THE RISK OF MATERIAL MISSTATEMENT (RMM) AUDIT

Meaning the RMM

Auditors must consider audit risk and must determine a materiality level for the financial statements taken as a whole." Auditors

also "must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of

material misstatement the risk of material misstatement has been assessed for major accounts, transaction streams and

disclosures, the auditor must develop an audit plan in which he or she documents the audit procedures that, when performed, are

expected to reduce audit risk to an acceptably low level

In additional: The auditor is required to assess the risk of material misstatement (RMM) according to Audit Risk and Materiality in

Conducting an Audit. RMM is the auditor's combined assessment of inherent risk and control risk. Auditors are also required to

perform audit procedures to respond to assessed RMM. The auditor should obtain an understanding of the entity and its

environment, including its internal control, sufficient to identify and assess the risks of material misstatement of the financial

statements whether due to fraud or error, and sufficient to design and perform further audit procedures

In my article have tried to clearly discuss how the auditor responds to the risk of material misstatement (RMM) in designing and

performing audit procedures.

Overall Responses:

The auditor's overall responses to address the assessed risks of material misstatement at the financial statement level may include

emphasizing to the audit team the need to maintain professional skepticism in gathering and evaluating audit evidence, assigning

more experienced staff or those with specialized skills or using specialists, providing more supervision, or incorporating additional

elements of unpredictability in the selection of further audit procedures to be performed. Additionally, the auditor may make general

changes to the nature, timing, or extent of further audit procedures as an overall response, for example, performing substantive

procedures at period end instead of at an interim date.

The auditor's overall responses to the assessed RMM include

1. Maintaining professional skepticism in gathering and evaluating audit evidence.

2. Assigning more experienced staff.

3. Using specialists.

4. Greater supervision of staff.

5. Element of unpredictability in selection of further audit procedures.

6. Changes in nature, timing, and extent of further audit procedures.

7. Increase the number of locations to be included in the audit scope.

The effectiveness of the control environment has a significant bearing on whether the auditor will employ a primarily substantive

approach or a combined approach that uses tests of controls as well as substantive procedures.

AUDIT PROCEDURES RESPONSIVE TO RISKS OF MATERIAL MISSTATEMENT

The auditor should design auditing procedures to achieve the objective of a high level of assurance that the financial statements

are free of material misstatement. Those further auditing procedures consist of either tests of controls or substantive procedures. In

designing further audit procedures, the auditor should consider such matters as:

The significance of the risk

• The likelihood that a material misstatement will occur

• The characteristics of the class of transactions, account balance, or disclosure involved

• The nature of the specific controls used by the entity, in particular, whether they are manual or automated

• Whether the auditor expects to obtain audit evidence to determine if the entity's controls are effective in preventing or detecting

material misstatements.

The nature of the audit procedures is of most importance in responding to the assessed risks.

There should be a clear linkage between audit procedures and the risk of material misstatement at the relevant assertion level for

each class of transactions, account balance, and disclosure. The higher the auditor's assessment of risk, the more reliable and

relevant the

Evidence must be to satisfy the auditor's objectives. The higher the RMM, the more likely it is that the auditor will perform the

procedures at the end of period or at unpredictable or unannounced times. Certain procedures may only be performed at or after

the period end date.

The extent or quantity of audit procedures is determined by the auditor's judgment. The auditor should consider the assessed risk

of material misstatement, the tolerable misstatement,

And the degree of assurance desired. Generally, sampling is used to achieve audit objectives. Tests of controls should be

performed if controls are expected to be effective in preventing or detecting a material misstatement in a relevant assertion the

auditor should obtain evidence about how controls were applied at relevant times during the period under audit. If substantially

different controls were used at various times, the auditor should consider each time period separately.

Tests of controls may be designed to be performed concurrently with test of details. When performing these dual-purpose tests, the

auditor should consider how the outcome of the test of controls may affect the extent of substantive procedures to be performed.

A material misstatement that is detected by the auditors, but not identified by the entity, should be considered as at least a

significant deficiency. It may also be a strong indicator of a material weakness in internal controls that should be communicated to

management. When evidence about the operating effectiveness of controls is obtained during an interim period, consideration

should be given to what further evidence is needed for the remaining period. If the auditor plans to use audit evidence about the

effectiveness of controls that was obtained in a prior period,

The auditor should also increase the extent of testing of controls as the rate of expected deviation increases. In some instances the

expected rate of deviation may be too high to obtain evidence that will sufficiently reduce the control risk. Tests of controls would

then be inappropriate.
Once the auditor determines that automated controls are working effectively, the auditor should perform tests to determine that the

controls continue to work as intended, especially if changes are made to the program.

Considering the Nature, Timing, and Extent of Further Audit Procedures

Nature:

The nature of further audit procedures refers to their purpose (tests of controls or substantive procedures) and their type, that is,

inspection, observation, inquiry, confirmation, recalculation, reperformance, or analytical procedures. The auditor should obtain

audit evidence about the accuracy and completeness of information produced by the entity's information system when that

Information is used in performing audit procedures. For example, if the auditor uses non-financial information or budget data

produced by the entity's information system in performing audit procedures, such as substantive analytical procedures or tests of

controls, the auditor should obtain audit evidence about the accuracy and completeness of such information

Timing:

Timing refers to when audit procedures are performed or the period or date to which the audit evidence applies. The higher the risk

of material misstatement, the more likely it is that the auditor may decide it is more effective to perform substantive procedures

nearer to, or to perform audit procedures unannounced or at unpredictable times. Certain audit procedures can be performed only

at or after period end, for example, agreeing the financial statements to the accounting records, or examining adjustments made

during the course of preparing the financial Statements. If there is a risk that the entity may have entered into improper sales

contracts or that transactions may not have been finalized at period end, the auditor should perform procedures to respond to that

specific risk.

ExtenT:

Extent refers to the quantity of a specific audit procedure to be performed, for example, the extent of an audit procedure is

determined by the judgment of the auditor after considering the tolerable misstatement, the assessed risk of material misstatement,

and the degree of assurance the auditor plans to obtain. An auditor may use techniques such as computer-assisted audit

techniques to enable him or her to extensively test electronic transactions and account files. Such techniques can be used to select

sample transactions from key electronic files, to identify transactions with specific characteristics, or to test an entire population

instead of a sample. This Statement regards the use of different audit procedures in combination as an aspect of the nature of

testing as discussed above. However, the auditor should consider whether the extent of testing is appropriate when performing

different audit procedures in combination.

Controls:

The timing of tests of controls depends on the auditor's objective and the period of reliance on those controls. When the auditor

tests controls at a particular time, the auditor may obtain audit evidence that the controls operated effectively only at that time. The

auditor should test controls for the particular time, or throughout the period, for which the auditor intends to rely on those controls.

Audit evidence pertaining only to a point in time may be sufficient for the auditor's purpose,

Conclusion: The auditor's assessment of the identified risks at the relevant assertion level provides a basis for considering the

appropriate audit approach for designing and performing further audit procedures. In some cases, the auditor may determine that

performing only substantive procedures is appropriate for specific relevant assertions and risks. In those circumstances, the auditor

may exclude the effect of controls from the relevant risk assessment