Risk Assessment and
Responses to Assessed Risks
This standard requires the
auditor to design and implement overall responses for the assessed risks of
material misstatement at the financial statement level. Overall responses at
higher levels of risk may include assigning more experienced personnel to the
engagement, providing increased supervision by the engagement leader and
planning more reliable and more extensive detailed tests of balances
procedures.
Audit Procedures
Responsive to the Assessed Risks of Material
Misstatement at the
Relevant Assertion Level
Following are essential requirements from AU-C 330 paragraphs:
.06 The auditor should design and perform further
audit procedures whose nature, timing, and extent are based on, and are
responsive to, the assessed risks of material misstatement at the relevant
assertion level.
.07 In designing the further audit procedures to be
performed, the auditor should
a. consider the reasons for the assessed
risk of material misstatement at the relevant assertion level for each class of
transactions, account balance, and disclosure, including
i. the likelihood of material
misstatement due to the particular characteristics of the relevant class of
transactions, account balance, or disclosure (the inherent risk) and
ii. whether the risk assessment takes
account of relevant controls (the control risk), thereby requiring the auditor
to obtain audit evidence to determine whether the controls are operating
effectively (that is, the auditor intends to rely on the operating
effectiveness of controls in determining the nature, timing, and extent of
substantive procedures), and
b. obtain more persuasive audit evidence
the higher the auditor's assessment of risk.
Selecting
the Audit Strategy:
To select the proper strategy and prevent over auditing, the
auditor must consider (1) the opportunity to assess risk of material
misstatement at less than high and (2) the relative efficiency with which
substantive tests of balances procedures can be performed. When a reporting entity has good internal
controls and/or a good financial reporting system, using tests of controls may
be the most cost-efficient strategy.
However, when an auditor can perform other risk assessment procedures on
smaller audits, e.g., reading the general ledger and performing a systems
walk-through procedure and then making at least slight reductions in substantive
tests of balances to evaluate applicable financial statement assertions in
minimum time, detailed tests of controls would not ordinarily be
necessary.
Since the evaluation of the risk of material misstatement is
made at both the financial statement and the assertion levels, and because performance
materiality (tolerable misstatement) must be determined for each material
financial statement classification, the auditor may achieve efficiencies by
planning unique audit strategies for each financial statement classification.
As an auditor considers the design of an audit strategy, it
is important to remember the higher the inherent risk in a transaction or
balance, the higher the reliance normally required for tests of balances
procedures. However, it is the combination of inherent risk and control risk
that determines the assessed levels of RMM.
Tests of controls or systems walk-through procedures may provide
evidence to mitigate higher inherent risks in account balances or classes of
transactions.
The more effective an entity’s control environment is, the
lower the control risk. The lower the
control risk, the lower the necessary reliance on detailed tests of
balances. A more effective control
environment normally results in a stronger financial reporting system and even
effective owner or manager key controls, particularly on smaller audits. A less effective control environment normally
results in deficiencies in the design and operation of internal control
activities.
Deciding to perform low-reliance tests of controls, other
risk assessment procedures and/or system’s walk-through procedures when an
entity has a good financial reporting system and control environment may permit
an evaluation of risk of material misstatement at slightly less than high to
moderate, even on smaller audits. When
risk of material misstatement is slightly less than high or moderate, the
extent of some sampling and non-sampling procedures may be reduced.
These limited reductions of tests of balances will generally
occur by:
- Raising the lower limit for individually significant items from approximately 10% of performance materiality (high risk) up to 50-60% for financial statement classifications or relevant assertions.
- Using less reliable procedures for the lower stratum in a sampling population, such as sending negative confirmations for small accounts receivable balances.
- Risk factors on a sampling planning and evaluation form can be reduced somewhat. Without good prior experience with the client, and without significant substantive evidence from analytical procedures, the risk factor would be close to 3.0. These factors remaining the same and control risk at slightly less than high or moderate may allow a risk factor of from 2.3 to 3.0.
- Certain detailed tests of balances procedures may be performed before the reporting date. Accounts receivable, for example, may be confirmed up to 30 days before the engagement date, along with performance of appropriate roll-forward procedures.
The more effective the analytical procedures used, the lower
the amount of evidence required from detailed tests of balances. High reliance presumes using analytical
procedures to the maximum extent practical to generate substantive evidence to
evaluate financial statement assertions. Quantity reconciliations, such as the
number of units sold times sales price, or reasonableness tests for such
accounts as depreciation, interest or payroll taxes generally produce more
substantive evidence than corroborative procedures like comparing account
balances or ratios among years.
When detailed tests of balances or analytical procedures can
be performed to efficiently evaluate the completeness assertion, tests of
controls are not necessary for this purpose.
Evaluating the completeness of revenues through detailed tests of
balances, however, is difficult at best.
Examples of tests of balances that can be used to produce substantive evidence
to evaluate the completeness assertion for revenues include examining contracts
to determine all revenues that should be recorded are recorded (for the
construction industry) or using predictive analytical procedures to determine
the accuracy of recorded revenues or expenses, e.g., using copy machine meter
readings for a copying business to compute copying revenues and copy machine
rental expense.
In other instances, limited tests of controls may be
necessary to evaluate the completeness of revenues. Tracing, say, 15 documents originating sales
transactions such as customer orders or shipping reports to the sales journal
is an example of a limited test of control procedure for completeness. In some moderate risk circumstances, tracing
10-15 transactions through the sales and collections transaction cycle during
the systems walk-through procedure may produce sufficient evidence to evaluate
the completeness assertion. Higher risk
may require more transactions.
Reductions in detailed tests of balances will occur in the
nature, extent and timing of the procedures.
Ultimately, the integration of the results of the risk assessment
procedures, the results of the analytical procedures and the nature, extent and
timing of tests of balances procedures will culminate in audit strategies for
account classifications as an auditor designs and performs sampling and
non-sampling procedures. The Clarified
Auditing Standard, Audit Sampling,
will be discussed later in this series.
More Information
These eBook resources, without CPE credit, can be
obtained from my website:
- Small Audits Made Easy and Profitable
- Performing Auditing Tests of Balances Procedures
- Staff Training Series for Entry-Level Accountants, New In-Charge Accountants and Engagement Leaders
- Key Accounting Issues for Non-Profit Organizations
- A Practical Potpourri of Time Savings on Audits
- The Financial Reporting Framework for Small- and Medium-Sized Entities
No comments:
Post a Comment