Lecture 0724

INHERENT RISK ASSESSMENT

Risk of Material Misstatement
• Risk of material misstatement exists at the financial statement level
(pervasive)
• It exists at the assertion level for particular class of transactions,
account balances and disclosures
• Therefore, it is critical to understand the assertions before continuing
with inherent risk assessment
• Because inherent risks result in material misstatements
Assertions
• Management makes certain assertions about classes of transactions,
account balances and disclosures in the financial statements.
• Transactions include sales, purchases, and wages paid in the financial
year.
• Account balances include assets, liabilities and equity interests in the
balance sheet.
• Obviously there is a link between the two because if the auditor
performs tests to confirm the occurrence of sales this will also
provide some assurance about the existence of receivables.
Assertions about classes of Transactions
1. Occurrence
2. Completeness In a nutshell, all transactions
reported have occurred, all
3. Accuracy were recorded at the right
4. Cut–off amount in the right period
under the right account and
5. Classification properly disclosed.

6. Presentation
Transaction Assertions
• Occurrence – recorded transactions occurred and relate to the entity.
• E.g. that a recorded sale represents goods which were ordered by
valid customers and were dispatched and invoiced in the period. (i.e.
Sales are genuine and are not overstated.)
• Relevant test – select a sample of entries from the sales account in
the general ledger and trace to the appropriate purchase order,
delivery docket and invoice.
Completeness
• Completeness – all transactions that occurred have been recorded (i.e. no
omissions).
• Relevant test – select a sample of purchase orders, check corresponding
delivery dockets, resulting invoices and postings to sales account GL.
• Note the difference in the direction of the above test.
• In order to test completeness, the procedure should start from the
underlying documents and check to the entries in the relevant ledger to
ensure none have been missed. To test for occurrence the procedures will
go the other way and start with the entry in the ledger and check back to
the supporting documentation to ensure the transaction actually
happened.
Accuracy
• Accuracy – transactions were recorded at the correct amount.
• Relevant test – reperformance of calculations on invoices, payroll,
etc, and the review of control account reconciliations are designed to
provide assurance about accuracy.
Cut-Off
• Cut–off – that transactions are recorded in the correct accounting
period.
• Relevant test – recording last goods received notes and delivery
dockets at the inventory count and tracing to purchases and sales
invoices to ensure that goods received before the year end are
recorded in purchases at the year end and that goods dispatched are
recorded in sales.
Classification
• Classification – that transactions are recorded in the appropriate
accounts – for example, the purchase of a new building has not been
posted to Property, Plant & Equipment.
• Relevant test – check purchase or customer invoices postings to
general ledger accounts.
Presentation
• Presentation – disclosures of transactions are relevant and easy to
understand. Transactions are appropriately aggregated or
disaggregated.
• Relevant test – confirm that the total employee benefits expense is
analysed in the notes to the financial statements under separate
headings– i.e. wages and salaries, leave fares, superannuation
contributions, etc.
Assertions about account balances
1. Existence
2. Rights and obligations In a nutshell, assets and
liabilities exist, the entity has
3. Completeness rights over assets and
obligations over liabilities, they
4. Accuracy, valuation and allocation are all recorded at the right
amounts in the right accounts
5. Classification and properly disclosed.

6. Presentation
Account Balance Assertions
• Existence – assets and liabilities exist and there has been no
overstatement – for example, by the inclusion of fictitious receivables
or inventory. This assertion is closely related to occurrence assertion
for transactions.
• Relevant tests – physical verification of non–current assets,
confirmation of receivables, payables and bank confirmation.
Rights & Obligations
• Rights and obligations – entity has rights over the assets and
obligation to repay a liability.
• Relevant tests – in the case of property, deeds of title can be
reviewed.
• Long term liabilities such as loans can be agreed to the relevant loan
agreement.
Completeness
• Completeness – assets and liabilities that should be recorded have
been recorded (i.e. no omissions). In other words, there has been no
understatement of assets or liabilities.
• Relevant tests – A review of expenditure account can sometimes
identify items that should have been capitalised as fixed assets.
• Reconciliation of payables ledger balances to suppliers’ statements.
Accuracy, Valuation & Allocation
• Accuracy, valuation and allocation – amounts at which assets,
liabilities and equity interests are valued, recorded and disclosed are
all appropriate.
• (or simply see if they are recorded at the right amount)
• Relevant tests – Vouching the cost of assets to purchase invoices and
checking depreciation rates and calculations.
Classification
• Classification – means that assets, liabilities and equity interests are
recorded in the proper accounts.
• Relevant tests – the test for transactions of checking purchase invoice
postings to the appropriate accounts in the general ledger will be
relevant again.
Presentation
• Presentation – disclosures of assets and liabilities are relevant and
easy to understand. Aggregation and disaggregation also apply to
assets, liabilities and equity interests.
• Relevant tests – auditors often use disclosure checklists to ensure
that financial statement presentation complies with accounting
standards and relevant legislation.
INHERENT RISK ASSESSMENT (Overview)

• Inherent risks have been identified and recorded

• Each business and fraud risk is documented
• Now, assess or evaluate them and determine their severity (ranking)
• It involves looking at the chance of it happening without the controls
• And if it does occur then what is its potential effect (monetary
amount)
• It is compared to performance materiality to determine if there is a
material misstatement
Examples
a) E.g. Chance of the cashier pocketing K 10 everyday is high (Rated 4).
Effect of it is low (1).
CHANCE 1 2 3 4 5
LOW RISK
EFFECT 1 2 3 4 5

b) The chance of shops being looted and burn was low (Rated 1). If it
happens, its effect is very high (Rated 5). Before the incident.
CHANCE 1 2 3 4 5 SIGNIFICANT
EFFECT 1 2 3 4 5 RISK
Example
• After the looting in Port Moresby & other centers
• The chance of it happening is high given the issues with the Police
Force and general law and order situation in the country (Rated 4).
• And its effect is very high (Rated 5)

CHANCE 1 2 3 4 5 VERY HIGH

EFFECT 1 2 3 4 5 RISK
Example
• E.g. Security at the warehouse is poor resulting in staff stealing stocks
hence errors in inventory balance.
• The stocks are high value items

• Since its happening, the chance is very high (Rated 5)

• The effect is high given high value items (Rated 4)

CHANCE 1 2 3 4 5
VERY HIGH RISK
EFFECT 1 2 3 4 5
Risk Assessment Matrix
Effect
1 2 3 4 5
5 Medium Significant High Very High Very High
4 Low Medium Significant High Very High
Chance

3 Low Medium Significant High High

2 Low Medium Medium Significant High
1 Low Low Medium Significant Significant

RANK LOW MEDIUM SIGNIFICANT HIGH VERY HIGH

COLOUR
Significant to Very High Risks
• Risks that are ranked significant to very high require management
action to mitigate.
• And they have the potential to cause material misstatements
• Therefore, they require special audit consideration
Example
• E.g. You identify a significant risk for the allowance made for doubtful
debts because it's complex and subjective (estimate).
• It affects valuation assertion. The inherent risk for the valuation
assertion is very high.
• Therefore, special audit consideration will be give. More detailed
testing is done.
Risk Assessment Performed by the Entity
• SME’s may not have a risk management function therefore no risk
management process in place
• But most of the big entities have their risk management function
• They identify, assess and record risks in what is called a risk register
• In such cases, auditors review the controls over risk management
processes
• And if management has failed to identify key risks, auditors consider
whether a significant deficiency exists in the entity’s risk assessment
process.
 Key – P – Pervasive
C – Completeness
Documenting Assessed Risk A – Accuracy
E – Existence
V – Valuation

Period Ended: December 31, 2023

Assertions Inherent Risk Assessment
Risk Event/Source Implication of Risk Factor PCAEV Chance Effect Rank
Salespersons’ Sales could be fictitious, recorded in the
compensation wrong period, overstated, or at terms
Very
based on sales different from the standard terms and EA 4 4
High
commissions conditions in order to achieve bonus
targets
Failure to comply Unauthorized journal entries to defer
with debt expense, bias in management estimates,
covenants is etc. P 2 5 High
covered up to
avoid bank inquiries
Period Ended: December 31, 2023
Assertions Inherent Risk Assessment
Risk Event/Source Implication of Risk Factor PCAEV Chance Effect Rank
Fictitious suppliers inserted Acme pays for expenses at
Signifi
by employees inflated prices or for which no EA 2 4
cant
services/goods were rendered
Related party transactions Revenue and expenses not
not identified. Shareholders recorded at FMV (Fair Market
P 3 5 High
not involved in business Value)
could be disadvantaged
Cash sales for parts and Revenue and assets are
service may go unrecorded understated CAE 4 1 Low
and undeposited
Communicating Significant Risks to Management
and those charged with Governance
• Why are we making this communication the board? Well the board
governs the entity, so they need to be aware of areas with a higher
risk of potential misstatements.
• You can communicate significant risks in one of three ways:
• Engagement letter
• Planning letter to those charged with governance
• Verbally to the board with documentation of that communication in
the audit file--this could be a separate Word document that says who
you talked with, when, and the significant risk areas communicated.