CHAPTER 1 THE NATURE, PURPOSE, SCOPE OF AUDIT AND ASSURANCE

SERVICES
1.1. Meaning Of Audit
1.2. Assurance Services: Overview
1.3. Why Audits are Conducted
1.4. Types of Audit and Auditors

Introduction

There is now more information available than ever before, both to businesses and about
businesses. Corporations maintain large databases that provide detailed information on suppliers
and customers. Various credit agencies collect information on individuals and sell this
information to fnancial institutions. The websites of publicly listed companies provide a wealth
of information, including annual reports containing fnancial statements, to investors and
potential investors. In all of these situations, there is a need for the information to be reliable,
credible, relevant, and timely. Auditing and assurance services can ensure that information
meets these criteria.
Reliable information is necessary if managers, investors, creditors, and regulatory agencies are
to make informed decisions about resource allocation. Auditing and assurance services play an
important role in this process.
Auditing and audited fnancial statements are important to both private and public enterprise. By
the audit function, the users of the fnancial statements have reasonable assurance that the
fnancial statements do not contain material misstatements or omissions.

An Audit Defned

International auditing education starts with a thorough understanding of what we mean by an

audit. There is no defnition of an audit, per se, in the International Standards on Auditing. The
defnition given in ISA 20000 states the objective of an audit of fnancial statements is to enable the
auditor to express an opinion whether the fnancial statements are prepared, in all material
respects, in accordance with an identifed fnancial reporting framework. The phrases used to
express an auditor’s opinion are “give a true and fair view” or “present fairly, in all material
respects”, which are equivalent terms.

Two problems with the ISA 20000 defnition are that it restricts an audit to examination of the
fnancial statements and some auditors believe that the terms “present fairly” and “true and fair
view” are not equivalent. Although the great majority of audit work today is fnancial auditing,
operational auditing and compliance auditing are becoming more and more important. Some
auditors say “present fairly,” means in accordance with laws and regulations. “True and fair”,
they say, includes the possibility of deviating from law and regulation when that deviation
provides a “true” view.

A better, more general, defnition of auditing is:

An audit is a systematic process of objectively obtaining and evaluating evidence regarding

assertions about economic actions and events to ascertain the degree of correspondence
between these assertions and established criteria, and communicating the results to interested
users.

Components of the Audit Defnition

1
An audit is a systematic approach. The audit follows a structured, documented plan (audit
plan). In the process of the audit, accounting records are analyzed by the auditors using a variety
of generally accepted techniques. The audit must be planned and structured in such a way that
those carrying out the audit can fully examine and analyze all important evidence. An audit is
conducted objectively. An audit is an independent, objective and expert examination and
evaluation of evidence. Auditors are fair and do not allow prejudice or bias to override their
objectivity. They maintain an impartial attitude. The auditor obtains and evaluates evidence. The
auditor assesses the reliability and sufciency of the information contained in the underlying
accounting records and other source data by:

o studying and evaluating accounting systems and internal controls on which he wishes to rely
and testing those internal controls to determine the nature, extent and timing of other
auditing procedures; and
o carrying out such other tests, inquiries and other verifcation procedures of accounting
transactions and account balances, as he considers appropriate in the particular
circumstances.

The evidence obtained and evaluated by the auditor concerns assertions about economic actions
and events. The basis of evidence – gathering objectives, what the evidence must prove, are the
assertions of management. Assertions are representations by management, explicit or
otherwise, that are embodied in the fnancial statements. One assertion of management about
economic actions is that all the assets reported on the balance sheet actually exist at the
balance sheet date. The assets are real, not fctitious. This is the existence assertion.
Furthermore, management asserts that the company owns all these assets. They do not belong
to anyone else. This is the rights and obligations assertion. The auditor ascertains the degree of
correspondence between assertions and established criteria. The audit program tests most
assertions by examining the physical evidence of documents, confrmation, inquiry, and
observation. The auditor examines the evidence for the assertion presentation and disclosure to
determine if the accounts are described in accordance with the applicable fnancial reporting
framework, such as IFRS, local standards or regulations and laws.

The goal, or objective, of the audit is communicating the results to interested users. The audit is
conducted with the aim of expressing an informed and credible opinion in a written report. If the
item audited is the fnancial statements, the auditors must state that in their opinion the
statements “give a true and fair view” or “present fairly, in all material respects’’ the fnancial
position of the company. The purpose of the independent expert opinion is to lend credibility to
the fnancial statements. The communication of the auditor’s opinion is called attestation, or the
attest function. In an audit this attestation is called the “audit report”

General Principles Governing an Audit of Financial Statements

Although a public auditor can also examine non – fnancial information, such as compliance with
company policies or environmental regulations, the majority of audit work is concerned with the
fnancial statements. The fnancial statements audited under international standards are the
balance sheets, income statements and cash fow statements and the notes thereto. The frst
International Standard on Auditing, ISA (ISA 20000) discusses the principles governing an audit of
fnancial statements.

2
General Principles Standard ISA 200

ISA 20000 states that an auditor should comply with the Code of Ethics for Professional
Accountants issued by IFAC. The ethical principles governing the auditor’s professional
responsibilities are: independence, integrity, objectivity, professional competence and
due care, confdentiality, professional behavior, and technical standards.

ISA 20000 further states that the auditor should conduct an audit in accordance with International
Standards on Auditing. The auditor would plan and perform the audit with an attitude of
professional skepticism recognizing that circumstances may exist which cause the fnancial
statements to be materially misstated.

The term scope of an audit refers to the audit procedures deemed necessary in the
circumstances to achieve the objective of the audit. ISA 20000 states:

The procedures required to conduct an audit in accordance with ISAs should be determined by
the auditor having regard to the requirements of ISAs, relevant professional bodies, legislation,
regulation and, where appropriate, the terms of the audit engagement and reporting
requirements.

An audit in accordance is designed to provide reasonable assurance that the fnancial statements
taken as a whole are free from material misstatement. Reasonable assurance relates to the
fairness of the fnancial statements.

Limitations of the Audit

There are certain inherent limitations in an audit that afect the auditor’s ability to detect
material misstatements. These limitations result from such factors as the use of testing, the
inherent limitations of any accounting and internal control system and the fact that most audit
evidence is persuasive rather than conclusive. Furthermore, the work performed by an auditor to
form an opinion is permeated by judgment. Judgment is required to determine the nature and
extent of audit evidence and the drawing of conclusions based on the audit evidence gathered.
Because of these factors, an audit is no guarantee that the fnancial statements are free of
material misstatement.

Business Risk and Audit Risk

Companies face a variety of business risks. Management is responsible for identifying such risks
and responding to them. The auditor is concerned primarily with risks that may afect the
fnancial statements. The risk that causes the greatest concern by the auditor is the risk that the
auditor gives a clean audit opinion when the fnancial statements are materially misstated
(known as audit risk). The newest revision of ISA 20000 states, “The auditor should plan and
perform the audit to reduce audit risk to an acceptably low level that is consistent with the
objective of an audit.” The components of audit risk are inherent risk, control risk, and
detection risk.

Risk in Financial Statements, Transactions, Account Balances and Disclosures

In order to design audit procedures to determine whether fnancial statements are materially
misstated, the auditor considers the risk at two levels. One level of risk is that the overall
3
fnancial statements may be misstated. The second risk is misstatement in relation to classes of
transactions, account balances, and disclosures.

The risk of material misstatement at the overall fnancial statement level often relate to the
entity’s control environment (although these risks may also relate to other factors, such as
declining economic conditions). This overall risk may be especially relevant to the auditor’s
consideration of fraud. The auditor also considers the risk of material misstatement at the class
of transactions, account balance, and disclosure level. These considerations directly assist in
determining the nature, timing, and extent of further audit procedures.

While the auditor is responsible for forming and expressing an opinion on the fnancial
statements, the responsibility for preparing and presenting the fnancial statements is that of the
management of the entity. However, the audit of the fnancial statements does not relieve
management of its responsibilities.

Assurance Services: An overview

Assurance services are a type of professional service provided by independent practitioners,

such as accountants or auditors, to help organizations improve the reliability of their information
and decision-making processes. These services are designed to enhance the quality and
credibility of information by providing objective assessments and verifcations of the
information's accuracy, completeness, and relevance.

Types of Assurance Services

Assurance services encompass a wide range of services, each tailored to address specifc
information needs and concerns. Some of the primary types of assurance services include:

 Audits: Audits are independent examinations of fnancial statements or other information to

determine whether they are free from material misstatement. Auditors provide assurance to
stakeholders that the information is reliable and can be used to make informed decisions.

 Reviews: Reviews involve a less in-depth examination of fnancial statements or other

information compared to audits. Reviewers provide limited assurance that the information is
fairly presented in all material respects.

 Agreed – upon procedures: Agreed-upon procedures are tailored engagements in which

the auditor performs specifc procedures agreed upon with the client to address specifc
concerns about the information. The auditor reports on the fndings of the agreed-upon
procedures but does not express an opinion or assurance.

 Other attestation engagements: Other attestation engagements cover a broad spectrum

of services that provide assurance on various types of information, such as compliance with
laws and regulations, performance of contractual obligations, and the efectiveness of internal
controls.

Benefts of Assurance Services

Assurance services ofer several benefts to organizations, including:

4
 Improved decision – making: Reliable information is crucial for making sound decisions.
Assurance services help organizations identify and address potential issues in their
information, leading to more informed and efective decision-making.

 Enhanced credibility: Assurance reports from independent professionals strengthen the

credibility of an organization's information, fostering trust among stakeholders, including
investors, creditors, and regulators.

 Reduced risk of fraud and error: Assurance services help organizations detect and
prevent fraud and errors, protecting their fnancial and reputational interests.

 Strengthened internal controls: Assurance engagements can identify weaknesses in

internal controls, allowing organizations to take corrective actions and improve their risk
management practices.

Role of Assurance Services in Modern Business

In today's dynamic and interconnected business environment, assurance services play a critical
role in promoting transparency, accountability, and sound governance. By providing independent
assessments and verifcations, assurance services help organizations maintain the integrity of
their information and decision – making processes, fostering trust and confdence among
stakeholders.

Assurance services are essential for organizations seeking to achieve their business objectives
and maintain a strong reputation in the marketplace. By investing in these services,
organizations can gain valuable insights, enhance their risk management practices, and
ultimately contribute to long-term success.

Attestation services

Attestation services are a type of assurance service provided by independent professionals, such
as accountants, auditors, or other qualifed professionals, to express an opinion on the reliability
of an assertion made by another party. Attestation services are designed to enhance the
credibility and usefulness of information for decision-makers.

Types of Attestation Services

There are three main types of attestation services:

1. Examinations: Examinations are the most rigorous type of attestation service and provide
the highest level of assurance. An auditor conducts an examination by applying professional
skepticism and performing procedures to obtain sufcient appropriate audit evidence to form
an opinion on whether the assertion is fairly presented, in all material respects, in accordance
with the applicable fnancial reporting framework.

2. Reviews: Reviews are less rigorous than examinations and provide a moderate level of
assurance. An auditor conducts a review by performing limited procedures to obtain limited
assurance that the information is fairly presented, in all material respects, in accordance with
the applicable fnancial reporting framework.

3. Agreed – upon procedures: Agreed-upon procedures audits are tailored to meet specifc
engagement objectives agreed upon with the client. The auditor performs specifc procedures
5
 agreed upon with the client and reports on whether those procedures were performed and
the results obtained.

Attestation Services vs. Audits

Attestation services are similar to audits in that they both provide assurance on the reliability of
information. However, there are some key diferences between the two types of services:

 Scope of the examination: Attestation services can be performed on a wider range of

subject matter than audits, which are typically limited to fnancial statements.

 Level of assurance: Attestation services can provide varying levels of assurance, while
audits always provide a high level of assurance.

 Nature of the procedures: Attestation services can involve a broader range of procedures
than audits, which are typically focused on fnancial statement assertions.

Examples of Attestation Services

Here are some examples of attestation services:

 Financial statement audits: Auditors provide an opinion on whether a company's fnancial

statements are fairly presented in accordance with International fnancial reporting
standards(IFRS).

 Internal control audits: Auditors assess the efectiveness of an organization's internal

control systems over fnancial reporting.

 Compliance audits: Auditors assess whether an organization is in compliance with

applicable laws and regulations.

 Performance audits: Auditors evaluate the efciency and efectiveness of an organization's

operations.

 Information technology audits: Auditors assess the security and reliability of an

organization's IT systems.

Benefts of Attestation Services

Organizations can beneft from attestation services in a number of ways:

 Increased credibility: Attestation reports from independent professionals strengthen an

organization's credibility and reputation.

 Improved decision-making: Attestation services can help organizations identify and

address potential risks and make more informed decisions.

 Enhanced compliance: Attestation services can help organizations ensure compliance with
laws, regulations, and industry standards.

 Reduced risk of fraud: Attestation services can help organizations detect and prevent
fraud.
6
 Strengthened internal controls: Attestation engagements can identify weaknesses in
internal controls that can then be addressed to improve risk management.

Attestation services play an important role in today's business environment, providing

organizations with valuable insights and protecting their interests. Organizations should consider
investing in attestation services to enhance their credibility, improve their decision-making, and
reduce their risk of fraud and error.

Types of Audits

Audits are typically classifed into three types: audits of fnancial statements, operational
audits, and compliance audits.

■ Audits of Financial Statements

Audits of fnancial statements examine fnancial statements to determine if they give a true and
fair view or fairly present the fnancial statements in conformity with specifed criteria. The
criteria may be International Financial Reporting Standards (IFRS) or generally accepted
accounting principles (GAAP) as in the USA. This course primarily discusses audits of fnancial
statements.

■ Operational Audits

An operational audit is a study of a specifc unit of an organization for the purpose of measuring
its performance. Operational audits review all or part of the organization’s operating procedures
to evaluate efectiveness and efciency of the operation. Efectiveness is a measure of whether
an organization achieves its goals and objectives. Efciency shows how well an organization uses
its resources to achieve its goals. Operational reviews may not be limited to accounting. They
may include the evaluation of organizational structure, marketing, production methods,
computer operations or whatever area the organization feels evaluation is needed.
Recommendations are normally made to management for improving operations.

The operations of the receiving department of a manufacturing company, for example, may be
evaluated in terms of its efectiveness. Performance is also judged in terms of efciency on how
well it uses the resources available to the department. Because the criteria for efectiveness and
efciency are not as clearly established as accepted accounting principles and laws, an
operational audit tends to require more subjective judgment than audits of fnancial statements
or compliance audits.

■ Compliance Audits

A compliance audit is a review of an organization’s procedures to determine whether the

organization is following specifc procedures, rules or regulations set out by some higher
authority. A compliance audit measures the compliance of an entity with established criteria. The
performance of a compliance audit is dependent upon the existence of verifable data and of
recognized criteria or standards, such as established laws and regulations, or an organization’s
policies and procedures. Accounting personnel, for example, may be evaluated to determine if
7
they are following the procedures prescribed by the company controller. Other personnel may be
evaluated to determine if they follow policies and procedures established by management.
Results of compliance audits are generally reported to management within the organizational
unit being audited.

Compliance audits are usually associated with government auditors – for example, the tax
authority, the government internal auditing arm, or audit of a bank by banking regulators. An
example of a compliance audit is an audit of a bank to determine if they comply with capital
reserve requirements. Another example would be an audit of taxpayers to see if they comply
with national tax law, for example, the audit of an income tax return by an auditor of the
government tax agency.

Compliance audits are quite common in not – for – proft organizations funded at least in part by
government. Many government entities and non-proft organizations that receive fnancial
assistance from the federal government must arrange for compliance audits. Such audits are
designed to determine whether the fnancial assistance is spent in accordance with applicable
laws and regulations.

Illustration 1.1 summarizes the three types of audit.

Illustration 1.1.Types of Audit

Audits of fnancial Operational audits Compliance audits

statements
Examine fnancial statements A study of a specifc unit of an A review of an organization’s
determine if they give a true organization for the purpose of procedures and fnancial
and fair view or fairly present measuring its performance. records performed to
the fnancial position, results, determine whether the
and cash fows. organization is following
specifc procedures, rules or
regulations set out by some
higher authority.

Each of these types of audit has a specialist auditor, namely the independent auditor, internal
auditor, and governmental auditor. The independent auditor is mainly concerned with fnancial
statement audits, the internal auditor concentrates on operational audits, and the governmental
auditor is most likely to determine compliance. However, given information technology
developments, the diferent processes are becoming more and more integrated, and as a
consequence the split between these categories may become theoretical.

Types of Auditors

There are two basic types of auditors: independent external auditors and internal
auditors. Governmental auditors take both the functions of internal and external auditor.

■ Internal Auditors

Many large companies and organizations maintain an internal auditing staf. Internal auditors are
employed by individual companies to investigate and appraise the efectiveness of company

8
operations for management. Much of their attention is often given to the appraisal of internal
controls. A large part of their work consists of operational audits; in addition, they may conduct
compliance audits. In many countries internal auditors are heavily involved in fnancial audits. In
these circumstances the external auditor should review the work performed by the internal
auditor. The internal audit department reports directly to the president or board of directors. An
internal auditor must be independent of the department heads and other executives whose work
he reviews. Internal auditors, however, can never be independent in the same sense as the
independent auditors because they are employees of the company they are examining.
Internal auditors have two primary efects on a fnancial statement audit:
1) Their existence and work may afect the nature, timing, and extent of audit procedures.
2) External auditors may use internal auditors to provide direct assistance in performing the
audit.
If this is the case the external auditor must assess internal auditor competence (education,
experience, professional certifcation, etc.) and objectivity (organizational status within the
company).

■ The Independent External Auditor: Training, Licensing and Authority

Independent auditors have primary responsibility to the performance of the audit function on
published fnancial statements of publicly traded companies and non – public companies. Some
countries have several classes of auditors who have diferent functions. Independent auditors are
typically certifed either by a professional organization or a government agency.

Setting Audit Objectives Based on Management Assertions

Conceptually, where does the audit start? It starts with the fnancial statements prepared by the
client and the claims that the client makes about these numbers. These claims by management
are called “assertions”. For example, management claims (asserts) that sales exist, i.e. sales are
not fction created by management. Management claims that the expenses and liabilities are
complete, i.e. they did not leave out any expenses to make net income look better. Management
claims that they have disclosed all that should be disclosed. Inventory is properly valued and it
belongs to the company, not some other company who put it there on consignment. And so on.

The Auditor’s Process

Where it is management’s responsibility to prepare the fnancial statements, it is the auditor’s

job to verify whether the fnancial statements are true and fair. Put diferently, it is the auditor’s
job to validate management’s assertions. In order to do so, the auditor will identify audit
objectives, which can be regarded as the auditor’s counterpart of management assertions. The
auditor will defne audit objectives for existence of sales, completeness of expenses,
presentation and disclosure (based on IFRS) and valuation and rights and obligations of
inventory. The auditor will develop these specifc audit objectives for which they must test for
evidence as proof.

After the identifcation of accounts, classes of transactions and the related management
assertions and audit objectives, the auditor will determine the nature, amount and timing of the
audit procedures to be carried out. In order to do so, he will perform risk analysis for each audit
objective, i.e. he will determine the susceptibility of account balances and transactions to
misstatement.
9
Further, the auditor will have to determine the exactness with which he will perform his audit. It
is reasonable to suppose that the auditor will accept a greater tolerance in the audit of a large,
multinational enterprise than in the audit of a small, local company. This raises the issue of
materiality and of tolerable errors in the audit process. In designing an audit program for a
specifc account, the auditor starts by developing general objectives from the fnancial statement
assertions of management. Then, specifc objectives are developed for each account under audit,
and fnally, audit procedures are designed to accomplish each specifc audit objective.

■ Management Assertions and Audit Objectives

Audit procedures are designed to obtain evidence about the assertions of management that are
embodied in the fnancial statements. Management assertions are implied or expressed
representations by management about classes of transactions (e.g. sales transactions) and
related accounts (e.g. revenue, accounts receivable) in the fnancial statements. When the
auditors have gathered sufcient evidence to support each management assertion, they have
sufcient evidence to support the audit opinion. An example of a management assertion is that
“the company’s fnancial statements are prepared based on international accounting standards”.
This assertion is one of presentation and disclosure. The auditor must obtain sufcient evidence
that this assertion is materially true. He must gather evidence that accounts are classifed
correctly and the proper disclosures have been made based on international standards.

Assertions Categorized

According to ISA 50000, fnancial statement assertions are assertions by management, explicit or
otherwise, that are embodied in the fnancial statements. They can be categorized as follows:

(1) Assertions about classes of transactions and events for the period under
audit

■ Occurrence – transaction and events that have been recorded have occurred and pertain to
the entity. For example, management asserts that a recorded sales transaction was efective
during the year under audit.

■ Completeness – all transactions and events that should have been recorded have been
recorded. For example, management asserts that all expense transactions are recorded, none
were excluded.

■ Accuracy – amounts and other data relating to recorded transactions and events have been
recorded appropriately. For example, management asserts that sales invoices were properly
extended and the total amounts that were thus calculated were input into the system exactly.

■ Cutof – transactions and events have been recorded in the correct accounting period. For
example, management asserts that expenses for the period are recorded in that period and not
in the next accounting period.

■ Classifcation – transactions and events have been recorded in the proper accounts. For
example, management asserts that expenses are not recorded as assets.

10
(2) Assertions about account balances at the period end

■ Existence – assets, liabilities and equity interests exist. For example, management asserts
that inventory in the amount given exists, ready for sale, at the balance sheet date.

■ Rights and obligations – an entity holds or controls the rights to assets, and liabilities are
the obligations of the entity. For example, management asserts that the company has the legal
rights to ownership of the equipment they use and that they have an obligation to pay the notes
that fnance the equipment.

■ Completeness – all assets, liabilities and equity interests that should have been recorded
have been recorded. For example, management asserts that all liabilities are recorded and
included in the fnancial statements, that no liabilities were “of the books”.

■ Valuation and allocation – assets, liabilities, and equity interests are included in the
fnancial statements at appropriate amounts and any resulting valuation or allocation
adjustments are appropriately recorded. For example, management asserts that their accounts
receivable are stated at face value, less an allowance for doubtful accounts.

(3) Assertions about presentation and disclosure

■ Occurrence and rights and obligations – disclosed events, transactions, and other
matters have occurred and pertain to the entity. For example, management asserts that events
that did not occur have not been included in the disclosures.

■ Completeness – all disclosures that should have been included in the fnancial statements
have been included. For example, management asserts that all disclosures that are required by
IFRS are made.

■ Classifcation and understandability – fnancial information is appropriately presented

and described, and disclosures are clearly expressed. For example, management asserts that all
long-term liabilities listed on the balance sheet mature after one operating cycle or one year and
that any special conditions pertaining to the liabilities are clearly disclosed.

■ Accuracy and valuation – fnancial and other information are disclosed fairly and at
appropriate amounts. For example, management asserts that account balances are not
materially misstated.

11
Illustration 1.2 Financial Statement Assertions, Defnitions and Procedures for
Auditing Receivables

Assertion Defnition Procedures

Existence Assets, liabilities and equity  Confrm customer account
interests exist. balances
 Inspect shipping documents
Rights and obligations An entity holds or controls the  Inquire about factoring of
rights to assets, and liabilities are receivables
the obligations of the entity.  Inspect cash receipts
Occurrence Transaction and events that have  Inspect notes receivable
been recorded have occurred and  Inspect sales invoices
pertain to the entity.
Completeness All transactions, events, assets,  Perform analytical procedures
liabilities and equity interests that  Inspect inter-company sales
should have been recorded have invoices
been recorded.
Valuation and allocation Assets, liabilities, and equity  Reconcile subsidiary ledger to
interests are included in the general ledger
fnancial statements at  Age receivables to test
appropriate amounts and any adequacy of allowance for
resulting valuation or allocation doubtful accounts
adjustments are appropriately
recorded.
Accuracy Amounts and other data relating  Recalculate sales invoices
to recorded transactions and  Reperform sales transactions
events have been recorded
appropriately.
Classifcation Transactions and events have  Inquire about revenue
been recorded in the proper recognition policies
accounts.
Cutof Transactions and events have  Inspect next period bank
been recorded in the correct statements for cash receipts
accounting period.  Inspect credit memos for sales
returns
Presentation and An item is disclosed, classifed,  Review disclosures for
disclosure and described in accordance with compliance with IFRS and
acceptable accounting reporting applicable regulation
framework.  Inspect loan documents for
pledging or discounting of
accounts receivable
Economic Demand for Auditing
To illustrate the need for auditing, consider the decision of a bank ofcer in making a loan to a
business. This decision will be based on such factors as previous fnancial relationships with the
business and the fnancial condition of the business as refected by its fnancial statements. If the
bank makes the loan, it will charge a rate of interest determined primarily by three factors:
1. Risk – free interest rate. This is approximately the rate the bank could earn by investing
in government treasury notes for the same length of time as the business loan.

12
2. Business risk for the customer. This risk refects the possibility that the business will
not be able to repay its loan because of economic or business conditions, such as a recession,
poor management decisions, or unexpected competition in the industry.
3. Information risk. Information risk refects the possibility that the information upon which
the business risk decision was made was inaccurate. A likely cause of the information risk is
the possibility of inaccurate fnancial statements.
Auditing has no efect on either the risk-free interest rate or business risk, but it can have a
signifcant efect on information risk. If the bank ofcer is satisfed that there is minimal
information risk because a borrower’s fnancial statements are audited, the bank’s risk is
substantially reduced and the overall interest rate to the borrower can be reduced. The reduction
of information risk can have a signifcant efect on the borrower’s ability to obtain capital at a
reasonable cost. For example, assume a large company has total interest-bearing debt of
approximately $100 billion. If the interest rate on that debt is reduced by only 1 percent, the
annual savings in interest is $10000 million.

As society becomes more complex, decision makers are more likely to receive unreliable
information. There are several reasons for this: remoteness of information, biases and motives of
the provider, voluminous data, and the existence of complex exchange transactions.
Remoteness of Information In a global economy, it is nearly impossible for a decision
maker to have much frsthand knowledge about the organization with which they do business.
Information provided by others must be relied upon. When information is obtained from others,
the likelihood of it being intentionally or unintentionally misstated increases.
Biases and Motives of the Provider
If information is provided by someone whose goals are inconsistent with those of the decision
maker, the information may be biased in favor of the provider. The reason can be honest
optimism about future events or an intentional emphasis designed to infuence users. In either
case, the result is a misstatement of information. For example, when a borrower provides
fnancial statements to a lender, there is considerable likelihood that the borrower will bias the
statements to increase the chance of obtaining a loan. The misstatement could be incorrect
dollar amounts or inadequate or incomplete disclosures of information.
Voluminous Data
As organizations become larger, so does the volume of their exchange transactions. This
increases the likelihood that improperly recorded information is included in the records – perhaps
buried in a large amount of other information. For example, if a large government agency
overpays a vendor’s invoice by $2,000000, it is unlikely to be uncovered unless the agency has
instituted reasonably complex procedures to fnd this type of misstatement. If many minor
misstatements remain undiscovered, the combined total can be signifcant.

Complex Exchange Transactions

In the past few decades, exchange transactions between organizations have become
increasingly complex and therefore more difcult to record properly. For example, the correct
accounting treatment of the acquisition of one entity by another poses relatively difcult
accounting problems. Other examples include properly combining and disclosing the results of
operations of subsidiaries in diferent industries and properly disclosing derivative fnancial
instruments.

After comparing costs and benefts, business managers and fnancial statement users may
conclude that the best way to deal with information risk is simply to have it remain reasonably

13
high. A small company may fnd it less expensive to pay higher interest costs than to increase
the costs of reducing information risk.
For larger businesses, it is usually practical to incur costs to reduce information risk. There are
three main ways to do so.

User Verifes Information

The user may go to the business premises to examine records and obtain information about the
reliability of the statements. Normally, this is impractical because of cost. In addition, it is
economically inefcient for all users to verify the information individually. Nevertheless, some
users perform their own verifcation. For example, the IRS does considerable verifcation of
business and individual tax returns to determine whether the tax returns fled refect the actual
tax due the federal government. Similarly, if a business intends to purchase another business, it
is common for the purchaser to use a special audit team to independently verify and evaluate
key information of the prospective business.

User Shares Information Risk with Management

There is considerable legal precedent indicating that management is responsible for providing
reliable information to users. If users rely on inaccurate fnancial statements and as a result incur
a fnancial loss, they may have a basis for a lawsuit against management. A difculty with
sharing information risk with management is that users may not be able to collect on losses. If a
company is unable to repay a loan because of bankruptcy, it is unlikely that management will
have sufcient funds to repay users.

Audited Financial Statements Are Provided

The most common way for users to obtain reliable information is to have an independent audit.
Typically, management of a private company or the audit committee for a public company
engages the auditor to provide assurances to users that the fnancial statements are reliable.
External users such as stockholders and lenders who rely on those fnancial statements to make
business decisions look to the auditor’s report as an indication of the statements’ reliability.
Decision makers can then use the audited information on the assumption that it is reasonably
complete, accurate, and unbiased. They value the auditor’s assurance because of the auditor’s
independence from the client and knowledge of fnancial statement reporting matters. Figure 1 –
1 illustrates the relationships among the auditor, client, and fnancial statement users.

Auditor
Auditor issues report
Client or audit relied upon by users
committee hires to reduce
auditor information risk

Provides capital
External Users

Client Client provides fnancial

statements to users

14
Figure 1 – 1 Relationships among the Auditor, Client, and Financial Statement
Users

15