Chapter 9 Materiality and Risk

Audit Risk
CPA

9-1

Presentation Outline
Steps in Applying Materiality II. Risk in Auditing III. Planning Model Relationships IV. Evaluating Results I.

9-2

9-3

Step 1 in Applying Materiality

Set preliminary judgment about materiality.

Permissible misstatements are often less for smaller clients. Although the FASB and AICPA are unwilling to provide specific materiality guidelines to practitioners, bases are needed for evaluating materiality. See Figure 9-2 on page 235. Qualitative factors can affect materiality. See factors on pages 234-235.

The preliminary judgment about materiality is the maximum amount the auditor believes the statements could be misstated and still not affect the decisions of reasonable users. Decided early in audit. 9 - 4

Step 2 in Applying Materiality

Allocate preliminary judgment about materiality to segments.
Most practitioners allocate materiality to balance sheet rather than income statement accounts. This is because most income statement misstatements have an equal effect on the balance sheet because of the double-entry bookkeeping system. The sum of the tolerable misstatement is allowed to exceed overall materiality because (1) it is unlikely that all accounts will be misstated by the full amount of tolerable misstatement, and (2) some accounts are overstated while others are understated, resulting in a net amount that is likely to be less than overall materiality. An allocation is necessary because evidence is accumulated by segments rather than the financial statements taken as a whole. The allocation to account balances is known as the tolerable misstatement. 9-5

Illustration of Tolerable Misstatement Allocation for Current Assets

Tolerable Misstatement $ 4,000 20,000 36,000

Account Cash Accounts receivable Inventory

Preliminary judgment about materiality

$50,000

9-6

Step 3 in Applying Materiality

Estimate total misstatement in segment.
$3,500 net misstatement of the inventory sample

$50,000 total inventory sampled $450,000 total recorded population value for inventory

$31,500 direct projection estimate of misstatement

$3,500 $50,000 $450,000 = $31,500

One way to calculate the estimate of misstatement is to make a direct projection from the sample to the population.
9-7

Illustration of Estimating Total Misstatement in Segment

Tolerable Direct Sampling Misstatement Projection Error Total $ 4,000 $ 0 $ N/A $ 0 20,000 12,000 6,000* 18,000 36,000 31,500 15,750* 47,250

Account Cash Accounts receivable Inventory

Preliminary judgment about materiality $50,000 *estimate for sampling error is 50%

9-8

Step 4 in Applying Materiality

Estimate the combined misstatement.

Account Cash Accounts receivable Inventory Total estimated misstatement amount Preliminary judgment about materiality $50,000 *estimate for sampling error is 50%

Tolerable Direct Sampling Misstatement Projection Error Total $ 4,000 $ 0 $ N/A $ 0 20,000 12,000 6,000* 18,000 36,000 31,500 15,750* 47,250
$43,500 $16,800 $60,300

9-9

Step 5 in Applying Materiality

Compare combined estimate with preliminary or revised judgment about materiality.
Account Cash Accounts receivable Inventory Total estimated misstatement amount $43,500 $16,800 $60,300 Preliminary judgment about materiality $50,000 *estimate for sampling error is 50% Because the estimated combined misstatement exceeds the preliminary judgment, the financial statements are not acceptable. The auditor may perform additional audit procedures to reevaluate the estimate, or require adjustment for the estimated misstatements. 9 - 10
Tolerable Direct Sampling Misstatement Projection Error Total $ 4,000 $ 0 $ N/A $ 0 20,000 12,000 6,000* 18,000 36,000 31,500 15,750* 47,250

II. Risk in Auditing

A. Components of Audit Risk B. Acceptable Audit Risk C. Inherent Risk D. Control Risk E. Planned Detection Risk

Audit Risk

9 - 11

A. Components of Audit Risk

Total misstatement

Inherent Risk (IR)

Susceptibility of an assertion to material misstatement assuming no related internal controls. Risk of misstatements not being detected by system of internal control. Risk of misstatements not being detected by the auditor. Misstatement that remains undetected by the auditor.

Caught by internal controls

Control Risk (CR)

Caught by auditor

Detection Risk (DR) Audit Risk (AR)

=
Undetected misstatement

B. Acceptable Audit Risk

Audit
Risk

The following factors mean that audit risk should be kept lower: 1. Reliance by External Users 2. Likelihood of Financial Failure 3. Integrity of Management 9 - 13

1. Reliance by External Users

When external users place heavy emphasis on the financial statements, acceptable audit risk should be kept low. The following generally results in more users of the financial statements: Larger clients Publicly held corporations Extensive use of liabilities
9 - 14

2. Likelihood of Financial Failure

There is a greater chance of having to defend the quality of the audit when there is a financial failure. Failure indicators include: Shortage of funds Declining net income or continued losses Risky industries such as technology Management lacking competency to deal with financial difficulties
9 - 15

3. Integrity of Management
If a client has questionable integrity, the auditor is likely to assess acceptable audit risk lower. Indications of integrity problems include: Frequent disagreements with prior auditors, the IRS, and/or SEC Frequent turnover of key financial and internal audit personnel Ongoing conflicts with labor unions and employees
9 - 16

C. Inherent Risk
1. Nature of the Clients Business 2. Results of Previous Audits 3. Initial vs. Repeat Engagement 4. Related Parties 5. Nonroutine Transactions 6. Judgment Required 7. Make-up of the Population

9 - 17

1. Nature of the Clients Business

Rickys Electronics

Inherent risk is likely to vary from business to business for accounts such as inventory, accounts and loans receivable, and property, plant, and equipment. The nature of the business should have little effect on cash, notes payable, and mortgages payable.

9 - 18

2. Results of Previous Audits

Misstatements found in the previous years audit have a high likelihood of occurring again. Many types of misstatements are systematic in nature, and organizations are slow in making changes to eliminate them.
9 - 19

3. Initial vs. Repeat Engagement

Most auditors use a larger inherent risk for initial audits than for repeat engagements in which no material misstatements had been found.

9 - 20

4. Related Parties
Examples of related party transactions are those between parent and subsidiary companies, and management or owners and the company. Increases inherent risk because there is a greater likelihood of misstatement.

9 - 21

5. Nonroutine Transactions

Transactions that are unusual for the client are more likely to be recorded incorrectly. Examples include fire losses, major property acquisitions, etc.

9 - 22

6. Judgment Needed
Many account balances require estimates and a great deal of management judgment including: Uncollectible accounts receivable Obsolete inventory Warranty liabilities
9 - 23

7. Make-up of the Population

Accounts receivable where most accounts are significantly overdue Transactions with related parties Disbursements made payable to cash Inventory with a slow turnover

9 - 24

D. Control Risk
There are two basic phases to an auditors evaluation of control risk: 1. Obtain an understanding of internal control. This phase applies to all audits. 2. Test the internal controls for effectiveness. This phase only applies when the auditor chooses to assess control risk at below the maximum.

9 - 25

E. Planned Detection Risk

The auditor can reduce planned detection risk by performing more substantive testing. Increased audit evidence

Lower Detection Risk

9 - 26

III. Planning Model Relationships

A. Acceptable Audit Risk Relationships B. Inherent Risk Relationships C. Control Risk Relationships D. The Overall Relationship of Components in Planning the Audit Process E. The Audit Risk Model for Planning

9 - 27

A. Acceptable Audit Risk Relationships

Acceptable audit risk

Direct

Inverse

Planned detection risk

Planned audit evidence

Acceptable audit risk is the risk that the auditor is willing to take of giving an unqualified opinion when the financial statements are materially misstated. As acceptable audit risk increases, the auditor is willing to collect less evidence (inverse) and therefore accept a higher detection risk (direct). 9 - 28

B. Inherent Risk Relationships

D

Inherent risk

Planned detection risk

Planned audit evidence

Inherent risk is the susceptibility of an assertion to material misstatement assuming no related internal controls. As inherent risk increases, the auditor must reduce detection risk (inverse) by collecting more audit evidence (direct).

9 - 29

C. Control Risk Relationships

Planned detection risk Planned audit evidence
D

Control risk

Control risk is the risk of misstatements not being detected by the clients system of internal control. As control risk increases, the auditor must reduce detection risk (inverse) by collecting more audit evidence (direct).
9 - 30

D. The Overall Relationship of Components in Planning the Audit Process Acceptable audit risk Inherent risk Control risk
I

Planned detection risk

I

Planned audit evidence

D I

Tolerable misstatement
D = Direct relationship; I = Inverse relationship
9 - 31

E. The Audit Risk Model for Planning

PDR = AAR (IR CR)

PDR = Planned detection risk

AAR = Acceptable audit risk

IR = Inherent risk
CR = Control risk
9 - 32

IV. Evaluating Results

A. Audit Risk Model for Evaluating Results B. Reducing Achieved Audit Risk C. Revising Risks and Evidence
9 - 33

A. Audit Risk Model for Evaluating Results

AcAR = IR CR AcDR

AcAR = Achieved audit risk

AcDR = Achieved detection risk

IR = Inherent risk
CR = Control risk
9 - 34

B. Reducing Achieved Audit Risk

The audit risk model for evaluating results is stated in SAS 47. Research subsequent to the issuance of SAS 47 has shown that it is not appropriate to uses this evaluation formula as originally intended. However, the model does show three possible ways to reduce achieved audit risk to an acceptable level.
Reduce inherent risk not feasible unless new facts are uncovered during the audit process. Reduce control risk may be possible to reevaluate control risk to a lower level by conducting more tests of internal controls. Reduce achieved detection risk can be achieved by larger sample sizes and/or additional audit procedures.
9 - 35

C. Revising Risks and Evidence

Great care must be used when revising the risk factors when the actual results are not as favorable as planned. When the auditor concludes that the original assessment of control risk or inherent risk was understated or acceptable audit risk was overstated, a two step approach should be used:
1. The auditor must revise the original assessment of the appropriate risk. 2. The auditor should consider the effect of the revision on evidence requirements , without the use of the audit risk model. Research shows that using the model in the evaluation stage often results in an insufficient increase of evidence. 9 - 36

Summary
Audit Process Applying Materiality Risk and Audit Planning Evaluating Results

Risk

Internal Control
9 - 37