Question

Chapter 5 & 6- Basics of the Audit

Understand the different types of procedures (analytics, sampling, year end, interim work)- what they mean, being able to identify examples. (If I give you a procedure can you determine if it is an analytical procedure, work performed at interim, etc.)

Understanding the audit risk model- what it means to asses risk as high, moderate, low, or maximum. (Do you do more or less work) (If I change one part of the formula can you determine what other part of the formula changes: EX: Audit risk goes up what happens to detection risk)

Understanding the assertions and what they mean, and how different assertions can be tested for by the auditor.

Being able to match procedures with assertions. (If I give you an audit procedure can you match what assertion it addresses)

What type of procedures provide more evidence and which provide less reliable evidence.

What is the purpose of an audit- what does an audit provide comfort over and what does it not provide comfort over. (What is reasonable assurance).

Relationship between risk of material misstatement and detection risk (substantive procedures). If detection risk goes up or down- does the auditor perform more or less work)

How does the auditor use materiality during the different phases of the audit- planning, substantive, etc.

Know the definitions of audit risk, control risk, inherent risk, and detection risk.

Answer 1

Auditors use audit procedures to verify facts, make conclusions and express opinions on how a company manages risk. Procedures commonly include analytical review, inquiry, observation, inspection and re-performance. Auditors apply different procedures based on a company and the purpose of its audit.

Analytical Procedures

Auditors can spot risks and address the causes by knowing what’s normal and honing in on deviations. They may examine the reasonableness of a company’s depreciation, for example, because such expenses should be consistent. They use analytical procedures in planning, testing and an overall review to identify fluctuations and as a basis for applying other procedures.

Inquiry

Asking questions of a company’s accountants, managers and other key staff is a common way for auditors to gather information. Auditors may ask about business processes and how financial transactions are recorded to ensure that the company is guarding against risks. For example, they may ask a business owner how financial records are stored. Auditors will not accept the answers alone as confirmation. But they may use the responses to their inquiries to establish additional testing criteria.

Observation

An auditor may verify that records are indeed stored in locked filing cabinets as the company’s representatives said by watching an employee unlock a drawer during their normal activities. They also may watch how an activity is done to see if it poses any risk, like how a clerk collects and counts money.

Physical Examination

Counting tangible assets can provide an auditor with evidence of value. An auditor may confirm the amount of a particular piece of equipment or product to determine that their given value corresponds with the company’s assertions, for example.

Inspection

Checking against written procedures and documents helps auditors determine whether processes are being done correctly and that the information is being recorded accurately. Auditors may verify whether security procedures are being followed and if invoices contain the correct amounts, for example. An auditor may spend most of their time verifying or vouching documents.

Re-performance

An auditor may check whether calculations are done correctly by doing the calculations themselves. For example, they might prepare their own payroll report by calculating the net wages that employees should receive by accounting for the withholdings and deductions. If there are no differences, they may conclude that the payroll reports are being done properly. They also may check whether the information is transferred to accounting records correctly to ensure the integrity of the company’s financial statements.

Audit risk model is a tool used by auditors to understand the relationship between various risks arising from an audit engagement enabling them to manage the overall audit risk. Audit risk model suggests that overall audit risk of an engagement is the product of the following three component risks:

• Inherent Risk
• Control Risk
• Detection Risk

This is often represented in equation form as follows:

Audit Risk = Inherent Risk × Control Risk × Detection Risk

Since inherent risk and control risk make up risk of material misstatement, therefore another way to state audit risk model is:

Audit Risk = Risk of Material Misstatement × Detection Risk

The Components

Audit risk is the risk that the auditor gives an inappropriate opinion on an audit engagement. This usually means giving a clean/unqualified opinion when financial statements are in fact materially misstated.

Inherent risk arises due to susceptibility of an item to misstatement due to its nature. For example, there is inherent risk of misstatement in estimates because they involve judgement.

Control risk is the risk that internal controls established by a company, to prevent or detect and correct misstatements, fail and thus the financial statement items become misstated.

Detection risk arises because the auditor’s methods and procedures, to test balances and transactions for misstatements, fail to detect all the misstatements.

How Auditors Use Audit Risk Model?

Auditor’s goal is to reduce overall audit risk to an acceptable level. In order to do that, they will first assess the levels of each component risk of the model. The risk values are not readily quantifiable though and auditors use professional judgement to assess the risks. This means that the above equation is not typically used to calculate risks like other mathematical equations are normally used. The auditors will nevertheless assess the risk values in some form, often by descriptive means.

The auditors then use the model to establish relationship between the risks and take action to reduce overall audit risk to an acceptable level.

The risk of material misstatement is under the control of management of the company and the auditor can only directly manipulate detection risk. So, if their assessment of the risk of material misstatement and audit risk is high, they must reduce the detection risk in order to contain overall audit risk within acceptable level.

Detection risk can be manipulated by various means some of them being: changing the composition of the engagement team, changing the types of procedures and changing the duration of audit work. For example, detection risk and thus audit risk is normally reduced when more skilled personnel are assigned to engagement team or when larger sample sizes are selected or when substantive test of details are performed instead of analytical procedures

If Audit Risk goes up then detention risk also goes up.