THE RISK OF MATERIAL MISSTATEMENT (RMM) AUDIT PROCEDURES RESPONSE TO RISKS & EVALUATING THE AUDIT VERIFICATION OBTAINED.

SUMMARY: Audit procedures responsive to risks of material misstatement at the relevant assertion level. This part provides guidance to the auditor in designing and performing further audit procedures, including tests of the operating effectiveness of controls, where relevant or necessary, and substantive procedures, whose nature, timing, and extent are responsive to the assessed risks of material misstatement at the relevant assertion level. a lot the auditor may determine that a combined approach using both tests of the operating effectiveness of controls and substantive procedures is an effective approach. Irrespective of the approach selected, under the Auditing Standard. The auditors assessment of the identified risks at the assertion level provides a basis for considering the appropriate audit approach for designing and performing further audit procedures. In some cases, the auditor may determine that only by performing tests of controls may the auditor achieve an effective response to the assessed risk of material misstatement for a particular assertion. MEANING THE RMM Auditors must consider audit risk and must determine a materiality level for the financial statements taken as a whole." Auditors also "must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement the risk of material misstatement has been assessed for major accounts, transaction streams and disclosures, the auditor must develop an audit plan in which he or she documents the audit procedures that, when performed, are expected to reduce audit risk to an acceptably low level In additional: The auditor is required to assess the risk of material misstatement (RMM) according to Audit Risk and Materiality in Conducting an Audit. RMM is the auditors combined assessment of inherent risk and control risk. Auditors are also required to perform audit procedures to respond to assessed RMM. The auditor should obtain an understanding of the entity and its environment, including its internal control, sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures In my article have tried to clearly discuss how the auditor responds to the risk of material misstatement (RMM) in designing and performing audit procedures.

OVERALL RESPONSES: The auditor's overall responses to address the assessed risks of material misstatement at the financial statement level may include emphasizing to the audit team the need to maintain professional skepticism in gathering and evaluating audit evidence, assigning more experienced staff or those with specialized skills or using specialists, providing more supervision, or incorporating additional elements of unpredictability in the selection of further audit procedures to be performed. Additionally, the auditor may make general changes to the

nature, timing, or extent of further audit procedures as an overall response, for example, performing substantive procedures at period end instead of at an interim date. The auditors overall responses to the assessed RMM include 1. Maintaining professional skepticism in gathering and evaluating audit evidence. 2. Assigning more experienced staff. 3. Using specialists. 4. Greater supervision of staff. 5. Element of unpredictability in selection of further audit procedures. 6. Changes in nature, timing, and extent of further audit procedures. 7. Increase the number of locations to be included in the audit scope. The effectiveness of the control environment has a significant bearing on whether the auditor will employ a primarily substantive approach or a combined approach that uses tests of controls as well as substantive procedures. AUDIT PROCEDURES RESPONSIVE TO RISKS OF MATERIAL MISSTATEMENT The auditor should design auditing procedures to achieve the objective of a high level of assurance that the financial statements are free of material misstatement. Those further auditing procedures consist of either tests of controls or substantive procedures. In designing further audit procedures, the auditor should consider such matters as: The significance of the risk The likelihood that a material misstatement will occur The characteristics of the class of transactions, account balance, or disclosure involved The nature of the specific controls used by the entity, in particular, whether they are manual or automated Whether the auditor expects to obtain audit evidence to determine if the entity's controls are effective in preventing or detecting material misstatements. The nature of the audit procedures is of most importance in responding to the assessed risks. There should be a clear linkage between audit procedures and the risk of material misstatement at the relevant assertion level for each class of transactions, account balance, and disclosure. The higher the auditors assessment of risk, the more reliable and relevant the Evidence must be to satisfy the auditors objectives. The higher the RMM, the more likely it is that the auditor will perform the procedures at the end of period or at unpredictable or unannounced times. Certain procedures may only be performed at or after the period end date. The extent or quantity of audit procedures is determined by the auditors judgment. The auditor should consider the assessed risk of material misstatement, the tolerable misstatement, And the degree of assurance desired. Generally, sampling is used to achieve audit objectives. Tests of controls should be performed if controls are expected to be effective in preventing or detecting a material misstatement in a relevant assertion the auditor should obtain evidence about how controls were applied at relevant times during the period under audit. If substantially different controls were used at various times, the auditor should consider each time period separately.

Tests of controls may be designed to be performed concurrently with test of details. When performing these dual-purpose tests, the auditor should consider how the outcome of the test of controls may affect the extent of substantive procedures to be performed.

A material misstatement that is detected by the auditors, but not identified by the entity, should be considered as at least a significant deficiency. It may also be a strong indicator of a material weakness in internal controls that should be communicated to management. When evidence about the operating effectiveness of controls is obtained during an interim period, consideration should be given to what further evidence is needed for the remaining period. If the auditor plans to use audit evidence about the effectiveness of controls that was obtained in a prior period, The auditor should also increase the extent of testing of controls as the rate of expected deviation increases. In some instances the expected rate of deviation may be too high to obtain evidence that will sufficiently reduce the control risk. Tests of controls would then be inappropriate. Once the auditor determines that automated controls are working effectively, the auditor should perform tests to determine that the controls continue to work as intended, especially if changes are made to the program.

Considering the Nature, Timing, and Extent of Further Audit Procedures

NATURE: The nature of further audit procedures refers to their purpose (tests of controls or substantive procedures) and their type, that is, inspection, observation, inquiry, confirmation, recalculation, reperformance, or analytical procedures. The auditor should obtain audit evidence about the accuracy and completeness of information produced by the entity's information system when that Information is used in performing audit procedures. For example, if the auditor uses non-financial information or budget data produced by the entity's information system in performing audit procedures, such as substantive analytical procedures or tests of controls, the auditor should obtain audit evidence about the accuracy and completeness of such information TIMING: Timing refers to when audit procedures are performed or the period or date to which the audit evidence applies. The higher the risk of material misstatement, the more likely it is that the auditor may decide it is more effective to perform substantive procedures nearer to, or to perform audit procedures unannounced or at unpredictable times. Certain audit procedures can be performed only at or after period end, for example, agreeing the financial statements to the accounting records, or examining adjustments made during the course of preparing the financial Statements. If there is a risk that the entity may have entered into improper sales contracts or that transactions may not have been finalized at period end, the auditor should perform procedures to respond to that specific risk. EXTENT:

Extent refers to the quantity of a specific audit procedure to be performed, for example, the extent of an audit procedure is determined by the judgment of the auditor after considering the tolerable misstatement, the assessed risk of material misstatement, and the degree of assurance the auditor plans to obtain. An auditor may use techniques such as computerassisted audit techniques to enable him or her to extensively test electronic transactions and account files. Such techniques can be used to select sample transactions from key electronic files, to identify transactions with specific characteristics, or to test an entire population instead of a sample. This Statement regards the use of different audit procedures in combination as an aspect of the nature of testing as discussed above. However, the auditor should consider whether the extent of testing is appropriate when performing different audit procedures in combination. CONTROLS: The timing of tests of controls depends on the auditor's objective and the period of reliance on those controls. When the auditor tests controls at a particular time, the auditor may obtain audit evidence that the controls operated effectively only at that time. The auditor should test controls for the particular time, or throughout the period, for which the auditor intends to rely on those controls. Audit evidence pertaining only to a point in time may be sufficient for the auditor's purpose, CONCLUSION: The auditor's assessment of the identified risks at the relevant assertion level provides a basis for considering the appropriate audit approach for designing and performing further audit procedures. In some cases, the auditor may determine that performing only substantive procedures is appropriate for specific relevant assertions and risks. In those circumstances, the auditor may exclude the effect of controls from the relevant risk assessment