Chapter 9 Materiality and Risk

1
Chapter 9Materiality and Risk
2
Presentation Outline

• Steps in Applying Materiality
• Risk in Auditing
• Planning Model Relationships
• Evaluating Results

3
I. Steps in Applying Materiality
4
Step 1 in Applying Materiality

• Set preliminary judgment about materiality.

• Permissible misstatements are often less for
  smaller clients.
• Although the FASB and AICPA are unwilling to
  provide specific materiality guidelines to
  practitioners, bases are needed for evaluating
  materiality. See Figure 9-2 on page 235.
• Qualitative factors can affect materiality. See
  factors on pages 234-235.

The preliminary judgment about materiality is the
maximum amount the auditor believes the
statements could be misstated and still
not affect the decisions of reasonable users.
Decided early in audit.
5
Step 2 in Applying Materiality

• Allocate preliminary judgment about materiality
  to segments.

• Most practitioners allocate materiality to
  balance sheet rather than income statement
  accounts. This is because most income statement
  misstatements have an equal effect on the balance
  sheet because of the double-entry bookkeeping
  system.
• The sum of the tolerable misstatement is allowed
  to exceed overall materiality because (1) it is
  unlikely that all accounts will be misstated by
  the full amount of tolerable misstatement, and
  (2) some accounts are overstated while others are
  understated, resulting in a net amount that is
  likely to be less than overall materiality.

An allocation is necessary because evidence is
accumulated by segments rather than the financial
statements taken as a whole. The allocation to
account balances is known as the tolerable
misstatement.
6
Illustration of Tolerable Misstatement Allocation
for Current Assets
Tolerable Account Misstatement
Cash 4,000 Accounts receivable
20,000 Inventory 36,000 Preliminary
judgment about materiality 50,000
7
Step 3 in Applying Materiality

• Estimate total misstatement in segment.

One way to calculate the estimate of misstatement
is to make a direct projection from the sample
to the population.
8
Illustration of Estimating Total Misstatement in
Segment
Tolerable Direct Sampling Account
Misstatement Projection Error
Total Cash 4,000 0 N/A
0 Accounts receivable 20,000 12,000
6,000 18,000 Inventory 36,000
31,500 15,750 47,250 Preliminary judgment
about materiality 50,000 estimate for sampling
error is 50
9
Step 4 in Applying Materiality
Estimate the combined misstatement.
Tolerable Direct Sampling Account
Misstatement Projection Error
Total Cash 4,000 0 N/A
0 Accounts receivable 20,000 12,000
6,000 18,000 Inventory 36,000
31,500 15,750 47,250 Total estimated
misstatement amount 43,500 16,800 60,300 Pr
eliminary judgment about materiality 50,000 e
stimate for sampling error is 50
10
Step 5 in Applying Materiality
Compare combined estimate with preliminary or
revised judgment about materiality.
Tolerable Direct Sampling Account
Misstatement Projection Error
Total Cash 4,000 0 N/A
0 Accounts receivable 20,000 12,000
6,000 18,000 Inventory 36,000
31,500 15,750 47,250 Total estimated
misstatement amount 43,500 16,800 60,300 Pr
eliminary judgment about materiality 50,000 e
stimate for sampling error is 50
Because the estimated combined misstatement
exceeds the preliminary judgment, the financial
statements are not acceptable. The auditor may
perform additional audit procedures to
reevaluate the estimate, or require adjustment
for the estimated misstatements.
11
II. Risk in Auditing

• Components of Audit Risk
• Acceptable Audit Risk
• Inherent Risk
• Control Risk
• Planned Detection Risk

12
A. Components of Audit Risk
Susceptibility of an assertion to material
misstatement assuming no related internal
controls.
Inherent Risk (IR)
Total misstatement
-
Risk of misstatements not being detected by
system of internal control.
Caught by internal controls
Control Risk (CR)
-
Detection Risk (DR)
Caught by auditor
Risk of misstatements not being detected by the
auditor.

Audit Risk (AR)
Undetected misstatement
Misstatement that remains undetected by the
auditor.
13
B. Acceptable Audit Risk
The following factors mean that audit risk should
be kept lower

• Reliance by External Users
• Likelihood of Financial Failure
• Integrity of Management

14
1. Reliance by External Users

• When external users place heavy emphasis on the
  financial statements, acceptable audit risk
  should be kept low. The following generally
  results in more users of the financial
  statements
• Larger clients
• Publicly held corporations
• Extensive use of liabilities

15
2. Likelihood of Financial Failure

• There is a greater chance of having to defend the
  quality of the audit when there is a financial
  failure. Failure indicators include
• Shortage of funds
• Declining net income or continued losses
• Risky industries such as technology
• Management lacking competency to deal with
  financial difficulties

16
3. Integrity of Management

• If a client has questionable integrity, the
  auditor is likely to assess acceptable audit risk
  lower. Indications of integrity problems
  include
• Frequent disagreements with prior auditors, the
  IRS, and/or SEC
• Frequent turnover of key financial and internal
  audit personnel
• Ongoing conflicts with labor unions and employees

17
C. Inherent Risk

• Nature of the Clients Business
• Results of Previous Audits
• Initial vs. Repeat Engagement
• Related Parties
• Nonroutine Transactions
• Judgment Required
• Make-up of the Population

18
1. Nature of the Clients Business

• Inherent risk is likely to vary from business to
  business for accounts such as inventory, accounts
  and loans receivable, and property, plant, and
  equipment.
• The nature of the business should have little
  effect on cash, notes payable, and mortgages
  payable.

19
2. Results of Previous Audits

• Misstatements found in the previous years audit
  have a high likelihood of occurring again.
• Many types of misstatements are systematic in
  nature, and organizations are slow in making
  changes to eliminate them.

20
3. Initial vs. Repeat Engagement

• Most auditors use a larger inherent risk for
  initial audits than for repeat engagements in
  which no material misstatements had been found.

21
4. Related Parties

• Examples of related party transactions are those
  between parent and subsidiary companies, and
  management or owners and the company.
• Increases inherent risk because there is a
  greater likelihood of misstatement.

22
5. Nonroutine Transactions

• Transactions that are unusual for the client are
  more likely to be recorded incorrectly.
• Examples include fire losses, major property
  acquisitions, etc.

23
6. Judgment Needed

• Many account balances require estimates and a
  great deal of management judgment including
• Uncollectible accounts receivable
• Obsolete inventory
• Warranty liabilities

24
7. Make-up of the Population

• Accounts receivable where most accounts are
  significantly overdue
• Transactions with related parties
• Disbursements made payable to cash
• Inventory with a slow turnover

25
D. Control Risk

• There are two basic phases to an auditors
  evaluation of control risk
• Obtain an understanding of internal control.
  This phase applies to all audits.
• Test the internal controls for effectiveness.
  This phase only applies when the auditor chooses
  to assess control risk at below the maximum.

26
E. Planned Detection Risk

• The auditor can reduce planned detection risk by
  performing more substantive testing.

27
III. Planning Model Relationships

• Acceptable Audit Risk Relationships
• Inherent Risk Relationships
• Control Risk Relationships
• The Overall Relationship of Components in
  Planning the Audit Process
• The Audit Risk Model for Planning

28
A. Acceptable Audit Risk Relationships

• Acceptable audit risk is the risk that the
  auditor is willing to take of giving an
  unqualified opinion when the financial statements
  are materially misstated.
• As acceptable audit risk increases, the auditor
  is willing to collect less evidence (inverse) and
  therefore accept a higher detection risk (direct).

29
B. Inherent Risk Relationships

• Inherent risk is the susceptibility of an
  assertion to material misstatement assuming no
  related internal controls.
• As inherent risk increases, the auditor must
  reduce detection risk (inverse) by collecting
  more audit evidence (direct).

30
C. Control Risk Relationships
Planned detection risk
Planned audit evidence
I
D
Control risk

• Control risk is the risk of misstatements not
  being detected by the clients system of internal
  control.
• As control risk increases, the auditor must
  reduce detection risk (inverse) by collecting
  more audit evidence (direct).

31
D. The Overall Relationship of Components in
Planning the Audit Process
Acceptable audit risk
D
I
D
Inherent risk
Planned detection risk
Planned audit evidence
I
I
I
I
D
Control risk
Tolerable misstatement
D Direct relationship I Inverse relationship
32
E. The Audit Risk Modelfor Planning
PDR AAR (IR CR)
Where
PDR Planned detection risk
AAR Acceptable audit risk
IR Inherent risk
CR Control risk
33
IV. Evaluating Results

• Audit Risk Model for Evaluating Results
• Reducing Achieved Audit Risk
• Revising Risks and Evidence

34
A. Audit Risk Model for Evaluating Results
AcAR IR CR AcDR
Where
AcAR Achieved audit risk
AcDR Achieved detection risk
IR Inherent risk
CR Control risk
35
B. Reducing Achieved Audit Risk

• The audit risk model for evaluating results is
  stated in SAS 47. Research subsequent to the
  issuance of SAS 47 has shown that it is not
  appropriate to uses this evaluation formula as
  originally intended. However, the model does
  show three possible ways to reduce achieved audit
  risk to an acceptable level.
• Reduce inherent risk not feasible unless new
  facts are uncovered during the audit process.
• Reduce control risk may be possible to
  reevaluate control risk to a lower level by
  conducting more tests of internal controls.
• Reduce achieved detection risk can be achieved
  by larger sample sizes and/or additional audit
  procedures.

36
C. Revising Risks and Evidence

• Great care must be used when revising the risk
  factors when the actual results are not as
  favorable as planned.
• When the auditor concludes that the original
  assessment of control risk or inherent risk was
  understated or acceptable audit risk was
  overstated, a two step approach should be used
• The auditor must revise the original assessment
  of the appropriate risk.
• The auditor should consider the effect of the
  revision on evidence requirements , without the
  use of the audit risk model. Research shows that
  using the model in the evaluation stage often
  results in an insufficient increase of evidence.

37
Summary
Audit Process

• Applying Materiality
• Risk and Audit Planning
• Evaluating Results

Risk
Internal Control