An Overview of the Attestation Process and Alternative Risk Models Prof. Joshua Onome Imoniana of Accountancy ACCY405 October 6, 2014

Today’s Objectives Introduction to Module II Overall Theme: Rich client knowledge  Well informed expectations   High quality risk assessments  High quality audits. Discussion of risks and risk models

Announcements Second Professional Lyceum Thursday, March: Deloitte Auditorium, 2pm Speaker: Othon Tavares - Partner

What are We Doing in Module II All about delivering audit quality How do we plan audits to obtain reasonable assurance? The audit risk model Strategic systems auditing (SSA) method Application: Real company examples, mini cases

Goals of Attest Engagements Effectiveness Reasonable assurance that no material misstatements in assertions exist. Efficiency Low-cost route to “effectiveness”. Defensible Documentation Alerts supervisors to high-risk areas. Litigation protection: subpoena is possible. PCAOB AS. 3: “Not documented, not done”.

The Basics of Obtaining Reasonable Assurance Requires considerable unstructured & professional judgment with respect to: (1) Risks (2) Evidence (3) Materiality All of these factors interact.

Judgment: What is Material? (PCAOB AS. 11) A material difference is a difference that could affect the decisions of the reasonable decision maker using the financial statement information. Material to whom? What about small misstatements? (PCAOB AS. 14)

What do Auditors do? Auditors give comfort to people who are vulnerable to erroneous, self-interested, and possibly fraudulent financial statements from corporate management. Auditing is a recursive process of evidence-driven, belief- based risk assessment. Think: Why Risk? WHAT IS AUDIT QUALITY?

Attestation Programs Use assertions as building blocks to identify risk (of material misstatement). (1) Existence (2) Completeness (3) Valuation (4) Rights & Obligations (5) Presentation & Disclosure Develop objectives. Develop procedures to gather evidence.

Quality Risk Assessments Rich Knowledge of Clients & Assertions: Given their goals, clients react or fail to react to business risks Or sometimes, despite goals, clients fail to react! These reactions (or failures) affect clients in multi-dimensional ways: Profitability, liquidity & marketability. Employee morale/retention & stakeholder comfort. For some clients, business risks change rapidly.

Risk Assessment What You Expect Risk Assessments What You Observe & E O Low Risk Assessment E O High Risk Assessment

Summary Risk Assessment Assertions Sufficiently Rich Knowledge of Client + Sufficient Experience in Risk Assessment + Specific Targets for Observation (Verification) & Realistic, Knowledge- Laden Expectations Well-Calibrated Risk Assessments Low Audit Risk

Risk Concepts in Auditing Audit Risk (AR) The risk of issuing an incorrect audit opinion (i.e. unqualified/ clean) when the financial statements are materially misstated. Client Business Risk (CBR) The risk that the client will experience adverse outcomes as a result of economic conditions, events, circumstances, or management action/inaction. i.e. the risk that the client will remain viable. Auditor’s Business Risk (ABR) The risk that the audit firm will be exposed to loss from events arising in connection with the financial statements. e.g. litigation, penalties, reputational loss, lack of profitability.

Engagement Risk Model CBRAR ABR

The Audit Risk Model (PCAOB AS. 8) Risk of Material Misstatement (RMM) = IR x CR The risk that the F/S are materially misstated prior to audit. Outside of the control of the auditor. (1) Inherent Risk (IR) The risk that a material misstatement could occur, before the consideration of any internal controls. Example: What industries have low and high inherent risk? (2) Control Risk (CR) The risk that controls present will not prevent, or detect and correct, a material misstatement.

Relationship of the Entity’s Business Risks to the Audit Risk Model Figure 4-1

The Audit Risk Model (PCAOB AS. 8) Detection Risk (DR) The risk that the audit procedures performed by an auditor will fail to detect a material misstatement. Directly controllable by the auditor; the planned level of DR is inversely related to the planned level of evidence needed. Why might an auditor fail? 1. Non-sampling risk: inappropriate audit procedures; appropriate procedures but fail to detect misstatements or misinterpret audit results. 2. Sampling risk: auditor’s conclusion could change if audit procedures were applied to the entire population. The Audit Risk Model: Audit Risk = IR x CR x DR

Using the Audit Risk Model  Set a planned level of audit risk such that an opinion can be issued on the financial statements.  Assess the risk of material misstatement (IR x CR).  Use the Audit Risk Model (and equation) to solve for the appropriate level of detection risk:  Set a planned level of audit risk such that an opinion can be issued on the financial statements.  Assess the risk of material misstatement (IR x CR).  Use the Audit Risk Model (and equation) to solve for the appropriate level of detection risk: AR = IR × CR × DR DR = AR IR × CR Auditors use this level of detection risk to design audit procedures that will reduce audit risk to an acceptably low level CBR & ABR & materiality  AR

Group Activity Changing Risk Conditions

Today’s Objectives Introduction to Module II Overall Theme: Rich client knowledge  Well informed expectations   High quality risk assessments  High quality audits. Discussion of risks and risk models

For Next Class Strategic Systems Auditing (SSA): Audit Evidence & Analytical Procedures Relevant readings for next class: BPS: Chapter 1 MGP: Chapter 5 (including both Advanced Modules) Homework Assignment

Read question Chapter 5 Be ready for Quiz in the next Class