Pratice of assessment of audit risk and metriality in financial audits conducted by deloitte vietnam company limited
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (427.18 KB, 75 trang )
TABLE OF CONTENTS
TABLE OF CONTENTS....................................................................1
LIST OF TABLES AND FIGURES..................................................2
ABBREVIATIONS LIST...................................................................2
FOREWORD.......................................................................................2
PART 1.
THEORITICAL
FRAMEWORK
ON
ASSESSMENT OF AUDIT RISK AND MATERIALITY IN
FINANCIAL AUDITS........................................................................2
1.1.
Audit risk and materiality in financial audits......................................2
1.1.1.
1.1.1.1.
Definition.......................................................................................................2
1.1.1.2.
The component of audit risk..........................................................................2
1.1.1.3.
Audit risk model............................................................................................2
1.1.1.4.
Relationship between components of audit risk model.................................2
1.1.2.
1.2.
Audit risk................................................................................................2
Materiality..............................................................................................2
1.1.2.1.
Definition.......................................................................................................2
1.1.2.2.
Relationship between materiality and audit risk............................................2
Process of assessment of audit risk in financial audit........................2
1.2.1.
The concept and implications of risk assessment....................................2
1.2.1.1. Essentiality and major purpose of risk assessment procedure in financial
statements audit..............................................................................................................2
1.2.1.2.
The concept of risk assessment.....................................................................2
1.2.1.3.
The implications of risk assessment..............................................................2
1.2.2.
Assessment of acceptable audit risk.......................................................2
1.2.3.
Assessment of inherent risk.....................................................................2
1.2.4.
Assessment of control risk......................................................................2
1.2.5.
Assessment of planned detection risk......................................................2
1.3.
Process of assessment of materiality....................................................2
1.3.1.
Basis of assesment of materiality............................................................2
1.3.2.
Process of assessment of materiality......................................................2
1.3.2.1.
Set preliminary judgement about materiality................................................2
1.3.2.2.
Allocate preliminary judgment about materiality to segments......................2
1.3.2.3.
Estimate misstatement and compare with preliminary judgment..................2
Page 1
PART 2.
PRATICE OF ASSESSMENT OF AUDIT RISK
AND METRIALITY IN FINANCIAL AUDITS CONDUCTED
BY DELOITTE VIETNAM COMPANY LIMITED......................2
2.1.
Brief description of client ABC and client XYZ..................................2
2.1.1.
Brief description of client ABC...............................................................2
2.1.2.
Brief description of client XYZ...............................................................2
2.2.
Practice of assessment of audit risk conducted by Deloitte Vietnam..2
2.2.1.
Assessment of acceptable audit risk.......................................................2
2.2.1.1.
For client ABC...............................................................................................2
2.2.1.2.
For client XYZ...............................................................................................2
2.2.2.
Assessment of inherent risk.....................................................................2
2.2.2.1.
For client ABC...............................................................................................2
2.2.2.2.
For client XYZ...............................................................................................2
2.2.3.
Assessment of control risk......................................................................2
2.2.4.
Assessment of planned detection risk......................................................2
2.3.
2.2.4.1.
For client ABC...............................................................................................2
2.2.4.2.
For client XYZ...............................................................................................2
Assessment of materiality conducted by Deloitte Vietnam..................2
2.3.1.
General method of assessment of materiality by Deloitte Vietnam.........2
2.3.1.1.
Performance Materiality (PM).......................................................................2
2.3.1.2.
Monetary Precision (MP)..............................................................................2
2.3.1.3. Threshold acceptable misstatements for the overall financial statements –
De Minimis Threshold (DMT)......................................................................................2
2.3.2.
2.3.2.1.
DMT
Assessment of materiality in client ABC.................................................2
Determining materiality, performance materiality, monetary precision and
.......................................................................................................................2
2.3.2.2. Determining the threshold of acceptable mistatements for each item in the
financial statements........................................................................................................2
2.3.3.
2.3.3.1.
DMT
Assessment of materiality in client XYZ..................................................2
Determining materiality, performance materiality, monetary precision and
.......................................................................................................................2
2.3.3.2. Determining the threshold of acceptable mistatements for each item in the
financial statements........................................................................................................2
2.4.
Comparison in assessment of audit risk and materiality conducted by
Deloitte Vietnam between client ABC and client XYZ....................................2
2.4.1.
Comparison in assessment of audit risk.................................................2
2.4.2.
Comparison in assessment of materiality...............................................2
Page 2
PART 3.
EVALUATION AND RECOMMENDATIONS TO
IMPROVE
ASSESSMENT
OF
AUDIT
RISK
AND
MATERIALITY IN FINANCIAL AUDITS CONDUCTED BY
DELOITTE VIETNAM COMPANY LIMITED.............................2
3.1.
Evaluation on assessment of audit risk and materiality conducted by
Deloitte Vietnam...............................................................................................2
3.1.1.
Achievements..........................................................................................2
3.1.2.
Limitations..............................................................................................2
3.1.3.
Reason of limitation................................................................................2
3.2.
Recommendation on assessment of audit risk and materiality in
financial audits conducted by Deloitte Vietnam..............................................2
3.2.1.
Recommendation on assessment of control risk.....................................2
3.2.2.
Recommendation on assessment of materiality......................................2
3.2.3.
Recommendation on enhancing the audit software AS2 and using
professional advice................................................................................................2
3.2.4.
Recommendation on enhancing the quality of the audit team.................2
CONCLUSION....................................................................................2
REFERENCES....................................................................................2
Page 3
LIST OF TABLES AND FIGURES
LIST OF FIGURES
Figure 1.1. Steps in applying materiality ..................................................................2
LIST OF TABLES
Table 1.1. Planned detection risk................................................................................2
Table 2.2. Assess the acceptability of the audit contract with client ABC (new
client)............................................................................................................................ 2
Table 2.3. Question table about the independence of auditors that conduct the
audit for customer ABC..............................................................................................2
Table 2.4. Minutes of commitment to independence of auditors for client ABC....2
Table 2.5. Minutes of providing audit service for customer ABC............................2
Table 2.7. Question table about the independence of auditors that conduct the
audit for customer XYZ..............................................................................................2
Table 2.8. Minutes of commitment to independence of auditors for client XYZ....2
Table 2.9. Approval of audit contract continuation for customer XYZ..................2
Table 2.10. Factors affecting inherent risk of the customers....................................2
Table 2.11. Evaluation table of the internal control of client ABC and client XYZ
....................................................................................................................................... 2
Table 2.12. Guidelines to determine materiality level...............................................2
Table 2.13. Guidance for assessing materiality base on revenue..............................2
Table 2.14. Guidance table for calculating the threshold of acceptable
mistatements by Deloitte Vietnam..............................................................................2
Table 2.15. Table of caculation of materiality for Company ABC...........................2
Table 2.16. Table of assessment of control risk on Company ABC’s cash section..2
Table 2.17. Table of caculation of materiality for Company XYZ...........................2
Table 2.18. Table of assessment of control risk on Company XYZ’s cash section..2
Table 3.1. Table of reliability level of Deloitte Vietnam............................................2
Page 4
ABBREVIATIONS LIST
Deloitte Vietnam
PM
MP
EAM
CTT
DMT
GAAS
IR
CR
AAR
PDR
Deloitte Vietnam Limited Company
Performance materiality
Monetary precision
Early assessed materiality
Clearly trivial threshold
De Minimis threshold
Generally accepted auditing standards
Inherent risk
Control risk
Acceptable audit risk
Planned detection risk
Page 5
FOREWORD
Nowadays, along with the continuous growing economy is the ongoing development
of the auditing field. Many audit firms has been established to meet the needs of
investors, business owners as well as the economy itself on transparency in financial
activities of the business. Currently, under the strong international integration trend,
independent audit companies in Vietnam have been having many significant progress
to ensure the best services possible to domestic as well as abroad customers.
After 24 years of development, Deloitte Vietnam Company Limited has become one
of the leading company in the provision of audit and consulting services within
Vietnam and the SEA region with the quality of services beyond the expectations. One
of the key points to the success of the company is how to build a proper audit plan for
each specific customer in order to ensure the quality and effectiveness of the audit;
especially the process of assessment of risk and materiality.
Particularly, Deloitte Vietnam is known as the company with the most precise and
standard audit risk assessment process for materiality and risk in Vietnam. This
assessment process is the very first and important step for an audit. The level of
materiality and risk will be used as an effective tool of audit which can help auditors to
identify the amount of audit evidences required. Therefore, auditors will create a
reasonable plan of methods and scope of application of the audit procedure; by the
same time, ensure the audit achieves efficiency and economic effectiveness. In the
planning phase of the audit, materiality level is used to estimate how many
mistatements can be accepted, determine the scope of the audit and assess the impact
of the possible mistatements on the financial statements. Thereby, determining the
nature, timing and extent of audit procedures.
During the internship program at Deloitte Vietnam Company Limited, I had the
opportunities to expose and study about the process of evaluating materiality level at
the Company as well as its application for specific customers. In order to clarify the
concept of materiality and risks in audits of financial statements as well as the practical
application of this process performed by Deloitte Vietnam, I have decided to write the
Page 6
report on the following topic: "Assessment of audit risks and materiality in financial
audits conducted by Deloitte Vietnam Company Limited".
The report shall includes 3 major chapters:
Chapter 1: Theoritical framework on assessment of audit risk and materiality in
financial audits conducted by Deloitte Vietnam Company Limited.
Chapter 2: Practice of assessment of audit risk and materiality in financial audits
conducted by Deloitte Vietnam Company Limited.
Chapter 3: Assessments and recommendations to improve assessment of audit risk and
metriality in financial audits conducted by Deloitte Vietnam Company Limited
I give my sincere thank to Dr. Nguyen Thi Phuong Hoa for her devoted guidance and
to the colleagues in the Deloitte Vietnam that have helped me complete this topic.
Page 7
PART 1. THEORITICAL FRAMEWORK ON ASSESSMENT
OF AUDIT RISK AND MATERIALITY IN FINANCIAL
AUDITS
1.1. Audit risk and materiality in financial audits
1.1.1. Audit risk
1.1.1.1. Definition
Audit risk (Acceptable audit risk) is a measure of how willing the auditor is to accept
that the financial statements may be materially misstated after the audit is completed
and an unqualified opinion has been issued.There are two general categories of audit
risk – risk regarding assessment of the financial materials and risk regarding the
assertions produced by evaluation of the financial materials. When auditor decides on a
lower acceptable audit risk, they want to be more certain that the financial statements
are not materially misstated. Zero risk is certainty, and a 100 percent risk is completely
uncertainty. Complete assurance (zero risk) of the accuracy of the financial statements
is not economically practical. Moreover, the auditor cannot guarantee the complete
absence of material misstatements.1
1.1.1.2. The component of audit risk
Inherent risk
Inherent risk, in a financial audit, measures the auditor's assessment of the
likelihood that there are material misstatements due to error or fraud in segment
before considering the effectiveness of internal control. If the auditor concludes that
a high likelihood exists, the auditor will conclude that inherent risk is high. Internal
control is ignored in setting inherent risk because they are considered separately in
the audit risk model as control risk.1
Control risk
1
Alvin A.Aren, Randal J.Elder, Mark S.Beasley (2011), Auditing and Assurance Services - An Integrated
Approach, Prentice Hall, 14th edition (April 1, 2011)
Page 8
Control risk measures the auditor assessment of whether misstatements exceeding a
tolerable amount in a segment will be prevented or detected on a timely basis by
the client’s internal control. Organizations must have adequate internal controls in
place to prevent and detect instances of fraud and error. Control risk is considered
to be high where the audit entity does not have adequate internal controls to
prevent and detect instances of fraud and error in the financial statements. 1
Planned detection risk
Detection risk is the risk that audit evidence for a segment fails to detect
misstatements exceeding a tolerable misstatement. There are two key points about
the detection risk:
Detection risk is independent on the other three factors in the model. It will change
only if auditor changes one of the other risk model factors.Detection risk
determines the amount of substantive evidence that the auditor plans to accumulate,
inversely with the size of the detection risk. If the detection risk is reduced, the
auditor needs to accumulate more evidence to achieve the reduced planned risk. 1
1.1.1.3. Audit risk model
Audit risk may be considered as the product of the various risks which may be
encountered in the performance of the audit. In order to keep the overall audit risk of
engagements below acceptable limit, the auditor must assess the level of risk
pertaining to each component of audit risk.Error! Bookmark not defined. The audit
risk model is as follow:
Planned detection risk
=
Acceptable audit risk
Inherent risk x Control risk
An auditor must make key decisions regardless of what controls to trust, what controls
to inspect and what scope to place on the tests associated with auditing the financial
statements of a company. This can quickly form a long list of decisions that auditors
must make for each specific business. The audit risk model is one of the tools that
auditors use to manage those decisions and create a proper framework for inspection.
1
Alvin A.Aren, Randal J.Elder, Mark S.Beasley (2011), Auditing and Assurance Services - An Integrated
Approach, Prentice Hall, 14th edition (April 1, 2011)
Page 9
Below are some factors that create the importance of the audit risk model:
+ To comply with laws and regulations
The audit risk model has become increasingly important. Regulations for business
accountability became stricter with the Laws and other legislation which designed to
enhance auditing practices and provide more information to investors. Therefore, the
audit risk model, with its flexibility and broad-based approach, allows auditors to
incorporate such standards and ensure probable audit results that both businesses and
investors can count on.
+ Determine audit procedures
An audit risk model is a process for determining risks and deciding on the correct audit
procedures needed for a specific business. The model concept is a creation of auditors
in the United States, but the terms used in the model are derived from Generally
Accepted Auditing Standards (GAAS). Under this approach, the auditor decides what
controls can be used to run tests of detail, what controls need to be tested of control
themselves and what amount and scope of tests that will provide the best results for the
audit.
+ Adaptation
The audit risk model is a vital step for complex audits because it provides a flexibility
approach for auditors. If auditors were limited to fixed audit procedures composed of
steps they had to follow, they would not be able to change their approach based on the
company and audits would not be complete or useful. The risk model assesses current
situation and makes the resulting audit a flexible tool that can be used to inspect for
particular errors.
+ Intangible factors
The audit risk model also provides room for certain intangible skills that the auditor
capable of. For example, auditors may experienced in similar businesses and may
know the common faults or weaknesses in those businesses. The model allows the
auditor to focus on certain tests based on his own history, ideas and experiences in the
field. This effectively translates auditor knowledge into practice.
Page 10
1.1.1.4. Relationship between components of audit risk model
The inherent risks, control risk, planned detection risk and audit risk have close
relationships with each other. However, inherent risk and control risk differ from the
other two in that they exist independently with the financial information. Furthermore,
inherent risk and control risk is usually assessed together because of their close
relationship.
Meanwhile, planned detection risk and audit risk is assessed and determined depends
on the the auditors’ professions and judgments. Auditors often identify audit risk from
the beggining of the audit when accepted audit contract. While planned detection risk
is assessed after identified inherent risks and control risk based in order to maintain
audit risk at the desired level.
When inherent risk and control risk are at high level, detection risk can be assessed at
a lower level in order to reduce audit risk to lowest possible level. On the contrary, if
inherent risk and control risk are assessed at low level, detection risk can be higher but
it must remain in an acceptable level to ensure low audit risk level.
The fluctuations of detection risk based on the auditor's assessment of inherent risk
and control risk are presented in the following table:
Assessment of
inherent risk
Assessment of control risk
High
Medium
Low
High
Lowest
Low
Medium
Medium
Low
Medium
High
Low
Medium
High
Highest
1
Table 1.1. Planned detection risk
Notes to table:
-
Inherent risk and control risk are divided into three levels: high, medium, low.
-
Shaded area represents the level of planned detection risk.
-
Planned detection risk is divided into five levels: highest, high, medium, low,
and lowest.
1
Nguyen Quang Quynh , Ngo Tri Tue (2015), Financial Auditing, National Economics University, 4th edition,
2015
Page 11
1.1.2. Materiality
1.1.2.1. Definition
Materiality is a major consideration in determining the appropriate audit report to
issue. FASB Concept Statement 2 defines materiality as:
The magnitude of an omission or misstatement of accounting information that, in the
light of surrounding circumstances, make it probable that the judgement of a
reasonable person relying on the information would have been changed or influenced
by the omission or misstatement.1
In audit engagement, auditor determines the materiality by excercising his professional
judgment. Because auditors are resopsible for determining whether financial
statements are materially mistated, they must, upon discovering a material
misatatement, bring it to the client attention so that a correction can be made. If the
client refuses to correct the statements, the auditor musst issue a qualified or an
adverse opinion, depending on the materiality of the misstatement. To make such
determinations, auditors depend on a thorough knowledge of the application of
materiality.1
1.1.2.2. Relationship between materiality and audit risk
The International Standards of Auditing No. 320, Clause 9, 10, 11 has emphasized
how materiality and audit risk relates to each other, as follow:
The relationship between materiality and audit risk
9. When planning the audit, the auditor considers what would make the financial
statements materially misstated. The auditor's assessment of materiality, related
to specific account balances and classes of transactions, helps the auditor decide
such questions as what items to examine and whether to use sampling and
analytical procedures. This enables the auditor to select audit procedures that, in
combination, can be expected to reduce audit risk to an acceptably low level.
10. There is an inverse relationship between materiality and the level of audit risk,
that is, the higher the materiality level, the lower the audit risk and vice versa.
1
Alvin A.Aren, Randal J.Elder, Mark S.Beasley (2011), Auditing and Assurance Services - An Integrated
Approach, Prentice Hall, 14th edition (April 1, 2011)
Page 12
The auditor takes the inverse relationship between materiality and audit risk
into account when determining the nature, timing and extent of audit
procedures. For example, if, after planning for specific audit procedures, the
auditor determines that the acceptable materiality level is lower, audit risk is
increased. The auditor would compensate for this by either:
a. reducing the assessed level of control risk, where this is possible, and
supporting the reduced level by carrying out extended or additional tests of
control; or
b. reducing detection risk by modifying the nature, timing and extent of planned
substantive procedures.
Materiality and audit risk in evaluating audit evidence
11. The auditor's assessment of materiality and audit risk may be different at the
time of initially planning the engagement from at the time of evaluating the
results of audit procedures. This could be because of a change in circumstances
or because of a change in the auditor's knowledge as a result of the audit. For
example, if the audit is planned prior to period end, the auditor will anticipate
the results of operations and the financial position. If actual results of
operations and financial position are substantially different, the assessment of
materiality and audit risk may also change. Additionally, the auditor may, in
planning the audit work, intentionally set the acceptable materiality level at a
lower level than is intended to be used to evaluate the results of the audit. This
may be done to reduce the likelihood of undiscovered misstatements and to
provide the auditor with a margin of safety when evaluating the effect of
misstatements discovered during the audit.
Page 13
1.2. Process of assessment of audit risk in financial audit
1.2.1. The concept and implications of risk assessment
1.2.1.1. Essentiality and major purpose of risk assessment procedure in financial
statements audit
The 2nd standard of Field work performance of the audit, in GAAS, requires auditors to
obtain an understanding of the entity and its enviroment, including internal control, to
assess the risk of material misstatements.1
By assessing the risk, auditor will obtain a basis for the amount of audit evidence need
to accumulate, which is the assessment of workload auditor ought to perform.
Furthermore, the assessed risk is also a factor that affects the auditor’s opinion at the
end of the audit.
Therefore, the risk assessment procedure is very important step that need to be carried
out at the planning phase of the audit.
1.2.1.2. The concept of risk assessment
A risk assessment is the identification and analysis of relevant risks to the achievement
of an organization's objectives to determine how those risks should be managed. Risk
assessment implies an initial determination of operating objectives, then a systematic
identification of those that could prevent each objective from being attained. In other
words, it is an analysis of what could go wrong.
Management’s risk assessment differs from but is closely related to the auditor’s risk
assessment. While management’s risk assessment is a part of designing and operating
internal controls to minimize errors and fraud, auditors assess risks to decide the
amount of evidence needed to accumulate for the audit. If management could
effectively assesses and responds to risks, the auditor will assess a lower risk and
therefore accumulate less evidence.
Typically, auditors obtain an understanding about management’s risk assessment
process using questionnaires and discussions with management in oerder to determine
1
Alvin A.Aren, Randal J.Elder, Mark S.Beasley (2011), Auditing and Assurance Services - An Integrated
Approach, Prentice Hall, 14th edition (April 1, 2011)
Page 14
how management identifies risks relevant to financial reporting, to evaluates the
significance and likelihood of the risks that may occur, and to decide the actions
needed to address the risks.
1.2.1.3. The implications of risk assessment
When performing an audit, the auditor uses risk assessment procedures to assess the
risk that material misstatement may exists. This step is very crucial because the final
objective of a financial statement audit is to find out whether the reported financial
statements are materially correct.
The auditor performs risk assessment procedures to provide a basis for the
identification and assessment of risks of material misstatement at the financial
statement and assertion levels. Risk assessment procedures, however, do not provide
sufficient appropriate audit evidence on which to base the audit opinion.
A client’s contribution to audit risk influences the audit plans regardless of what audit
evidence is necessary and which personnel will be assigned to the job. The higher the
risk, the higher the workload involved audit risk procedures.
The auditor follows various risk assessment procedures:
+ Recognizing the nature of the company and management,
+ Interviewing employees,
+ Performing analytical procedures,
+ Observing employees at work,
+ Inspecting company records.
After ran through all applicable risk assessment procedures, the auditor will use those
results to figure out how high the chance is that the client has material financial
mistatements. And not every mistake is important.
1.2.2. Assessment of acceptable audit risk
To assess acceptable audit risk, the auditor must first assess each of the factors
affecting acceptable audit risk, which includes:
Assessment of acceptable audit risk is understood as the possibility of risk occurs
when an audit firm accept a certain audit contract. These risks may affect the
company's reputation. The ability to complete the audit within the schedule and quality
Page 15
requirements will affect the long-term relationships with that customer. The
assessment of acceptable audit risk are estimated before signing the contract; therefore
if the acceptable audit risk was reasonably assessed, it would greatly assist the
assessment of other risks when conducting the audit.
Assessing the acceptable audit risk is the very first job done by the audit firm after
being requested for an audit. Auditor will firstly gather general information about the
customer; such information is often about customer’s business operation, the integrity
of the Board of Directors or contact with predecessor auditors.
External users’ reliance on financial statements
When external users heavily rely on the financial statements, it is appropriate to
decrease acceptable audit risk. When financial statements are heavily relied on, it
may result in a great harm to the social if a significant mistatements remain
undetected in the financial statements. Auditors can more easily justify the cost to
obtain additional evidence when the loss to users from material misstatements is
considerable.
Likelihood of financial difficulties
If a client ought to file for bankruptcy or undergo a significant loss after the
completion of the audit, auditors face a greater chance of being required to defend
the quality of the audit than if the client were under no financial strain. This can
result from both the belief that the auditor failed to conduct an appropriate audit
and from the user’s desire to recover part of their loss regarding the quality of the
audit work.
In situations that the auditor believes the risk that financial failure or loss is high
and a corresponding increase in acceptable audit risk occurs, acceptable audit risk
should be reduced.
It is difficult to predict financial failure before it occurs, but auditor may use
certain factors as good indicators such as: liquidity position, profit (losses) in the
previous year, method of financing growth, nature of the client’s operations,
competence of management.
Management integrity
Page 16
If a client’s integrity is questionable, the auditor is likely to assess a low acceptable
audit risk. Companies with low integrity often conduct their business operations in
a manner that often results in conflicts with their stockholders, regulators and
customers. Thereby, these conflicts often reflect on the quality of the audit and can
result in lawsuit and other disagreements.
Following factors may affect management integrity: relationship with current or
previous auditors, frequency of turnover of key financial or internal audit
personnel, relationship with employees and labor unions.
The collected information will give auditors initial insights about customers which
supporting auditors in making the decision whether to accept the contract. If the
customer operate in industries with high risk and complexity, or if the business
activities of customers in the previous period unstablized, the acceptable audit risk
allocate to customers will be higher. In some cases, customer’s company has too large
size but require the audit to be completed in a short time. If the auditor accepted the
contract will not be able to complete the audit as planned or completed the audit in
time but the quality of the audits are not guaranteed. In this case, acceptable audit risk
directly affect audit risk and business risk.
After examining these factors, it is easy to observe that the assessment of each of the
factors is highly subjective. In turn, overall assessment of acceptable audit risk is also
highly subjective. The information collected will be recorded in the audit file and
auditors will evaluate acceptable audit risk at the following levels:
Normal
Greater than normal
Very high
If the acceptable audit risk is considered normal, the audits are accepted without any
further consideration.
If the assessment of acceptable audit risk is higher than normal, the auditor in charge
of the contract ought to collect additional approvals of other higher levels personnel
within the company which comply to the audit policies.
If the assessment of acceptable audit risk is very high, the partner in charge must
consider in order to decide final conclusion. If there are still doubts about the ability to
Page 17
accept or continue with the customer, the company needs to collect the opinions of the
professional consultants.
As the engagement progresses, auditor will obtain additional information about the
client, and acceptable audit risk could be changed during fieldwork.
1.2.3. Assessment of inherent risk
The comprehension of inherent risk in the audit risk model is one of the most
important concepts in auditing. It emphasizes that auditors should attempt to predict
where statements are most and least likely occur in the financial statement sections.
This information influences the amount of evidence that auditor needs to accumulate,
the assignment of staff and the extension of review of audit documentation.
While assessing this risk, auditors must ignore whether the client has internal controls
in place in order to help free the inherent risk from control risk. The job when
assessing inherent risk is to evaluate how susceptible, for each assertion, the financial
statement are to material misstatement given the nature of the client’s business.
The auditor must assess factors that create the risk and modify audit evidence to take
them into consideration. The auditor should consider several major factors when
assessing inherent risk:
+ Nature of the client’s business
Inherent risk for certain accounts is influenced by the nature of the client’s business
because of the different nature of the business resulting in different treatment to the
account in financial statements. For example, an electronics manufacturer faces a
greater likelihood of obsolete inventory than a building material manufacturer
does.
+ Results of previous audit
Mistatements found in the previous year’s audit are very likely to occur again in
the current year’s audit because many types of misstatements are systematic in
nature, and organizations are ussually slow in making changes to wipe them out.
+ Initial versus repeat engagement
Auditors gain experience and knowledge about the likelihood of misstatements
after already audited a client. The lack of previous years’ audit results influences
Page 18
most auditors to assess a higher inherent risk for initial audit than for repeat
engagements in which no material mistatements were previously found.
+ Related parties
Transactions between related parties do not occur between two independent ones
dealing at arm’s length. There is a greater likelihood that they might be misstated,
causing an increase in inherent risk.
+ Non-routine transactions
Transactions that are unusual for a client are more likely to be misstated than
routine transactions because the client often lacks experience recording them.
+ Judgments required to correctly record account balances and transactions
Many account balances require estimates and a considerable amount of
management judgement. Because they require considerable judgment, the
likelihood of misstatements increases. Therefore, the auditor should increase
inherent risk.
+ Structure of the population
Often, individual items making up the total population also affect the auditor’s
expectation of material mistatements.
+ Factors related to fraudulent financial reporting and misappropriation of assets
It is difficult in concept and in practice to seperate fraud risk factors into each
components of the audit risk model. To sastify the requirements of auditing
standards, it is more important that the auditor assess the risks and respond to them
than to categorize them into risk type. For this reason, many audit firms assess
fraud risk separately from the assessment of the audit risk model components.
1.2.4. Assessment of control risk
The auditor assesses control risk by connecting key control and control deficiencies to
transaction-related audit objectives. The auditor obtains an understanding of the
overall internal control to make a preliminary assessment of control risk as part of the
auditor’s overall assessment of the risk of material misstatements. The auditor uses
this preliminary assessment to plan the audit for each material claass of transactions.
However, in some occasions, the auditor may find out that the control deficiencies are
Page 19
significant such that the client’s financial statements may not be auditable. So, the
auditor must first decide whether the entity is auditable before making a preliminary
assessment of control risk for each material class of transactions.
The assessment of control risk usually follow these steps:
1. Assess whether financial statements are auditable.
2. Determine assessed control risk supported by the understanding obtained.
3. Identify deficiencies, significant deficiencies and material weaknesses.
4. Communicate to those charged with governance and management letters.
Assessing control risk requires the auditor to consider both the design and the
operation of controls to evaluate whether they will likely be effective in meeting
related audit objectives. The procedures to test effectiveness of controls in support of a
reduced assessed control risk are called tests of controls.
If the results of tests of controls support the the design and the operation of controls as
expected, the auditor will maintain the assessed control risk in the preliminary
assessment. However, if the tests of controls show that the controls did not operate
effectively, the assessed control risk must be reconsidered.
The auditor is likely to use four types of procedures to support the operating
effectiveness of internal controls. Management’s testing of internal control will likely
include the same types of procedures. The four types of procedures are as follows:
+ Make inquiries of appropriate client personnel.
+ Examine documents, records, reports.
+ Observe control related activities.
+ Reperform client procedures.
1.2.5. Assessment of planned detection risk
After collecting all information needed to assess all the risks above, auditors will
assess the planned detection risk, base on the audit risk model. Planned detection risk
Page 20
