A risk assessment is carried out by auditor to identify financial statement areas susceptible to material misstatement and provides a basis for designing and performing further audit procedures.
I. HOW TO IDENTIFY AUDIT RISKS
A competent auditor needs to be able to identify those risks that may lead to a misstatement in the financial statements.
If an auditor does not maintain a focus on those risks that may lead to a misstatement in the financial statements, the audit will be a very long process and not at all efficient.
II. OVERALL AUDIT RISK
Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. It is a function of the risk of material misstatement (inherent risk and control risk) and the risk that the auditor will not detect such misstatement (detection risk).
Audit risk has two major components. One is dependent on the entity, and is the risk of material misstatement arising in the financial statements (inherent risk and control risk). The other is dependent on the auditor, and is the risk that the auditor will not detect material misstatements in the financial statements (detection risk).
Inherent risk
Inherent risk is the susceptibility of an assertion to a misstatement that could be material individually or when aggregated with other misstatements, assuming there were no related internal controls.
Control risk
Control risk is the risk that a material misstatement, that could occur in an assertion and that could be material, individually or when aggregated with other misstatements, will not be prevented or detected and corrected on a timely basis by the entity’s internal control.
Detection risk
Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, individually or when aggregated with other misstatements.
One way to decrease detection risk is to increase sample sizes.
Although increasing sample sizes or doing more work can help to reduce detection risk, the following actions can also improve the effectiveness and application of procedures and therefore help to reduce detection risk:
Adequate planning
Assignment of more experienced personnel to the engagement team
The application of professional scepticism
Increased supervision and review of the audit work performed
III. RISK ASSESSMENT
It requires a discussion among team members that places particular emphasis on how and where the financial statements may be susceptible to fraud.
Risk assessment procedures to obtain information in identifying the risks of material misstatement due to fraud shall include the following:
1. Inquiries of management regarding:
Management’s assessment of the risk that the financial statements may be misstated due to fraud
Management’s process for identifying and responding to the risk of fraud
Management’s communication to those charged with governance in respect of its process for identifying and responding to the risk of fraud
Management’s communication to employees regarding its views on business practices and ethical behavior
Knowledge of any actual, suspected or alleged fraud
2. Inquiries of internal audit for knowledge of any actual, suspected or alleged fraud, and its views on the risks of fraud
3. Obtaining an understanding of how those charged with governance oversee management’s processes for identifying and responding to the risk of fraud and the internal control established to mitigate these risks
4. Inquiries of those charged with governance for knowledge of any actual, suspected or alleged fraud
5. Evaluating whether any unusual relationships have been identified in performing analytical procedures that may indicate risk of material misstatement due to fraud
6. Considering whether any other information may indicate risk of material misstatement due to fraud
7. Evaluating whether any fraud risk factors are present
Practical Question
Potential risks relevant to the audit of Hippo
(1) Credit sales. Hippo makes sales on credit. This increases the risk that Hippo’s sales will not be converted into cash. Trade receivables is likely to be a risky area and the auditors will have to consider what the best evidence that customers are going to pay is likely to be.
(2) Related industry. Hippo manufactures bathroom fixtures and fittings. These are sold to wholesalers, but it is possible that Hippo’s ultimate market is the building industry. This is a notoriously volatile industry, and Hippo may find that their results fluctuate too, as demand rises and falls. This suspicion is added to by the bankruptcy of the wholesaler in the year. The auditors must be sure that accounts which present Hippo as a viable company are in fact correct.
(3) Controls. The fact that a major new customer went bankrupt suggests that Hippo did not undertake a very thorough credit check on that customer before agreeing to supply them. This implies that the controls at Hippo may not be very strong.
(4) Variance. The actual results are different from budget. This may be explained by the fact that the major customer went bankrupt, or it may reveal that there are other errors and problems in the reported results, or in the original budget.
(5) Bankrupt wholesaler. There is a risk that the result reported contains balances due from the bankrupt wholesaler, which are likely to be irrecoverable.
Source :
1.BPP University, F8 and FAU
2.Kaplan, Inc., F8 and FAU