Audit Risk - PowerPoint PPT Presentation

1 / 67
About This Presentation
Title:

Audit Risk

Description:

Audit Risk Risk comes from not knowing what you re doing – PowerPoint PPT presentation

Number of Views:703
Avg rating:3.0/5.0
Slides: 68
Provided by: RayW50
Category:
Tags: audit | paper | risk | working

less

Transcript and Presenter's Notes

Title: Audit Risk


1
Chapter 4
  • Audit Risk
  • Risk comes from not knowing what youre doing
  • "It takes 20 years to build a reputation and five
    minutes to ruin it. If you think about that,
    you'll do things differently."
  • Warren
    Buffet, billionaire investor

3-1
2
Forms of Risk
  • Environmental Risks
  • Capital Availability
  • Regulatory, Political, and Legal
  • Financial Markets and Shareholder Relations
  • Process Risks
  • Operations Risk
  • Empowerment Risk
  • Information Processing / Technology Risk
  • Integrity Risk
  • Financial Risk
  • Information for Decision Making
  • Operational Risk
  • Financial Risk
  • Strategic Risk

3
Risk Analysis

Source Business Risk Assessment. 1998 The
Institute of Internal Auditors
4
Sources of Risk
4-4
5
Enterprise Risk Management (ERM)
  • "process effected by an entity's board of
    directors, management and other personnel,
    applied in strategy setting and across the
    enterprise, designed to identify potential events
    that may affect the entity, and manage risks to
    within its risk appetite, to provide reasonable
    assurance regarding the achievement of entity
    objectives."
  • COSO

6
Enterprise Risk Management
4-6
7
The ERM Framework
  • Entity objectives can be viewed in the
  • context of four categories
  • Strategic
  • Operations
  • Reporting
  • Compliance

8
ERM Framework
  • ERM considers activities at all levels
  • of the organization
  • Entity-Level
  • Division
  • Subsidiary
  • Business Unit

9
Enterprise Risk Management (ERM)
  • Internal Environment
  • Objective Setting
  • Event Identification
  • Risk Assessment
  • Risk Response
  • Control Activities
  • Information Communication
  • Monitoring

10
Internal Environment
  • Establishes a philosophy regarding risk
    management
  • Establishes the entitys risk culture.
  • Considers all other aspects of how the
    organizations actions may affect its risk
    culture.

11
Objective Setting
Applied when management considers risks strategy
in setting objectives Risk Appetite how much
risk management and the board are willing to
accept Risk Tolerance --- acceptable level of
variation around objectives
12
Event Identification
  • Identify those incidents, occurring internally or
    externally, that could affect strategy and
    achievement of objectives.
  • Addresses how internal and external factors
    combine and interact to influence the risk
    profile.

13
Risk Assessment
  • Allows an entity to understand the extent to
    which potential events might impact objectives.
  • Assesses risks from two perspectives
  • - Likelihood
  • - Impact
  • Used to assess risks and is normally also used to
    measure the related objectives.
  • Employs a combination of both qualitative and
    quantitative risk assessment methodologies.
  • Relates time horizons to objective horizons.
  • Assesses risk on both an inherent and a residual
    basis.

14
Risk Response
  • Identifies and evaluates possible responses to
    risk.
  • Evaluates options in relation to entitys risk
    appetite, cost vs. benefit of potential risk
    responses, and degree to which a response will
    reduce impact and/or likelihood.
  • Selects and executes response based on evaluation
    of the portfolio of risks and responses.

15
Control Activities
  • Policies and procedures that ensure risk
    responses, as well as entity directives, are
    carried out.
  • Occur throughout the organization -- all levels
    and in all functions.
  • Include application and general information
    technology controls.

16
Information Communication
  • Management identifies, captures, and communicates
    pertinent information in a form and timeframe
    that enables people to carry out their
    responsibilities.
  • Communication occurs in a broader sense, flowing
    down, across, and up the organization.

17
Monitoring
  • Effectiveness of the other ERM components
    monitored via
  • Ongoing monitoring activities.
  • Separate evaluations.
  • A combination of the two.

18
Engagement Risk
An auditors exposureto financial loss
anddamage toprofessional reputation.
Local audit failure
19
Auditors Risk Responsibilities
  • Audit Riskauditor will give unqualified opinion
    on misstated financial statements
  • Management Fraud Riskmanagement intentionally
    misstates financial statements
  • Fraudulent financial reporting
  • Errors are unintentional misstatements or
    omissions of amounts or disclosures in financial
    statements.
  • Auditors primary responsibility is to design
    procedures to provide reasonable assurance that
    frauds that materially misstate the financial
    statements are detected.

4-19
20
Overview of Types of Fraud Risk
4-20
21
General Categories of Errors and Frauds
  • Invalid transactions are recorded.
  • Valid transactions are omitted from the accounts.
  • Unauthorized transactions are executed and
    recorded.
  • Transaction amounts are inaccurate.
  • Transactions are classified in the wrong
    accounts.
  • Transaction accounting and posting is incorrect.
  • Transactions are recorded in the wrong period.

4-21
22
Audit Risk
The risk that an auditor will issue an
unqualified opinion on materially misstated
financial statements.
23
Audit Risk
  • Risk of
    Material Risk That the
  • Audit Risk Misstatement
    Auditors Fail to

  • the Misstatement
  • Inherent
    Control Detection
  • Risk
    Risk Risk
  • Inherent Risk--Risk of a material misstatement
    occurring in an assertion assuming no related
    internal controls.
  • Control Risk--Risk that a material misstatement
    in an assertion will not be prevented or detected
    on a timely basis by the companys internal
    control.
  • Detection Risk--Risk that the auditors
    procedures will lead them to conclude that a
    material misstatement does not exist in an
    assertion when in fact such misstatement does
    exist.

24
Inherent Risk
  • Factors that affect inherent risk
  • Nature of the client and its environment
  • Nature of the particular financial statement
    element
  • Business characteristics indicative of high
    inherent risk
  • Inconsistent profitability of client
  • Operating results highly sensitive to economic
    factors
  • Going concern problems
  • Large known and likely misstatements detected in
    prior audits
  • Substantial turnover, questionable reputation, or
    inadequate accounting skills of management

25
Control Risk
  • Likelihood that a material misstatement would not
    be caught by the clients internal controls
  • Factors affecting control risk
  • Environment in which the company operates
    (its control environment)
  • Existence (or lack thereof) and effectiveness
    of control activities
  • Monitoring activities (audit committee,
    internal audit function, etc.).

3-25
26
Detection Risk
  • Risk that a material misstatement would not be
    caught by audit procedures
  • Factors Affecting Detection Risk
  • Nature, Timing, and Extent of Audit Procedures
  • Sampling Risk --- Risk of choosing an
    unrepresentative sample.
  • Nonsampling Risk --- Risk that the auditor may
    reach inappropriate conclusions based upon
    available evidence.

3-26
27
Detection Risk and the Nature, Timing, and Extent
of Audit Procedures
Lower Detection Risk Higher Detection Risk
Nature More effective tests. Less effective tests.
Timing Testing performed at year-end. Testing can be performed at Interim.
Extent More tests. Fewer tests.
28
Audit Risk Formula
AR IR CR DR AR
Audit Risk IR Inherent Risk CR Control
Risk DR Detection Risk
29
ARM Concepts
  • Auditor cannot affect inherent risk or control
    risk. The auditor can only assess them.
  • Auditor can only affect detection riskgenerally
    by examining more evidence.
  • Detection risk is inversely related to control
    risk and inherent risk.
  • Detection risk is inversely related to competence
    and reliability of evidence.

3-29
30
Audit Risk
31
Matrix Approach to ARM
4-31
32
Risk Assessment Process
4-32
33
Audit Procedures
Specific actsperformed by the auditorto gather
evidence to determineif specific assertions
arebeing met.
34
Types of Audit Procedures
  • Risk Assessment --- To obtain an understanding
    of the client and its environment, including its
    internal control, to assess the risks of material
    misstatement
  • Tests of Controls --- When appropriate, to test
    the operating effectiveness of controls in
    preventing material misstatements
  • Substantive Tests --- To detect material
    misstatements at relevant assertion level.
    Substantive procedures include (a) analytical
    procedures, (b) tests of details of account
    balances, transactions and disclosures

35
Preliminary Analytic Procedures
RECORDED ACCOUNT BALANCE
ESTIMATED ACCOUNT BALANCE
  • Attention directing
  • Identify potential problem areas
  • An organized approach
  • A standard starting place to start examining the
    financial statements
  • Describe the financial activities
  • Identify unusual changes in relationships in the
    data
  • Ask relevant questions
  • What could be wrong?
  • What legitimate reasons are there for these
    results?
  • Cash flow analysis

4-35
36
Analytical Procedures (1 of 2)
  • Steps
  • Develop expectation of account (or ratio) balance
  • Determine amount of difference that can be
    accepted without investigation
  • Compare the companys account (ratio) with the
    expectation
  • Investigate and evaluate significant differences
  • Developing an Expectation
  • Prior period information
  • Anticipated results
  • Relationships among elements of financial
    information within a period
  • Industry information
  • Relationships between financial information and
    relevant nonfinancial data.

37
Analytical Procedures (2 of 2)
  • Types of Expectations
  • Trend analysis --- analyze changes in accounts of
    a company over time
  • Ratio analysis --- compare relationships between
    two or more financial statement accounts or
    comparisons of account balances to nonfinancial
    data
  • Liquidity (e.g., Current Ratio)
  • Leverage (e.g., Debt to Equity)
  • Profitability (e.g., Gross Profit Percentage)
  • Activity (e.g., Inventory Turnover)

38
Ratio Analysis Approaches
  • Horizontal --- Review ratios over time
  • Cross Sectional --- Analyze ratios of similar
    firms at a point in time
  • Vertical --- Analyze relationships within a
    period
  • Common size statements prepared
  • Other Methods
  • Regression analysis, reasonableness test

39
Types of Analytical Procedures
Trend Analysis
Ratio Analysis
Reasonableness Analysis
40
Short-Term Liquidity Ratios
Current Ratio
Quick Ratio
Operating Cash Flow Ratio
41
Activity Ratios
Receivables Turnover
Days Outstanding in Accounts Receivable
Inventory Turnover
Days of Inventory on Hand
42
Profitability Ratios
Gross Profit Percentage
Profit Margin
Return on Assets
Return on Equity
43
Coverage Ratios
Debt to Equity
Times Interest Earned
44
Audit Procedures forObtaining Audit Evidence
Inspectionof Records and Documents
Recalculation
Observation
Inquiry
Scanning
Inspectionof TangibleAssets
Confirmation
Reperformance
AnalyticalProcedures
45
Common Audit Procedures
46
Substantive Procedures
  • Analytical Procedures
  • Tests of Details
  • Tests of account balances
  • Tests of classes of transactions
  • Tests of disclosures
  • One may change the scope of audit procedures by
    changing the (NTE, or re-ordered as NET)
  • Nature (type and form)
  • Timing (when performed)
  • Extent (quantity of evidence obtained)

47
Identifying Potential Misstatements
48
Types of Transactions
  • Routine
  • Recurring financial statement activities recorded
    in the accounting records in the normal course of
    business
  • Lower inherent risk
  • Nonroutine
  • Involve activities that occur only periodically
    such as the taking of physical inventories
  • High inherent risk
  • Estimation transactions
  • Activities that create accounting estimates
  • Higher inherent risk

49
Auditing Fair Values -- FABS 157
  • Level 1 inputs of observable quoted prices in
    active markets for identical assets or
    liabilities
  • Level 2 inputs of observable quoted prices,
    generally for similar assets or liabilities in
    active markets
  • Level 3 inputs that are unobservable for the
    assets or liability

50
Related Party Transactions
  • Disclosure requirements must be met
  • Primary challenge --- identifying undisclosed
    Related Party Transactions
  • Determine Related Parties
  • Inquiries of management
  • Review SEC filings, stockholders listings and
    conflict-of-interest statements

51
Basic Approaches to Auditing Accounting Estimates
  • Review and test managements process for
    developing the estimate.
  • Independently develop an estimate to compare to
    managements estimate.
  • Review subsequent events or transactions bearing
    on the estimate.

52
Audit Documentation
Auditors principal record of theaudit
procedures performed, evidence obtained,and
conclusions reached.
53
Purposes of Audit Documentation
  • Nature, Timing and Extent of work performed
  • Professional Judgments
  • Basis for Conclusion
  • Facilitates Planning, Performance and Supervision
  • Provides Basis for Review

54
Sufficiency of Audit Documentation
  • Sufficient to
  • Enable an experienced auditor to understand the
    work performed and the significant conclusions
    reached
  • Identify who performed and reviewed the work
  • Show that the accounting agree or reconcile to
    the financial statements
  • Include all significant audit findings and the
    actions taken to address them

55
Permanent Files
These files are intended to contain data of a
historical or continuing nature pertinent to the
current audit.
56
Current Files
Audit Program
General Information
Working Trial Balance
Adjusting and Reclassification Entries
Supporting Schedules
57
Types of Working Papers
  • Audit Administrative Working Papers
  • Working Trial Balance
  • Lead Schedules
  • Adjusting Journal and Reclassification Entries
  • Supporting Schedules
  • Analysis of a Ledger Account
  • Reconciliations
  • Computational Working Papers
  • Corroborating Documents

58
Characteristics of Good Audit Documentation
  • Heading which includes the clients name,
    explanatory title, and balance sheet date
  • Initials of the auditor who prepared the
    documentation and date completed
  • Initials of the reviewer and date review
    completed
  • Description of the tests performed and the
    findings
  • Assessment of tests which indicate material
    misstatement in an account
  • Tick marks and legend indicating work performed
    by the auditor
  • Index to identify the location of papers
  • Cross-reference to related documentation

59
ORGANIZATION OF WORKING PAPERS
  • Should be organized in such a way that any
    member of the audit team (and others) can find
    the audit evidence that supports each financial
    statement account.

60
(No Transcript)
61
(No Transcript)
62
Format of Audit Documentation
Heading
Client name Title of the working paper Clients
year-end date
Indexing andcross-referencing
Tick marks
63
Audit Documentation Review
  • Hierarchical Review Process
  • Reviewers Include
  • New auditors
  • Supervisory personnel
  • Engagement supervisors and quality reviewers
  • Successor auditor
  • Inspection teams
  • Others including advisors engaged by the audit
    committee or parties to an acquisition

64
Other Issues Related to Audit Documentation
  • Ownership
  • Auditors maintain ownership, even after
    auditor-client relationship is over.
  • Confidentiality
  • Only can be made public with permission, or
    if subpoenaed, or as part of a peer review of
    firm practices, or as part of an ethics
    investigation of firm personnel.
  • Sarbanes-Oxley Act of 2002 requiresaudit
    documentation to be retained for sevenyears from
    the completion date of the engagement.

65
Engagement Completion Document (AS 3)
  • Include all significant findings or issues.
  • Include items identified during interim review.
  • Must have completed all necessary procedures and
    obtained sufficient evidence before report
    release date.
  • Documentation should be complete (documentation
    completion date) no more than 60 days after
    report release date.

66
Documentation Retention (AS 3)
  • Five years from report release date.
  • If no reportfrom last day of fieldwork
  • Additions/Amendments
  • Documentation may not be deleted or discarded
    after report release date.
  • Additions must indicate
  • Date the information was added,
  • Name of preparer
  • Reason

67
End of Chapter 4
Write a Comment
User Comments (0)
About PowerShow.com