Professional Documents
Culture Documents
Module 2 - AUDIT RISK
Module 2 - AUDIT RISK
The purpose of an audit is to reduce the audit risk to an appropriately low level through
adequate testing and sufficient evidence. Because creditors, investors, and other stakeholders
rely on the financial statements.
Audit risk is the risk that the auditor expresses an inappropriate opinion when the financial
statements are materially misstated. [ISA 200, 13c] This means that they give an unmodified
audit opinion when the financial statements are materially misstated.
Audit risk comprises the risk of material misstatement and detection risk.
WHAT IS A MISSTATEMENT?
▪ Identify areas of the financial statements where misstatements are likely to occur early
in the audit.
▪ Plan procedures that address the significant risk areas identified.
▪ Carry out an efficient, focused and effective audit.
▪ Reduce the risk of issuing an inappropriate audit opinion to an acceptable level.
▪ Minimise the risk of reputational and punitive damage.
ANNMARY XAVIER 1
TYPES OF RISK
Examples of the types of risk Let’s look at the three main components of the audit risk model
in a little bit more detail.
➢ Inherent risk :
Inherent risk is the susceptibility of an assertion about a class of transaction, account
balance or disclosure to misstatement that could be material, before consideration of
any related controls. [ISA 200, 13ni]
It is the risk that there is a misstatement that could be material, if there were no related
internal controls which could identify and trap that misstatement. Inherent risks can be
increased by complex transactions which are difficult to understand, inexperience staff,
a cash-based business (because cash is usually more difficult to record that bank
transfers), a pressure to perform (which may mean that some staff members who have
optimistic view of sales and costs), and short reporting deadlines.
Examples:
• Complex accounts
• Changes in management/staff
• Tight deadlines
• Estimates
• Weak control environment
• Scale, diversity, complexity of business
• Application of new accounting standards
• Going concern and liquidity issues including loss of significant customers
➢ Control risk :
Control risk is the risk that a misstatement that could occur and that could be material,
will not be prevented, or detected and corrected on a timely basis by the entity's internal
controls. [ISA 200, 13nii]
It is the risk that the material misstatement, having occurred, will not be prevented or
detected and corrected by the system of internal control. The main factors which affect
control risk are the control environment (i.e. the foundation for the other components
ANNMARY XAVIER 2
of the system of internal control), the design of the system of internal control itself, and
finally how well and consistently the system of internal control operates.
Examples :
• No segregation of duties
• No controls over access to assets
• No controls over access to IT
• Lack of personnel with appropriate accounting and financial reporting skills
➢ Detection risk :
Detection risk is the risk that the procedures performed by the auditor to reduce audit
risk to an acceptably low level will not detect a misstatement that exists and that could
be material. [ISA 200, 13e]
It is the failure of the auditor to detect the material misstatement in the financial
statements. This will be increased if the auditor was relatively inexperienced, if it was
a new client, if there was a lot of time and fee pressure, if planning was poor so the
entity was poorly understood, and if the auditor was straying into an industry where
they had little previous experience or expertise.
Detection risk comprises sampling risk and non-sampling risk:
• Sampling risk is the risk that the auditor's conclusion based on a sample is different
from the conclusion that would be reached if the whole population was tested, i.e. the
sample was not representative of the population from which it was chosen. [ISA 530
Audit Sampling, 5c]
• Non-sampling risk is the risk that the auditor's conclusion is inappropriate for any
other reason, e.g. the application of inappropriate procedures or the failure to recognise
a misstatement. [ISA 530, 5d]
ANNMARY XAVIER 3
PROFESSIONAL SCEPTICISM
Professional scepticism is: 'An attitude that includes a questioning mind, being alert to
conditions which may indicate possible misstatement due to fraud or error, and a critical
assessment of audit evidence.' [ISA 200, 13l]
This requires the audit team to have a good knowledge of how the client’s activities are likely
to affect its financial statements. The audit team should discuss these matters in a planning
meeting before deciding on the detailed approach and audit work to be used.
ANNMARY XAVIER 4
MATERIALITY - ISA 320
SIGNIFICANCE OF MATERIALITY
If the financial statements contain material misstatement they cannot be deemed to show a true
and fair view. As a result, the focus of an audit is identifying the significant risks of material
misstatement in the financial statements and then designing procedures aimed at identifying
and quantifying them.
• Whether the misstatement would affect the economic decision of the users
• Both the size and nature of misstatements
• The information needs of the users as a group. Materiality is a subjective matter and
should be considered in light of the client's circumstances.
MATERIAL BY SIZE
ISA 320 recognises the need to establish a financial threshold to guide audit planning and procedures.
For this reason the following benchmarks may be used as a starting point:
• .5 – 1% revenue
• .5 – 1% GP
• 1 – 2 % total assets
• 2 – 5% net assets
• 5 – 10% profit before tax
ANNMARY XAVIER 5
The above are common benchmarks but different audit firms may use different benchmarks or
different thresholds for each client.
MATERIAL BY NATURE
Materiality is not a purely financial concern. Some items may be material by nature. Examples
of items which are material by nature or material by impact include:
PERFORMANCE MATERIALITY
It is unlikely, in practice, that auditors will be able to design tests that identify individual
material misstatements. It is much more common that misstatements are material in aggregate
(i.e. in combination).
For this reason, ISA 320 introduces the concept of performance materiality.
Performance materiality is 'The amount set by the auditor at less than materiality for the
financial statements as a whole to reduce to an appropriately low level the probability that the
aggregate of uncorrected and undetected misstatements exceeds materiality for the financial
statements as a whole.’ [ISA 320, 9]
• The auditor sets performance materiality at a value lower than overall materiality, and
uses this lower threshold when designing and performing audit procedures.
• This reduces the risk that the auditor will fail to identify misstatements that are material
when added together.
ANNMARY XAVIER 6
ANNMARY XAVIER 7