. Why do assertions of financial statements have risks of
material misstatement?
a. Because assertions have susceptibility to material
misstatement due to their complexity and
uncertainty.
b. Because a misstatement that could occur in an
assertion will not be prevented, or detected and
corrected, on a timely basis by the entity’s internal
control.
c. Both a and b.
d. Neither a nor b.
13. A __________ is a management assertion that has a
reasonable possibility of containing a material
misstatement without regard to the effect of internal
controls.
a. Relevant assertion
b. Pervasive assertion
c. Risky assertion
d. Fraudulent assertion
Significant Risk
14. Significant risks are assessed risks of material
misstatement that, in the auditor’s judgment, require
special audit consideration. The auditor is _______ to
determine whether any of the risks identified are, in the
auditor’s judgment, a significant risk.
a. encouraged c. required
b. not permitted d. allowed
15. Which of the following is required of the auditor when
the assessed risk of material misstatement is judged to
be a significant risk?
a. To obtain an understanding of the entity’s controls,
including control activities, relevant to significant
risks.
b. To perform test of controls.
c. To be audited by test of details substantive
procedures in all cases.
d. All of the above.
16. Which of the following risks of material misstatement
may least likely be judged as significant risk?
a. The risk is a risk of fraud.
b. The risk is related to recent significant economic,
accounting or other developments.
c. The risk relates to complex, unusual and subjective
transactions.
d. The risk involves significant transactions with
unrelated parties.
AT.3210
EXCEL PROFESSIONAL SERVICES, INC.

17. PSA 240, The Auditor’s Responsibilities Relating to d. Loss of financing due to the entity’s inability to meet
Fraud in an Audit of Financial Statements, presumes financing requirements.
which of the following to have significant risks relating
to fraud? 22. Which of the following conditions and events least likely
a. Improper revenue recognition. indicate the existence of risks of material
b. Management override of internal control. misstatement?
c. Both a and b. a. Changes in the supply chain.
d. Neither a nor b. b. Expanding into new locations.
c. Inquiries into the entity’s operations or financial
18. Statement 1: Risks for which substantive procedures results by regulatory or government bodies.
alone do not provide sufficient appropriate audit d. Consistency of the entity’s IT strategy and its
evidence may include risks of inaccurate or incomplete business strategies.
highly automated processing for routine and significant
classes of transactions such as an entity’s revenue, 23. The factors that suggest that an account is susceptible
purchases, and cash receipts or cash payments. to material misstatement include:
a. b. c. d.
Statement 2: The auditor may not obtain an
Higher size Yes Yes Yes No
understanding of relevant controls over risks for which
Greater liquidity Yes Yes Yes Yes
substantive procedures alone do not provide sufficient
appropriate audit evidence. Higher volume Yes No Yes No
a. True, True c. True, False Complexity No Yes Yes Yes
b. False, False d. False, True Subjective estimates No No Yes Yes

Process of Identifying and Assessing ROMM 24. Inherent risk (relating to existence assertion) is often
low for an account such as:
19. Determine the most logical order of assessing the risks a. Accounts receivable.
of material misstatements as indicated in PSA 315? b. Marketable securities.
I. Consider the likelihood of misstatement, including c. Cash.
the possibility of multiple misstatements, and d. Inventory.
whether the potential misstatement is of a
magnitude that could result in a material Step 2—Relate Risks to WCGW at the Assertion Level and
misstatement. Relevant Controls (Assessing Control Risk)
II. Assess the identified risks (if it is a significant risk),
and evaluate whether they relate more pervasively 25. Auditors often assess which of the risks for assets and
to the financial statements as a whole and income accounts of financial statements?
potentially affect many assertions; a. Overstatement. c. Either a or b.
III. Identify risks throughout the process of obtaining b. Understatement. d. Both a and b.
an understanding of the entity and its environment,
including relevant controls that relate to the risks, 26. An auditor most likely would make inquiries of
and by considering the classes of transactions, production and sales personnel concerning possible
account balances, and disclosures in the financial obsolete or slow-moving inventory to support
statements management's financial statement assertion of
IV. Relate the identified risks to what can go wrong at a. Valuation. c. Existence.
the assertion level, taking account of relevant b. Rights. d. Presentation.
controls that the auditor intends to test;
a. I, II, III and IV c. III, II, I and IV 27. Failure to record the acquisition of goods is a violation
b. III, II, IV and I d. IV, III, I and II of which audit objective?
a. Accuracy c. Authorization
Step 1—Identify, Assess, and Relate Risks to Financial b. Occurrence d. Completeness
Statements (Assessing Inherent Risk)
28. Control risk should be assessed in terms of
20. Which statement is correct regarding business risk? a. Specific controls.
a. The risk of material misstatement of the financial b. Types of potential fraud.
statements is broader than business risk, though it c. Financial statement assertions.
includes the latter d. Control environment factors.
b. The auditor should identify or assess all business
risks 29. Assessing the level of control risk is based on the
c. All business risks give rise to risks of material a. Susceptibility of an assertion to material
misstatements misstatement.
d. A business risk may have an immediate b. Effectiveness of the design and implementation of
consequence for the risk of misstatement for internal control.
classes of transactions, account balances, and c. Both a and b.
disclosures in the assertion level or the financial d. Neither a nor b.
statements as a whole
30. After obtaining an understanding of an entity’s internal
21. A potential business risk created by new products may controls, an auditor may assess control risk at the
most likely include maximum for some assertions because the auditor:
a. Increased product liability a. Believes internal control activities are unlikely to be
b. Increased legal exposure effective.
c. The entity does not have the personnel or expertise b. Determines that internal control is not well-
to deal with the changes in the industry. documented.

Page 4 of 6 www.teamprtc.com.ph AT.3210

EXCEL PROFESSIONAL SERVICES, INC.
c. Performs tests of controls to restrict detection of
risk to an acceptable level.
d. Identifies control activities that are likely to prevent
material misstatements.
31. Which of the following assessed level of control risk
tests of controls are not performed?
a. High.
b. Moderate.
c. Low.
d. Below maximum.
Step 3—Consider Likelihood & Magnitude of Misstatement
32. While assessing the risks of material misstatement
auditors identify risks, relate risk to what could go
wrong, consider the magnitude of risk and
a. Assess the risk of misstatement due to illegal acts.
b. Consider the complexity of the transactions
involved
c. Consider the likelihood that the risks could result in
material misstatements
d. Determine materiality levels
33. The likelihood of misstatement refers to the probability
of occurrence of risk. The auditor could evaluate this
probability as
a. High.
b. Moderate.
c. Low.
d. Any of the above.
34. The magnitude of misstatement refers to the impact of
misstatement if it could be material. In evaluating
magnitude of misstatement, an auditor most likely uses
a. Materiality for the financial statements as a whole.
b. Materiality for particular financial statement
accounts and disclosures.
c. Performance materiality.
d. Clearly trivial misstatement.
Combined Inherent Risk x Control Risk
35. Combining the assessed levels of inherent risk and
control risk gives result to
a. Assessed level of risk of material misstatement
(ROMM) at the assertion level.
b. Acceptable level of detection risk at the assertion
level.
c. Acceptably low of audit risk at the assertion level.
d. All of the above.
36. Assume that control risk = 0.70, inherent risk = 0.80,
and audit risk = 0.05. If a material misstatement
occurred and was not corrected by the auditee’s internal
controls, what is the risk that the misstatement would
not be detected by the audit procedures?
a. 0.02 c. 0.09
b. 0.07 d. 0.50
Responding to Risk of Material Misstatement
37. Which of the following is the most valid reason why
auditors need to design and implement responses to
assessed risks of material misstatement?
a. to gain reasonable assurance that all fraud and
errors will be detected.
b. to obtain sufficient appropriate audit evidence about
the assessed risks as a basis for the auditor’s
opinion.
Page 5 of 6 www.teamprtc.com.ph
c. to afford management with a relief of its
responsibility over the financial statements.
d. to provide management with resolutions to the
assessed risks.
Responses Planning Documents
38. The auditor’s overall responses to risks of material
misstatement at financial statements level are least
likely documented in
a. A stand-alone document.
b. The overall audit strategy.
c. The detailed audit program.
d. All of the above.
Overall Responses at Financial Statements Level
ROMM
39. The auditor should determine overall responses to
address the risks of material misstatement at the
financial statement level. Such responses least likely
include
a. Emphasizing to the audit team the need to maintain
professional skepticism in gathering and
evaluating audit evidence
b.Assigning more experienced staff or those with
special skills or using experts.
c. Incorporating additional elements of
unpredictability in the selection of further audit
procedures to be performed.
d.Performing substantive procedures at an interim
date instead of at period end.
40. The auditor should determine overall responses to
address the risks of material misstatement at the
financial statement level. Such responses most likely
include
a. Providing more supervision.
b. Making general changes to the nature, timing, or
extent of procedures.
c. Both a and b.
d. Neither a nor b.
41. How would an auditor most appropriately respond to a
heightened assessed risk of material misstatement?
a. By obtaining a management representation letter.
b. By assigning more experienced staff or those with
specialized skills to high-risk areas.
c. By performing analytical procedures, but not
substantive procedures, at period end.
d. By performing tests of controls at interim-and
period-end dates.
Material Accounts and Disclosures—All Assertions
42. Paragraph 18 of PSA 330 requires substantive
procedures to be performed for each material class of
transactions, account balance, and disclosure
irrespective of the assessed risks of material
misstatement (ROMM). This reflects the fact that:
a. The auditor’s assessment of risk is judgmental and
so may not identify all risks of material
misstatement.
b. There are inherent limitations to internal control,
including management override.
c. Both a and b.
d. Neither a nor b.
43. Regardless of the assessed level of control risk, an
auditor would perform some
AT.3210
EXCEL PROFESSIONAL SERVICES, INC.

a. Tests of controls to determine the effectiveness of to those assertions, that do not have assessed risks of
internal control policies. material misstatement.
b. Analytical procedures to verify the design of internal
When an account or a disclosure in the financial
control.
statements is deemed material, but have very low
c. Substantive tests (which may be either tests of
assessed risks of material misstatement, the auditor
transactions, direct test of balances, or analytical
does not need to perform any further audit procedures
tests) to restrict detection risk for significant
for such an item.
transaction classes.
a. True, True c. True, False
d. Dual-purpose tests to evaluate both the risk of
b. False, False d. False, True
monetary misstatement and preliminary control
risk.
49. Which of the following models expresses the general
relationship of risks associated with the auditor's
44. Examples of minimum substantive procedures to
evaluation of internal control (CR), study of the business
comply with Paragraph 18 of PSA 330 include:
and application of analytical procedures (IR), and
I. Obtaining a complete list of items that make up
overall audit risk (AR), that would lead the auditor to
a period-end balance.
conclude that additional substantive tests of details of
II. Comparing the current period’s balance with
an account balance are not necessary?
that of the preceding period.
IR CR AR
III. Obtaining reasons for fluctuations.
a. 20% 40% 10%
IV. Performing some period-end cutoff procedures.
b. 20% 60% 5%
a. I c. I, II, and III
c. 10% 70% 4.5%
b. I and II d. I, II, III, and IV
d. 30% 40% 5.5%
Responses at Assertion Level ROMM
50. Each of the following might, by itself, form a valid basis
for an auditor to decide to omit a test except for the
45. An auditor’s responses at the assessed risks of material
a. Difficulty and expense involved in testing a
misstatement at the assertion level may include
particular item.
a. Tests of controls only.
b. Assessment of the risk of material misstatement at
b. Substantive procedures only.
a low level.
c. A combination of tests of controls and substantive
c. Assessment of inherent risk at a low level.
procedures.
d. The immateriality of the item under audit.
d. Any of the above.
End of AT.3210
46. An auditor’s responses at assertion level least likely
include
a. General audit approach such as substantive
procedures alone, or combined approach of tests of
controls and substantive procedures, for the overall
direction of the audit.
b. Test of controls of credit approval process of sales
for valuation assertion of accounts receivable.
c. Test of details of inventory balances to actual
inventory during the physical count for existence
assertion.
d. Substantive analytical procedures for completeness
assertion of accounts payable.

47. Which of the following statements regarding tests of

controls is false?
a. Where key controls are in place (that are likely to
operate effectively) to address certain assertions,
tests of controls may be performed to obtain the
necessary evidence about an assertion.
b. Tests of controls performed to reduce risk to a low
level (requiring a larger sample size) may provide
the majority of evidence required for a particular
assertion.
c. Tests of controls could be performed to reduce risk
to a moderate level (requiring a slightly smaller
sample size). In this case, to obtain the required
evidence, the auditor would supplement the tests of
controls with substantive procedures that address
the same assertion.
d. Tests of controls are performed to eliminate
substantive procedures for each material class of
transactions, account balance, and disclosure.

48. Generally, the auditor does not need to perform

additional audit procedures to audit areas, specifically

Page 6 of 6 www.teamprtc.com.ph AT.3210