Audit Risk

1. Audit Risk The risk that an auditor will give an inappropriate audit opinion when the financial statements are materially misstated

2. Audit risk • If the auditor seeks 90% confidence in their opinion, then the audit risk is 10% • Auditor rarely reaches 100% confidence level and therefore determining an acceptable level of audit risk is important • In setting desired audit risk the auditor seeks an appropriate balance between the costs associated with an incorrect audit opinion and the costs of performing additional audit procedures to reduce audit risk to an acceptable level

3. Audit risk • Audit risk has 3 components • Inherent risk • Control risk • Detection risk

4. Inherent risk • Inherent risk is the possibility that material misstatements are contained in the financial statements • In estimating inherent risk the focus is on: • The nature of transactions & resultant balances eg cash is more susceptable to misappropriation than are plant assets • The clients operating environment eg foreign exchange dealings

5. Inherent risk • The nature of transactions & resultant balances • Factors contributing to inherent risk: • Accounts and transactions that are difficult to audit e.g. insufficient evidence • Complex accounting issues – difficulty in recording • Transactions that require estimate & judgment i.e. doubtful debts • Assets that are susceptible to theft, loss or misappropriation e.g. stock, accounts receivable • Sensitivity to valuation to economic activity i.e. revaluation of assets • Unusual transactions • Past fraud or error in subsystem

6. Inherent risk • The clients operating environment • Matters to be considered • Management integrity • Management turnover and experience • Profitability of the client relative to the industry • Current economic environment of the clients industry • Going concern problem, such as lack of working capital and interest commitments • Nature of clients operations

7. Control risk • Possibility that misstatements, such as material error and fraud will not be prevented or corrected by the client’s internal control system • Control risk can never be zero because internal controls cannot provide complete assurance that all material misstatements will be prevented or detected • Linked to quality of clients control system: • Segregation of duties • Reconciliation procedures • Existence of internal audit • Quality of supervision • Authorisation of transactions • Physical custody of assets • Where estimated CR is relatively high, more substantive test of transactions and balances will be carried out and compliance testing will cease

8. Detection risk • Possibility that auditing test procedures will fail to detect material error or fraud in the financial statements • Relates to the substantiative test of transactions and balances and analytical review – the risk that the auditors substantive testing will not detect any misstatements that are not prevented or detected by the internal control structure • Determined directly by auditor. Unlike control risk and inherent risk the auditor can control the actual level of detection risk by varying the nature, timing and extent of substantive proceedures to be performed on managements assertions

9. Detection risk • DR can be reduced by: • Conducting more substantiative testing of transactions and balances • Raising materiality levels for various subsystems – lowering dollar value of what is investigated during tests of transactions and balances, so that smaller errors and omissions are seen as material by the auditor

10. Audit risk • There will always be an element of audit risk due to: • Human error and judgment • Collusion & fraud • Scarce resources • AR = IR * CR * DR • E.g. Auditor is fine tuning audit plan for sales and accounts receivable subsystem • IR = 80% (relatively high risk that material fraud or error occur in this subsystem) • CR = 50% ( 50% chance that the clients internal controls will not prevent material fraud or error) • DR = 13% (auditor is willing to accept a 13% chance that the audit tests will not detect material fraud or error in the subsystem) • The model looks like this: • AR = IR * CR * DR • AR = .8*.5*.13 • AR = .05 • Overall audit risk is 5%

11. Audit risk • The auditor generall specifies the desired level of overall audit risk to be achieved and their assessed levels of Inherent and control risk and then solves for detection risk using the following variation of the model • DR = AR/(IR*CR)

12. Audit Risk • If IR or CR were higher and the auditor wants to achieve an audit risk of 5% then the DR would need to be reduced • DR = AR/ (CR*IR) • DR = .5/ (.6 *.9) = .09

13. Risk of insolvency • Auditors must assess the risk that the client will not be able to continue as a going concern • AUS 708 – Going Concern lists a number of indicators of going concern: • Operating Indicators • Lack of management planning • Lack of management skill • Lack of key management • Loss of significant market, license or franchise • Problems in management information systems • Financial indicators • Recent history of net losses • High reliance on borrowed funds • Deferred liabilities approaching maturity • Unfavorable financial ratios such as working capital, gross profit ratio, interest coverage, stock & debtor turnover • Lack of operating cash flows • Inability to pay creditors • Other indicators • Non compliance with Corporations Law requirements • Technological change • Failure of similar entities in the industry