Chapter-05 Risk
1. Audit Risk-
➢ It is the risk that auditor expresses an inappropriate opinion when the
financial statements are materially misstated.
➢ The main requirements of the auditor to obtain sufficient appropriate
evidence to reduce the audit risk to an acceptably low level.
➢ This means that they give an unmodified audit opinion when the financial
statements are materially misstated.
➢ If the auditor could be sued by the intended users, disciplinary action could
be taken by the relevant professional body and the firm could damage its
reputation.
➢ The auditor will plan and perform the audit in such a way that audit risk is
reduced to an acceptably low level.
➢ It comprises of two parts are risk of material misstatement and detection
risk.
a. Risk of material misstatement-
➢ It is the risk that the financial statements are materially misstated prior to
the audit.
➢ This will be due to fraud or errors occurring during the year when
transactions have been processed or the financial statements have been
prepared.
➢ It comprises of two parts are inherent risk and control risk.
Misstatement- A difference between the reported amount, classification,
presentation or disclosure of a financial statement item and the amount,
classification, presentation or disclosure that is required for the item to be
accordance with the applicable financial reporting framework. It can arise from
error or fraud.
In conducting a thorough assessment of risk, auditors will be able to:
➢ Identify areas of the financial statements where misstatements are likely to
occur early in the audit.
➢ Plan procedures that address the significant risk areas identified.
➢ Carry out an efficient, focussed and effective audit.
➢ Reduce the risk of issuing an inappropriate audit opinion to an acceptable
level.
➢ Minimise the risk of reputational and punitive damage.
1
�Inherent risk- It is the susceptibility of an assertion about a class of transaction,
amount balance or disclosure to misstatement that could be material before
consideration of any related controls. It may be qualitative or quantitative.
Qualitative inherent risk factors include:
➢ Complexity
➢ Subjectivity
➢ Change
➢ Uncertainty
➢ Susceptibility to misstatement due to management bias
Control risk-
➢ The risk that a misstatement could occur and be material, will not be
prevented or detected and corrected on a timely basis by the entity’s
controls.
➢ The client should have controls in place such as authorisation, segregation
of duties, reconciliations, physical controls to prevent and detect
misstatements occurring when transaction are initiated, processed and
recorded.
➢ The control system will either prevent the misstatements from occurring or
will detect misstatements that have occurred and the client can take action
to correct them.
➢ Control risk will increase and be greater risk of misstatements occurring in
the financial statements.
b. Detection risk- The risk that procedures performed by the auditor to reduce
audit risk to an acceptably low level will not detect a misstatement that exists and
could be material. It could be classified into two parts are:
➢ Sampling risk
➢ Non-sampling risk
Sampling risk: The risk that auditor’s conclusion based on a sample is different
from the conclusion that would be reached if the whole population was tested i.e.
the sample was not representative of the population from which it was chosen.
Non-sampling risk: The risk that auditor’s conclusion is inappropriate for any
other reason, e.g. the application of inappropriate procedures or the failure to
recognise a misstatement.
Professional scepticism- An attitude that includes a questioning mind, being alert
to conditions which may indicate possible misstatement due to fraud or error and
a critical assessment of audit evidence. It requires the auditor to be alert to:
2
� ➢ Audit evidence that contradicts other audit evidence
➢ Information that brings into question the reliability of documents and
responses to enquiries to be used as audit evidence
➢ Conditions that may indicate possible fraud
➢ Circumstances that suggest the need for audit procedures in addition to
those required by ISAs
2. Materiality- Misstatement including omission are considered to be material if
they individually or in the aggregate could reasonably be expected to influence
the economic decisions of users taken on the basis of the financial statements.
Significance of materiality-
➢ If the financial statements contain material misstatement, they cannot be
deemed to show a true and fair view.
➢ The focus of an audit is identifying the significant risks of material
misstatement in the financial statements and designing procedures aimed
at identifying and quantifying them.
Determination of materiality- It is a matter of professional judgement. The
auditor must consider:
➢ Whether the misstatement would affect the economic decision of the users
➢ Both the size and nature of misstatements
➢ The information needs of the users as a group
Material by size- ISA 320 recognises the need to establish a financial threshold
to guide audit planning and procedures. The following benchmarks may be used
as a starting point:
➢ ½ - 1% revenue
➢ 5 – 10% profit before tax
➢ 1- 2% total assets
Material by nature- Materiality is not only looked from a financial perspective.
Some items may be material by nature. It included:
➢ Affect compliance with regulatory requirements
➢ Affect compliance with debt covenants
➢ When it is adjusted, it would turn a reported profit into a loss for the year.
➢ When it is adjusted, it would turn a reported net-asset position into a net-
liability position.
➢ Transaction with directors i.e. salary and benefits, personal use of assets,
etc.
3
� ➢ Disclosure in the financial statements relating to legal claims or going
concern issue
Performance materiality- The amount set by the auditor at less than materiality
for the financial statements as a whole to reduce to an appropriately low level the
profitability that the aggregate of uncorrected and undetected misstatement
exceeds materiality for the financial statements as a whole.
➢ The auditor sets performance materiality at a value lower than overall
materiality and uses this lower threshold when designing and performing
audit procedures.
➢ This reduces the risk that auditor will fail to identify misstatements that are
material when added together.
3. Risk assessment procedures- The auditor should perform the following risk
assessment procedures:
➢ Enquiries
➢ Analytical procedures
➢ Observations
➢ Inspection
Understanding the entity, its environment, the applicable financial reporting
framework and its system of internal controls- The auditor is required to obtain
an understanding of:
a. Aspects of the entity and its environment-
➢ Complexity of the entity’s organisational structure- increases the risk of
material misstatement.
➢ Ownership and governance- It includes consideration of the level of
distinction between the owners, management and those charged with the
governance.
➢ Business model with IT- It includes consideration whether the entity has
multiple legacy IT system which are not well integrated and increases the
risk of material misstatement. IT systems are outsourced to a third-party
service provider.
➢ Industry, regulatory and other external factors
➢ The measures used internally and externally which assess the entity’s
financial performance.
b. The applicable financial reporting framework and whether the entity’s
accounting policies are appropriate and consistent with the applicable financial
reporting framework.
4
�c. The components of the entity’s system of internal control and control
deficiencies.
Analytical procedures- Evaluations of financial information through analysis of
plausible relationships among both financial and non-financial data and
investigation of identified fluctuations, inconsistent relationships or amounts that
differ from expected values by a significant amount.
The auditor is required to perform analytical procedures as risk assessment
procedures in accordance with ISA 315 in order to:
➢ Help identify inconsistencies, unusual transactions or events and amounts,
ratios and trends that might have audit implications.
➢ Help identify risks of material misstatement due to fraud.
➢ Identify and assess aspects of the entity which the auditor was unaware.
It includes comparisons of the entity’s financial information:
➢ Comparable information for prior periods
➢ Anticipated result of the entity such as budgets or forecasts, expectations
of the auditor such as an estimation of depreciation
➢ Similar industry information such as a comparison of the entity’s ratio of
sales to accounts receivables with the industry averages or with other
entities of comparable size in the same industry.
When performing analytical procedures, the auditor will also consider
relationships:
➢ Related figures such as revenue and receivables, purchases and payables
➢ Financial and non-financial information such as payroll costs and number
of employees.
