©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Materiality and Risk Chapter 9

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Auditing Definition Auditing reduces information risk to a socially acceptable level. To accomplish this, Set materiality (yardstick) Manage risks.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Materiality The auditor’s responsibility is to determine whether financial statements are materially misstated. If there is a material misstatement, the auditor will bring it to the client’s attention so that a correction can be made.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Materiality Information is material when it is likely to influence the economic decisions of financial statement users. Planning materiality (preliminary judgment) is the largest amount of uncorrected dollar misstatement that could exist in published financial statements and still fairly present financial statements in conformity with GAAP. Tolerable misstatement is the amount an account can be off and still be considered fairly stated.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Steps in Applying Materiality Step 1 Set preliminary judgment about materiality. Step 2 Allocate preliminary judgment about materiality to segments. Planning extent of tests

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Steps in Applying Materiality Step 3 Estimate total misstatement in segment. Step 4 Estimate the combined misstatement. Evaluating results Compare combined estimate with judgment about materiality. Step 5

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Auditor’s use materiality to: Plan the audit, directing attention, determining the nature, timing and extent of procedures to be performed. Evaluate the evidence, something to measure against Guide for decisions about audit report Planning Materiality is determined prior to evidence gathering

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Determining What’s Material Not required to define materiality as a specific dollar amount. Rule of thumb for materiality is under 5% is not material where over 10% would be material. Auditor’s judgment determines materiality

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Factors that affect auditor’s judgement on materiality Absolute size - half a million Relative size - in relation to F/S such as 5% of net income. Qualitative aspects (nature) - management fraud v.s. employee fraud Circumstances - what will F/S be used for, how widely published Uncertainty - lower materiality level because of risk of being wrong. Cumulative error - errors may accumulate into a material error

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Preliminary Assessment of Materiality Helps the auditor avoid surprises such as:  Not auditing enough - litigation  Auditing too much - costly  Fine tunes the audit for effectiveness and efficiency.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Assigning Materiality to Accounts Top Down, define total materiality and divide amongst the accounts Bottoms-up, assign materiality to each account and add the amounts to get total materiality for the F/S. The amount assigned to the account is the tolerable misstatement.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Allocate Preliminary Judgment About Materiality to Segments This is necessary because evidence is accumulated by segments rather than for the financial statements as a whole. Most practitioners allocate materiality to balance sheet accounts. SAS 39 (AU 350)

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Estimated Total Misstatement Example Net misstatement of the sample $3,500 ÷ $50,000 × $450,000 = $31,500 Total sampled Total recorded population value Direct projection estimate of misstatement × ÷ =

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Example of Estimate for Sampling Error Tolerable Direct Sampling Account Misstatement Projection Error Total Cash$ 4,000$ 0$ N/A$ 0 Accounts receivable 20,000 12,000 6,000* 18,000 Inventory 36,000 31,500 15,750* 47,250 Total estimated misstatement amount$43,500$16,800$60,300 Preliminary judgment about materiality$50,000 *estimate for sampling error is 50%

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Analytical Procedures can help determine materiality Mathematical analysis of the F/S Required as part of planning and review for an audit. Attention Directing Helps to reduce risk.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Risk Auditors accept some level of risk in performing the audit. An effective auditor recognizes that risks exist, are difficult to measure, and require careful thought to respond. Responding to risks properly is critical to achieving a high-quality audit.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Managing Risk using the Model Audit Risk = Inherent Risk x Control Risk x Detection Risk AR = IR x CR x DR

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Inherent Risk The risk that material misstatements have entered the accounting system. Based on type of business, environment, type of management, etc. What errors could occur?

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Control Risk Control risk is the probability that the client’s internal control activities will fail to detect material misstatements. What has client done to mitigate inherent risks?

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Detection Risk The probability that audit procedures will fail to produce evidence of material misstatements. This is the only part of the risk model the auditor controls by planning the nature, timing and extent of audit procedures.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Audit Risk The risk that an auditor will issue an inappropriate opinion. Manage audit risk by Evaluating the client’s inherent and control risk Adjusting audit procedures (detection risk)

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Who Controls the Risks The auditor controls the audit risk by controlling detection risk. Inherent and control risk are controlled by the client and the business the client is in.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Anchoring Anchoring is the auditor using a carryover view of the client's internal control structure from previous audits. How does this affect the audit?

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Inherent Risk is affected by Economic conditions such as asset valuations, offsetting assets and liabilities, changes in deferral policies, compliance with covenants. Complexity of transactions. Type of business, type of ownership, size of business Relative risk, some accounts are riskier than others.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Major Factors When Assessing Inherent Risk Nature of the client’s business Results of previous audits Initial versus repeat engagement Related parties Nonroutine transactions Judgment – correctly record account balances and transactions Makeup of the population

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Planning the Audit The auditor uses the knowledge of the client’s business to make preliminary assessments of the client’s inherent and control risk. These are preliminary risk assessments prior to gathering evidence. Risk is updated throughout the audit as needed based on the findings.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Audit Risk Overall The probability of giving an incorrect opinion on financial statements as a whole. On an individual item like accounts receivable, it is the risk that a material misstatement occurs beyond an acceptable level. Acceptable level is defined by materiality

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Risk and Evidence Auditors gain an understanding of the client’s business and industry and assess client business risk. Auditors use the audit risk model to further identify the potential for misstatements and where they are most likely to occur.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Example of Differing Evidence Among Cycles Sales and Collection Cycle Acquisition and Payment Cycle Payroll and Personnel Cycle Inherent risk Control risk Acceptable audit risk Planned detection risk A B C D mediumhighlow mediumlow medium high

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Example of Differing Evidence Among Cycles Inventory and Warehousing Cycle Capital Acquisition and Repayment Cycle Inherent risk Control risk Acceptable audit risk Planned detection risk A B C D highlow highmedium low medium

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Audit Risk Model for Planning PDR = AAR ÷ (IR × CR) PDR = Planned detection risk AAR = Acceptable audit risk IR = Inherent risk CR = Control risk

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Impact of Engagement Risk on Acceptable Audit Risk Auditors decide engagement risk and use that risk to modify acceptable audit risk. Engagement risk closely relates to client business risk.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Factors Affecting Acceptable Audit Risk The degree of which external users rely on the statements The degree of which external users rely on the statements The likelihood that a client will have financial difficulties after the audit report is issued

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Factors Affecting Acceptable Audit Risk The auditor’s evaluation of management’s integrity

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Making the Acceptable Audit Risk Decision Methods to Assess Risk External users reliance on financial statements Examine financial statements. Read minutes of the board. Examine form 10K. Discuss financing plans with management. Factors

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Making the Acceptable Audit Risk Decision Methods to Assess Risk Likelihood of financial difficulties Analyze financial statements for difficulties using ratios. Examine inflows and outflows of cash flow statements. Factors Management integrity See Chapter 8 for client acceptance and continuance.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley SAS 99: Consideration of Fraud in a Financial Statement Audit

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Overall Requirement An audit should be planned and performed to obtain reasonable assurance about whether the financial statements are free of material misstatements, whether caused by error or fraud. An audit requires due professional care, which in turn requires that the auditor exercise professional skepticism.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Causes of Misstatements Causes Errors Fraud Fraudulent Misappropriation Financial of Assets Reporting

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Two Types of Fraud Considered in an Audit Fraudulent financial reporting (“cooking the books”)--examples Falsification of accounting records Omissions of transactions Misappropriation of assets--examples: Theft of assets Fraudulent expenditures

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Professional Skepticism An attitude that includes a questioning mind and a critical assessment of audit evidence The engagement should be conducted recognizing possibility of material misstatement due to fraud An auditor should not be satisfied with less than persuasive evidence

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Terminology Simplification To simplify the display, we will abbreviate the term used in the standard “risk of material misstatement due to fraud” as follows: Risk of material misstatement= Risk of fraud due to fraud

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Fraud Conditions (“Fraud Triangle”) Incentive (Pressure) Opportunity Rationalization (Attitude)

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Examples of Risks Factors for Fraudulent Reporting 1. Incentives/Pressures Financial stability or profitability is threatened by economic, industry, or entity operating conditions. Excessive pressure exists for management to meet debt requirements. Personal net worth is materially threatened.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Examples of Risks Factors for Fraudulent Reporting 2. Opportunities There are significant accounting estimates that are difficult to verify. There is ineffective oversight over financial reporting. High turnover or ineffective accounting internal audit, or information technology staff exists.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Examples of Risks Factors for Fraudulent Reporting 3. Attitudes/Rationalization Inappropriate or inefficient communication and support of the entity’s values is evident. A history of violations of laws is known. Management has a practice of making overly aggressive or unrealistic forecasts.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Steps involved in Considering the Risk of Fraud 1. Staff discussion 2. Obtain information needed to identify risks 3. Identify risks 4. Assess identified risks 5. Respond to results of assessment 6. Evaluate audit evidence 7. Communicate about fraud 8. Document consideration of fraud

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Step 1—Staff Discussion of the Risk of Fraud Brainstorm Consider how and where financial statements might be susceptible to fraud Exercise professional skepticism

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Step 2—Obtain information needed to identify risk of fraud Inquiries of management, the audit committee, internal auditors and others Consider results of analytical procedures Consider fraud risk factors Consider other information

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Step 3—Identify Risks that may Result in Fraud and Consider Type of risk Significance of risk (magnitude) Likelihood of Risk Pervasiveness of risk

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Step 4—Assess the identified risks after considering programs and controls Consider understanding of internal control Evaluate whether programs and controls address the identified risks Assess risks taking into account this evaluation

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Step 5—Respond to Results of the Assessment As risk increases Overall responses More experienced staff More attention to accounting policies Less predictable procedures Specific responses Consider need to increase evidence by altering the nature, timing and extent of audit procedures

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Step 5—Respond to Results of the Assessment (concluded) On all audits, the auditor should consider the possibility of management override of controls and examine: Adjusting journal entries Accounting estimates Unusual significant transactions

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Step 6—Evaluate Audit Evidence Assess risk of fraud throughout the audit Evaluate analytical procedures performed as substantive tests and at overall review stage Evaluate risk of fraud near completion of fieldwork Respond to misstatements

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Step 7—Communicate about Fraud Communicate All fraud to an appropriate level of management All management fraud to audit committee All material fraud to management and audit committee Determine if reportable conditions related to internal control have been identified; communicate them to the audit committee

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Document Consideration of Fraud Document steps 1 -7 Staff discussion Information used to identify risk of fraud Fraud risks identified Assessed risks after considering programs and controls Results of assessment of fraud risk Evaluation of audit evidence Communications requirements If improper revenue recognition was not considered a risk, why it wasn’t

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Relationship of Risk Factors, Risk, and Evidence Factors Influencing Risks Acceptable audit risk Planned detection risk Planned audit evidence Inherent risk Control risk I D I ID I D D = Direct relationship; I = Inverse relationship

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Changing the Audit in Response to Risk The engagement may require more experienced staff. The engagement will be reviewed more carefully than usual.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Audit Risk for Segments Both control risk and inherent risk are typically set for each cycle, each account, and often even each audit objective, not for the overall audit.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Relating Risk of Fraud to Risk Model Components The risk of fraud can be assessed for the entire audit or by cycle, account, and objective. Specific response could include revising assessments of acceptable audit risk, inherent risk, and control risk.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Tolerable Misstatement, Risks, and Balance-related Objectives It is common to assess inherent and control risk for each balance-related audit objective. It is not common to allocate materiality to objectives.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Measurement Limitations One major limitation in the application of the audit risk model is the difficulty of measuring the components of the model.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Relationships of Risk to Evidence AcceptablePlannedAmount of AuditInherentControlDetectionEvidence SituationRiskRiskRiskRiskRequired 1HighLowLowHighLow 2LowLowLowMediumMedium 3LowHighHighLowHigh 4MediumMediumMediumMediumMedium 5HighLowMediumMediumMedium

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Tests of Details of Balances Evidence Planning Worksheet Auditors develop various types of worksheets to aid in relating the considerations affecting audit evidence to the appropriate evidence to accumulate.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Revising Risks and Evidence The audit risk model is primarily a planning model and is therefore of limited use in evaluating results. Great care must be used in revising the risk factors when the actual results are not as favorable as planned.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley End of Chapter 9