Risk Assessment and Responses to Assessed Risks
This standard requires the auditor to design and implement overall responses for the assessed risks of material misstatement at the financial statement level. Overall responses at higher levels of risk may include assigning more experienced personnel to the engagement, providing increased supervision by the engagement leader and planning more reliable and more extensive detailed tests of balances procedures.
Audit Procedures Responsive to the Assessed Risks of Material
Misstatement at the Relevant Assertion Level
Following are essential requirements from AU-C 330 paragraphs:
.06 The auditor should design and perform further audit procedures whose nature, timing, and extent are based on, and are responsive to, the assessed risks of material misstatement at the relevant assertion level.
.07 In designing the further audit procedures to be performed, the auditor should
a. consider the reasons for the assessed risk of material misstatement at the relevant assertion level for each class of transactions, account balance, and disclosure, including
i. the likelihood of material misstatement due to the particular characteristics of the relevant class of transactions, account balance, or disclosure (the inherent risk) and
ii. whether the risk assessment takes account of relevant controls (the control risk), thereby requiring the auditor to obtain audit evidence to determine whether the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing, and extent of substantive procedures), and
b. obtain more persuasive audit evidence the higher the auditor's assessment of risk.
Selecting the Audit Strategy:
To select the proper strategy and prevent over auditing, the auditor must consider (1) the opportunity to assess risk of material misstatement at less than high and (2) the relative efficiency with which substantive tests of balances procedures can be performed. When a reporting entity has good internal controls and/or a good financial reporting system, using tests of controls may be the most cost-efficient strategy. However, when an auditor can perform other risk assessment procedures on smaller audits, e.g., reading the general ledger and performing a systems walk-through procedure and then making at least slight reductions in substantive tests of balances to evaluate applicable financial statement assertions in minimum time, detailed tests of controls would not ordinarily be necessary.
Since the evaluation of the risk of material misstatement is made at both the financial statement and the assertion levels, and because performance materiality (tolerable misstatement) must be determined for each material financial statement classification, the auditor may achieve efficiencies by planning unique audit strategies for each financial statement classification.
As an auditor considers the design of an audit strategy, it is important to remember the higher the inherent risk in a transaction or balance, the higher the reliance normally required for tests of balances procedures. However, it is the combination of inherent risk and control risk that determines the assessed levels of RMM. Tests of controls or systems walk-through procedures may provide evidence to mitigate higher inherent risks in account balances or classes of transactions.
The more effective an entity’s control environment is, the lower the control risk. The lower the control risk, the lower the necessary reliance on detailed tests of balances. A more effective control environment normally results in a stronger financial reporting system and even effective owner or manager key controls, particularly on smaller audits. A less effective control environment normally results in deficiencies in the design and operation of internal control activities.
Deciding to perform low-reliance tests of controls, other risk assessment procedures and/or system’s walk-through procedures when an entity has a good financial reporting system and control environment may permit an evaluation of risk of material misstatement at slightly less than high to moderate, even on smaller audits. When risk of material misstatement is slightly less than high or moderate, the extent of some sampling and non-sampling procedures may be reduced.
These limited reductions of tests of balances will generally occur by:
- Raising the lower limit for individually significant items from approximately 10% of performance materiality (high risk) up to 50-60% for financial statement classifications or relevant assertions.
- Using less reliable procedures for the lower stratum in a sampling population, such as sending negative confirmations for small accounts receivable balances.
- Risk factors on a sampling planning and evaluation form can be reduced somewhat. Without good prior experience with the client, and without significant substantive evidence from analytical procedures, the risk factor would be close to 3.0. These factors remaining the same and control risk at slightly less than high or moderate may allow a risk factor of from 2.3 to 3.0.
- Certain detailed tests of balances procedures may be performed before the reporting date. Accounts receivable, for example, may be confirmed up to 30 days before the engagement date, along with performance of appropriate roll-forward procedures.
The more effective the analytical procedures used, the lower the amount of evidence required from detailed tests of balances. High reliance presumes using analytical procedures to the maximum extent practical to generate substantive evidence to evaluate financial statement assertions. Quantity reconciliations, such as the number of units sold times sales price, or reasonableness tests for such accounts as depreciation, interest or payroll taxes generally produce more substantive evidence than corroborative procedures like comparing account balances or ratios among years.
When detailed tests of balances or analytical procedures can be performed to efficiently evaluate the completeness assertion, tests of controls are not necessary for this purpose. Evaluating the completeness of revenues through detailed tests of balances, however, is difficult at best. Examples of tests of balances that can be used to produce substantive evidence to evaluate the completeness assertion for revenues include examining contracts to determine all revenues that should be recorded are recorded (for the construction industry) or using predictive analytical procedures to determine the accuracy of recorded revenues or expenses, e.g., using copy machine meter readings for a copying business to compute copying revenues and copy machine rental expense.
In other instances, limited tests of controls may be necessary to evaluate the completeness of revenues. Tracing, say, 15 documents originating sales transactions such as customer orders or shipping reports to the sales journal is an example of a limited test of control procedure for completeness. In some moderate risk circumstances, tracing 10-15 transactions through the sales and collections transaction cycle during the systems walk-through procedure may produce sufficient evidence to evaluate the completeness assertion. Higher risk may require more transactions.
Reductions in detailed tests of balances will occur in the nature, extent and timing of the procedures. Ultimately, the integration of the results of the risk assessment procedures, the results of the analytical procedures and the nature, extent and timing of tests of balances procedures will culminate in audit strategies for account classifications as an auditor designs and performs sampling and non-sampling procedures. The Clarified Auditing Standard, Audit Sampling, will be discussed later in this series.
These eBook resources, without CPE credit, can be obtained from my website:
- Small Audits Made Easy and Profitable
- Performing Auditing Tests of Balances Procedures
- Staff Training Series for Entry-Level Accountants, New In-Charge Accountants and Engagement Leaders
- Key Accounting Issues for Non-Profit Organizations
- A Practical Potpourri of Time Savings on Audits
- The Financial Reporting Framework for Small- and Medium-Sized Entities