AUDIT RISK

The purpose of an audit is to reduce the audit risk to an appropriately low level through
adequate testing and sufficient evidence. Because creditors, investors, and other stakeholders
rely on the financial statements.

Audit risk is the risk that the auditor expresses an inappropriate opinion when the financial
statements are materially misstated. [ISA 200, 13c] This means that they give an unmodified
audit opinion when the financial statements are materially misstated.

Audit risk comprises the risk of material misstatement and detection risk.

Audit risk = Inherent risk * Control risk * Detection risk

Material misstatement = Inherent risk * Control risk

WHAT IS A MISSTATEMENT?

'A difference between the reported amount, classification, presentation, or disclosure of a

financial statement item and the amount, classification, presentation, or disclosure that is
required for the item to be in accordance with the applicable financial reporting framework.
Misstatements can arise from error or fraud.' [ISA 450 Evaluation of Misstatements Identified
During The Audit, 4a]

In conducting a thorough assessment of risk, auditors will be able to:

▪ Identify areas of the financial statements where misstatements are likely to occur early
in the audit.
▪ Plan procedures that address the significant risk areas identified.
▪ Carry out an efficient, focused and effective audit.
▪ Reduce the risk of issuing an inappropriate audit opinion to an acceptable level.
▪ Minimise the risk of reputational and punitive damage.

ANNMARY XAVIER 1
TYPES OF RISK

Examples of the types of risk Let’s look at the three main components of the audit risk model
in a little bit more detail.

➢ Inherent risk :
Inherent risk is the susceptibility of an assertion about a class of transaction, account
balance or disclosure to misstatement that could be material, before consideration of
any related controls. [ISA 200, 13ni]

It is the risk that there is a misstatement that could be material, if there were no related
internal controls which could identify and trap that misstatement. Inherent risks can be
increased by complex transactions which are difficult to understand, inexperience staff,
a cash-based business (because cash is usually more difficult to record that bank
transfers), a pressure to perform (which may mean that some staff members who have
optimistic view of sales and costs), and short reporting deadlines.

Examples:

• Complex accounts
• Changes in management/staff
• Tight deadlines
• Estimates
• Weak control environment
• Scale, diversity, complexity of business
• Application of new accounting standards
• Going concern and liquidity issues including loss of significant customers

➢ Control risk :
Control risk is the risk that a misstatement that could occur and that could be material,
will not be prevented, or detected and corrected on a timely basis by the entity's internal
controls. [ISA 200, 13nii]
It is the risk that the material misstatement, having occurred, will not be prevented or
detected and corrected by the system of internal control. The main factors which affect
control risk are the control environment (i.e. the foundation for the other components

ANNMARY XAVIER 2
 of the system of internal control), the design of the system of internal control itself, and
finally how well and consistently the system of internal control operates.
Examples :
• No segregation of duties
• No controls over access to assets
• No controls over access to IT
• Lack of personnel with appropriate accounting and financial reporting skills

➢ Detection risk :
Detection risk is the risk that the procedures performed by the auditor to reduce audit
risk to an acceptably low level will not detect a misstatement that exists and that could
be material. [ISA 200, 13e]
It is the failure of the auditor to detect the material misstatement in the financial
statements. This will be increased if the auditor was relatively inexperienced, if it was
a new client, if there was a lot of time and fee pressure, if planning was poor so the
entity was poorly understood, and if the auditor was straying into an industry where
they had little previous experience or expertise.
Detection risk comprises sampling risk and non-sampling risk:
• Sampling risk is the risk that the auditor's conclusion based on a sample is different
from the conclusion that would be reached if the whole population was tested, i.e. the
sample was not representative of the population from which it was chosen. [ISA 530
Audit Sampling, 5c]
• Non-sampling risk is the risk that the auditor's conclusion is inappropriate for any
other reason, e.g. the application of inappropriate procedures or the failure to recognise
a misstatement. [ISA 530, 5d]

Ways to decrease detection risks;

• Increase sample size
• Adequate planning
• Assignment of more experienced personnel to the engagement team
• The application of professional scepticism

ANNMARY XAVIER 3
PROFESSIONAL SCEPTICISM

Professional scepticism is: 'An attitude that includes a questioning mind, being alert to
conditions which may indicate possible misstatement due to fraud or error, and a critical
assessment of audit evidence.' [ISA 200, 13l]

This requires the audit team to have a good knowledge of how the client’s activities are likely
to affect its financial statements. The audit team should discuss these matters in a planning
meeting before deciding on the detailed approach and audit work to be used.

How to apply professional scepticism

Professional scepticism requires the auditor to be alert to:

• Audit evidence that contradicts other audit evidence.

• Information that brings into question the reliability of documents and responses to
enquiries to be used as audit evidence.
• Conditions that may indicate possible fraud.
• Circumstances that suggest the need for audit procedures in addition to those required
by ISAs.

ANNMARY XAVIER 4
 MATERIALITY - ISA 320

'Misstatements, including omissions, are considered to be material if they, individually or in

the aggregate, could reasonably be expected to influence the economic decisions of users taken
on the basis of the financial statements.' [ISA 320 Materiality in Planning and Performing an
Audit, 2]

SIGNIFICANCE OF MATERIALITY

If the financial statements contain material misstatement they cannot be deemed to show a true
and fair view. As a result, the focus of an audit is identifying the significant risks of material
misstatement in the financial statements and then designing procedures aimed at identifying
and quantifying them.

HOW IS MATERIALITY DETERMINED?

The determination of materiality is a matter of professional judgment. The auditor must

consider:

• Whether the misstatement would affect the economic decision of the users
• Both the size and nature of misstatements
• The information needs of the users as a group. Materiality is a subjective matter and
should be considered in light of the client's circumstances.

MATERIAL BY SIZE

ISA 320 recognises the need to establish a financial threshold to guide audit planning and procedures.
For this reason the following benchmarks may be used as a starting point:

• .5 – 1% revenue
• .5 – 1% GP
• 1 – 2 % total assets
• 2 – 5% net assets
• 5 – 10% profit before tax

ANNMARY XAVIER 5
The above are common benchmarks but different audit firms may use different benchmarks or
different thresholds for each client.

MATERIAL BY NATURE

Materiality is not a purely financial concern. Some items may be material by nature. Examples
of items which are material by nature or material by impact include:

• Misstatements that affect compliance with regulatory requirements.

• Misstatements that affect compliance with debt covenants.
• Misstatements that, when adjusted, would turn a reported profit into a loss for the year.
• Misstatements that, when adjusted, would turn a reported net-asset position into a net-
liability position.
• Transactions with directors, e.g. salary and benefits, personal use of assets, etc.
• Disclosures in the financial statements relating to possible future legal claims or going
concern issues, for example, could influence users' decisions and may be purely
narrative. In this case a numerical calculation is not relevant.

PERFORMANCE MATERIALITY

It is unlikely, in practice, that auditors will be able to design tests that identify individual
material misstatements. It is much more common that misstatements are material in aggregate
(i.e. in combination).

For this reason, ISA 320 introduces the concept of performance materiality.

Performance materiality is 'The amount set by the auditor at less than materiality for the
financial statements as a whole to reduce to an appropriately low level the probability that the
aggregate of uncorrected and undetected misstatements exceeds materiality for the financial
statements as a whole.’ [ISA 320, 9]

• The auditor sets performance materiality at a value lower than overall materiality, and
uses this lower threshold when designing and performing audit procedures.
• This reduces the risk that the auditor will fail to identify misstatements that are material
when added together.

ANNMARY XAVIER 6
ANNMARY XAVIER 7