AUDIT RISK

Question 1

Audit Risk

Answer 1

Audit Risk is the risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial statements that are materially misstated.

Audit Risk is also defined as a function of the risk that the financial statements
prepared by management are materially misstated and the risk that the auditor will not detect such material misstatement

Question 2

Responsibility to Detect Fraud or Errors

Answer 2

AU-C 240.05 An auditor conducting an audit in
accordance with GAAS is responsible for obtaining reasonable assurance that the financial statements as a whole are free from material misstatement, whether caused by fraud or error.

Note that the responsibility extends to both errors
and fraud. While it is true that an auditor is not an insurer and an audit does not constitute a guarantee, the auditor should exercise due care in planning, performing, and evaluating of the results of audit procedures, and the proper degree of professional skepticism to achieve such reasonable assurance

This responsibility remains despite concealment through employee collusion or management override of the internal control structure (although detection under such conditions is much more difficult and less likely).

The auditor should always be alert to the possible existence of material error or fraud.

Question 3

Audit Risk

Answer 3

determine a materiality level for the financial statements as a whole for the purpose of:

• a. determining the extent and nature of risk assessment procedures.
• b. identifying and assessing the risks of material misstatement.
• c. determining the nature, timing, and extent of further audit procedures.
• d. evaluating whether the financial statements as a whole are presented fairly, in all material respects, in conformitywith the applicable reporting framework.

Question 4

Risk

Answer 4

Risk may be assessed in:

quantitative (percentages)

or

non-quantitative terms (high, medium, low).

Question 5

Audit Risk

Answer 5

Control Risk, Detection Risk and Inherent Risk may each be assessed in non-quantitative terms.

These risks are the components of Audit Risk that may be assessed in both quantitative terms such as percentages or in non-quantitative terms that rely on the experience, observation, and judgment of the auditor.

Question 6

Audit Risk Model

Answer 6

• Audit risk model is used by the auditors to manage the overall risk of an audit engagement.
• Auditors proceed by examining the inherent and control risks pertaining to an audit engagement while gaining an understanding of the entity and its environment.
• Detection risk forms the residual risk after taking into consideration the inherent and control risks pertaining to the audit engagement and the overall audit risk that the auditor is willing to accept.
• Where the auditor’s assessment of inherent and control risk is high, the detection risk is set at a lower level to keep the audit risk at an acceptable level. Lower detection risk may be achieved by increasing the sample size for audit testing. Conversely, where the auditor believes the inherent and control risks of an engagement to be low, detection risk is allowed to be set at a relatively higher level.

Question 7

Audit Risk Model

Answer 7

AR= IR * CR * DR

As inherent risk and control risk increases detection risk will decrease

A high risk of material misstatement requires lower Detection Risk so that overall Audit Risk is acceptable

• Where the auditor’s assessment of inherent and control risk is high, the detection risk is set at a lower level to keep the audit risk at an acceptable level.
• Lower detection risk may be achieved by increasing the sample size for audit testing.
• Detection risk forms the residual risk after taking into consideration the inherent and control risks pertaining to the audit engagement and the overall audit risk that the auditor is willing to accept.

Question 8

Inherent Risk

Answer 8

Inherent Risk is the susceptibility of a financial statement assertion to a misstatement that could be material, either individually or when aggregated with other misstatements, assuming that there are no related controls.

Inherent Risk is not directly related to Control or Detection Risk and is uncontrolled by the auditor.

Question 9

Control Risk

Answer 9

Control Risk is the risk that a misstatement that could occur in a relevant assertion and that could be material, either individually or when aggregated with other misstatements, will not be prevented or detected on a timely basis by the entity’s internal control.

A lack of segregation of duties would present a Control Risk, as would poor physical access controls to blank check stock.

Question 10

Inherent Risk and Control Risk

Answer 10

Inherent Risk and Control Risk are the entity’s risks, that is, they exist independently of the audit of the financial statements.

The Standards describe the risk of material misstatement as the auditor’s combined assessment of Inherent Risk and Control Risk

The auditor may make separate assessments of Inherent Risk and Control Risk.

Question 11

Detection Risk

Answer 11

Detection Risk is the risk that the auditor will not detect a misstatement that exists in a relevant assertion that could be material, either individually or when aggregated with other misstatements.

Detection Risk is a function of the effectiveness of an audit procedure and its application by the auditor.

Question 12

Detection Risk

Answer 12

Only Detection Risk (unlike Inherent Risk and
Control Risk) can be changed at the discretion of the auditor to compensate for the assessed levels of the other two.

If the assessed level of Control Risk is increased, the auditor must decrease the acceptable level of Detection Risk.

This means the auditor would have to perform more substantive testing to offset the decreased reliability of internal control.

Question 13

Detection Risk

Answer 13

Detection Risk relates to the substantive audit procedures and is managed by the auditor’s response to risk of material misstatement.

The risk of material misstatement and Detection Risk are inversely related;

The greater the risk of material misstatement, the less the Detection Risk that can be accepted by the auditor.

The higher the risk of material misstatement, the lower the Detection Risk must be, and the more
substantive procedures the auditor must perform in order to lower the overall Audit Risk

Question 14

Misstatements

Answer 14

Misstatements may be of two types:

Known and Likely

• Known misstatements consist of the amount of misstatements specifically identified.
• Likely misstatements represent the auditor’s best estimate of the total misstatements in the account balances or classes of transactions that the auditor has examined.

Question 15

Fraud

Answer 15

When the auditor encounters evidence of potential fraud, regardless of its materiality, the auditor should consider the implications for the integrity of management or employees and the possible effect on other aspects of the audit.

When fraud is detected, the auditor should be concerned about the integrity of management or employees and the possible effect on the other aspects of the audit.

Materiality limits do not apply when obtaining written client representations regarding instances of fraud involving management.

Question 16

Detection Risk

Answer 16

Detection Risk is the risk that the auditors fail to detect a material misstatement in the financial statements.

Misapplication or omission of critical audit procedures may result in a material misstatement remaining undetected by the auditor.

Some detection risk is always present due to the inherent limitations of the audit such as the use of sampling for the selection of transactions.

Detection risk can be reduced by auditors by increasing the number of sampled transactions for detailed testing.

Question 17

Risk Discussion with Audit Team

Answer 17

• Key members of the audit team, including the auditor with final responsibility for the audit, should discuss the susceptibility of the entity’s financial statements to material misstatements. and fraud.
• This discussion should be documented in the workpapers
• The auditor may determine that a specialist should be included in the discussion.

Question 18

Responsibilty for Fraud

Answer 18

The primary responsibility for the prevention and detection of fraud is given primarily to those charged with governance and management.

Management, with the oversight of those charged with governance, must place an emphasis on fraud prevention.

The internal auditor’s responsibility comes into play for the detection of fraud, not its prevention.

Question 19

Discussion Documentation

Answer 19

The following information s/b documented in w/p

• susceptibility of the entity’s financial statements to material misstatement due to error or fraud
• how and when the discussion occurred
• the subject matter discussed
• the audit team members who participated
• significant decisions reached concerning planned responses at the financial statement
• relevant assertion levels.

Question 20

Professional Skepticism

Answer 20

• The attitude of professional skepticism recognizes the risk of material misstatement in the financial statements.
• Professional skepticism does not assume that management is dishonest.
• An audit should be planned and performed with an attitude that can question management’s integrity, based on the evidence obtained.
• To determine whether or not the financial statements are materially misstated, all evidence obtained must be objectively evaluated.

Question 21

AUDIT RISK ( AR)

Answer 21

• Inherent Risk x Control Risk x Detection Risk
• Risk that material mistakes, errors, omissions, or fraud will result in an inaccurate audit report
• Based on Auditor Judgment
• Measured both Qualitative and Quantitatively

Question 22

Control Risk (CR)

Answer 22

Will Internal Control detect error or fraud?
Auditor cannot control CR

Question 23

Inherent Risk (IR)

Answer 23

Which transactions have a higher level of risk?
Auditor cannot control IR

Question 24

Detection Risk (DR)

Answer 24

Will the auditor fail to detect a material misstatement?

• Auditor CAN control DR
• Do more testing at year-end
• Increase substantive testing
• Less Acceptable DR = Run More Substantive Tests
• More Acceptable DR = Run Less Substantive Tests
• More Substantive Tests = Less Audit Risk

Detection Risk decreases

(Increasing AR = IR x CR x Increasing DR)

• Less Substantive Tests = More Audit Risk
• Detection Risk increases

Increasing AR = IR x CR x Increasing DR

Question 25

Quantitative Measurements

Answer 25

Inherent, Control, and Detection Risk can all be measured in terms of percentages

Question 26

Non-Quantitative Measurements

Answer 26

Inherent, Control, and Detection Risk can all be measured in terms of acceptable ranges

Question 27

Control Risk

Answer 27

Control Risk is the risk of a material misstatement in the financial statements arising due to absence or failure in the operation of relevant controls of the entity. Control risk is considered to be **_high_** where the audit entity does not have adequate internal controls to prevent and detect instances of fraud and error in the financial statements. Assessment of control risk may be higher for example in case of a small sized entity in which segregation of duties is not well defined and the financial statements are prepared by individuals who do not have the necessary technical knowledge of accounting and finance.

Question 28

Incorrect Acceptance

Answer 28

The risk of **_incorrect acceptance_** is the risk of accepting a population as being materially correct when in fact it is materially misstated