1 / 27

Assessing Risks and Internal Control

Assessing Risks and Internal Control. Audit Risk Assessment. Auditing is fundamentally a risk management process. CAS 200 Reasonable assurance is Obtained when auditor has This reduces Audit risk is related to information risk Auditors strive to lower audit risk

ddelatte
Download Presentation

Assessing Risks and Internal Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Assessing Risks and Internal Control

  2. Audit Risk Assessment Auditing is fundamentally a risk management process. CAS 200 • Reasonable assurance is • Obtained when auditor has • This reduces • Audit risk is related to information risk • Auditors strive to lower audit risk • Auditors need to assess risk in audit related terms

  3. Definition of Audit Risk The probability that an auditor will fail to express a reservation that financial statements are materially misstated is audit risk. • Audit risk, at best, can be controlled • Audit risk is greater if • Audit risk is inversely proportionate to • Audit risk is dependent on user reliance. • Audit risk is also applied to

  4. The Audit Risk Model AR = IR x CR x DR Audit risk will occur when: • a material misstatement has been made • and internal controls fail to • audit procedures also fail to • Auditors usually like to limit audit risk to less than

  5. Inherent Risk The probability of material misstatement occurring in transactions entering the accounting system or being in the account balances is inherent risk. • Auditors do not create or control inherent risk. • Who does? • Auditors only try • The auditor will consider

  6. Some inherent risk factors: • Non-routine accounts or transactions • Complex transactions • Accounts that require a lot of estimates • The competency of the clients accounting staff • Negative economic conditions • Assets that can be easily lost or stolen • Suspected or actual knowledge of a fraud • The client has multiple locations • Management lacks integrity • Prior year problems. E.g. material misstatement

  7. Control Risk The risk that the client’s internal control system will not prevent or detect a material misstatement is control risk. • Auditors do not create or control, control risk • The auditor’s assessment of internal control is

  8. Control risk assessment provides only an indirect assessment of monetary misstatements in the financial statements. • Control testing is also called compliance testing • In this compliance testing the auditor wants to see if the controls are operational • The auditor can thus assess control risk as a number or qualitatively • If the controls are operational the auditor can rely on them • Control risk should not be assessed so low

  9. Detection Risk The risk that any material misstatement that has not been corrected by the client’s internal control will not be detected by the auditor is detection risk. • Auditors can control this risk by • Substantive procedures include audit of details of transactions and balances, and analytical procedures applied to dollar amounts in the accounts. • As detection risk is decreased

  10. Assume that the auditor made the following risk assessments in examining inventories • Desired audit risk 5% • Inherent risk 50% • Control risk 50% • DR = AR / (IR x CR) = 0.05/(0.5 x 0.5) = 0.2 • The auditor may decide that the inherent risk cannot be quantified and use a conservative approach IR = The auditor may decide that the system of internal control will not be tested. CR =

  11. How Materiality and Audit Risk are Related Materiality refers to the magnitude of a misstatement; audit risk refers to the level of assurance that material misstatement does not exist. • The auditor will make these assessments independently. • Both deal with sufficiency of evidence and extent of audit evidence that will be collected.

  12. Effects of IT and E-Commerce on Business Risk Analyzing the effects of IT and e-commerce is also an important component of business risk analysis. • More involvement in e-commerce and more complex information systems • The auditor needs to understand how e-commerce and IT integrate into the business processes.

  13. Accounting Processes and the Financial Statements There are two important points to remember about client financial statements: • Management is responsible for preparing them • The financial statement numbers are produced by the company's accounting system and are summarized

  14. Management’s Financial Statements To simplify the audit plan, auditors typically group the accounts into several accounting processes (1) revenues and collection (2) acquisition and expenditure (3) production and conversion (4) finance and investment The purpose of using business cycles is to group together related accounts by transactions that normally affect them.

  15. Trial Balance

  16. Business Risk and the Risk of Material Misstatement Risks can be managed in any of four ways. Risk can be: • avoided • reduced to acceptable levels • tolerated • transferred to another party

  17. Internal Control Components Internal control is defined as the process designed, implemented, and maintained by management to provide reasonable assurance about: • the reliability • effectiveness and efficiency • compliance with

  18. Internal Control Components Internal control consists of the following: • the control environment, • the entity’s risk assessment process, • the information system and business processes • control activities, and • the monitoring of controls. Control activities are controls over processes, applications, and transactions.

  19. Control Environment Characterized by management attitudes, structure, effective communication of control objectives and supervision of personnel and activities. Elements of control environment: • operating style and • organizational structure • operation of the board of directors • management monitoring methods • computerized systems

  20. Control Activities Controls are policies and procedures that ensure the achievement of the entity’s goals, including financial reporting goals. • Controls can be categorized as • General controls relevant to the audit • Application controls include checks on

  21. Monitoring of Controls Management’s monitoring of controls includes considering whether they are operating as intended. • Monitoring may include • Controls are modified as required to accommodate changes in business conditions.

  22. How Internal Control Relates to the Risk of Material Misstatement To assess the risk of material misstatement at the financial statement level, the auditor needs a detailed knowledge of internal control components relevant to financial reporting.

  23. Problem 6-1, Page 237 Audit Risk Model Audit risks for particular accounts and disclosures can be conceptualized in this model: AR = IR x CR x DR Required: Use this model as a framework for considering the following situations and deciding whether the auditor’s conclusion is appropriate: • Olsen, PA, has participated in the audit of Limberg Cheese Company for five years, first as an assistant accountant and the last two years as the senior accountant. He has never seen an accounting adjustment recommended. He believes the inherent risk must be zero. • Jones, PA, has just (November 30) completed an exhaustive study and evaluation of the internal control system of Lang’s Derfer Foods, Inc. (fiscal year ending December 31). She believes the control risk must be zero because no material errors could possibly slip through the many error checking-procedures and review layers by Lang’s. • Fields, PA, is lazy and does not like audit jobs in Toronto, anyway. On the audit of Hogtown Manufacturing Company, he decided to use detail procedures to audit the year-end balances very thoroughly to the extent that his risk of failing to detect material errors and irregularities should be 0.02 or less. He gave no thought to inherent risk and conducted only very limited review of Hogtown’s internal control system. • Shad, PA, is nearing the end of a “dirty” audit of Allnight Protection Company, Allnight’s accounting personnel all resigned during the year are were replaced by inexperienced people. The controller resigned last month in disgust. The journals and ledgers were a mess because one computer specialist was hospitalized for three months during the year. Shad thought thankfully, “I’ve been able to do this audit in less time than last year when everything was operating smoothly.”

  24. Problem 6-2, Page 237 Planning, Inherent and Control Risk, Manufacturing Business Darter Ltd. Is a medium-sized business involved in manufacturing and assembling consumer electronic products, such as DVD players, radios, and satellite receivers. It is privately owned. Its minority shareholders requested that the annual financial statements be audited for the first time this year. Your firm is engaged to do the current year’s audit. You are now reviewing Darter’s preliminary general ledger trial balance in order to begin preparing the planning memorandum. Consider the following accounts that appear in this trial balance. • Cash • Inventory, finished goods • Inventory, work-in-process • Inventory, unassembled components • Inventory, spare parts • Property, plant, and equipment • Deferred development costs • Goodwill • Accounts payable • Warranty provision • Bank loan, long term • Share capital, common shares • Retained earnings • Revenue • Cost of goods sold • General and administrative expenses

More Related