Materiality and Risk Chapter 9
Auditing Definition • Auditing reduces information risk to a socially acceptable level. • To accomplish this, • Set materiality (yardstick) • Manage risks.
Materiality The auditor’s responsibility is to determine whether financial statements are materially misstated. If there is a material misstatement, the auditor will bring it to the client’s attention so that a correction can be made.
Materiality • Information is material when it is likely to influence the economic decisions of financial statement users. • Planning materiality (preliminary judgment) is the largest amount of uncorrected dollar misstatement that could exist in published financial statements and still fairly present financial statements in conformity with GAAP. • Tolerable misstatement is the amount an account can be off and still be considered fairly stated.
Steps in ApplyingMateriality Step 1 Set preliminary judgment about materiality. Planning extent of tests Step 2 Allocate preliminary judgment about materiality to segments.
Steps in ApplyingMateriality Step 3 Estimate total misstatement in segment. Step 4 Estimate the combined misstatement. Evaluating results Step 5 Compare combined estimate with judgment about materiality.
Auditor’s use materiality to: • Plan the audit, directing attention, determining the nature, timing and extent of procedures to be performed. • Evaluate the evidence, something to measure against • Guide for decisions about audit report Planning Materiality is determined prior to evidence gathering
Determining What’s Material • Not required to define materiality as a specific dollar amount. • Rule of thumb for materiality is under 5% is not material where over 10% would be material. • Auditor’s judgment determines materiality
Factors that affect auditor’s judgement on materiality • Absolute size - half a million • Relative size - in relation to F/S such as 5% of net income. • Qualitative aspects (nature) - management fraud v.s. employee fraud • Circumstances - what will F/S be used for, how widely published • Uncertainty - lower materiality level because of risk of being wrong. • Cumulative error - errors may accumulate into a material error
Preliminary Assessment of Materiality Helps the auditor avoid surprises such as: • Not auditing enough - litigation • Auditing too much - costly • Fine tunes the audit for effectiveness and efficiency.
Assigning Materiality to Accounts • Top Down, define total materiality and divide amongst the accounts • Bottoms-up, assign materiality to each account and add the amounts to get total materiality for the F/S. • The amount assigned to the account is the tolerable misstatement.
Allocate Preliminary Judgment About Materiality to Segments This is necessary because evidence is accumulated by segments rather than for the financial statements as a whole. Most practitioners allocate materiality to balance sheet accounts. SAS 39 (AU 350)
Estimated TotalMisstatement Example Net misstatement of the sample ÷ Total sampled × Total recorded population value = Direct projection estimate of misstatement $3,500 ÷ $50,000 × $450,000 = $31,500
Example of Estimatefor Sampling Error Tolerable Direct Sampling AccountMisstatementProjectionErrorTotal Cash $ 4,000 $ 0 $ N/A $ 0 Accounts receivable 20,000 12,000 6,000* 18,000 Inventory 36,000 31,500 15,750* 47,250 Total estimated misstatement amount $43,500 $16,800 $60,300 Preliminary judgment about materiality $50,000 *estimate for sampling error is 50%
Analytical Procedures can help determine materiality • Mathematical analysis of the F/S • Required as part of planning and review for an audit. • Attention Directing • Helps to reduce risk.
Risk Auditors accept some level of risk in performing the audit. An effective auditor recognizes that risks exist, are difficult to measure, and require careful thought to respond. Responding to risks properly is critical to achieving a high-quality audit.
Managing Risk using the Model • Audit Risk = Inherent Risk x Control Risk x Detection Risk • AR = IR x CR x DR
Inherent Risk • The risk that material misstatements have entered the accounting system. • Based on type of business, environment, type of management, etc. • What errors could occur?
Control Risk • Control risk is the probability that the client’s internal control activities will fail to detect material misstatements. • What has client done to mitigate inherent risks?
Detection Risk • The probability that audit procedures will fail to produce evidence of material misstatements. • This is the only part of the risk model the auditor controls by planning the nature, timing and extent of audit procedures.
Audit Risk • The risk that an auditor will issue an inappropriate opinion. • Manage audit risk by • Evaluating the client’s inherent and control risk • Adjusting audit procedures (detection risk)
Who Controls the Risks • The auditor controls the audit risk by controlling detection risk. • Inherent and control risk are controlled by the client and the business the client is in.
Anchoring • Anchoring is the auditor using a carryover view of the client's internal control structure from previous audits. • How does this affect the audit?
Inherent Risk is affected by • Economic conditions such as asset valuations, offsetting assets and liabilities, changes in deferral policies, compliance with covenants. • Complexity of transactions. • Type of business, type of ownership, size of business • Relative risk, some accounts are riskier than others.
Major Factors WhenAssessing Inherent Risk • Nature of the client’s business • Results of previous audits • Initial versus repeat engagement • Related parties • Nonroutine transactions • Judgment – correctly record account • balances and transactions • Makeup of the population
Planning the Audit • The auditor uses the knowledge of the client’s business to make preliminary assessments of the client’s inherent and control risk. • These are preliminary risk assessments prior to gathering evidence. • Risk is updated throughout the audit as needed based on the findings.
Audit Risk Overall • The probability of giving an incorrect opinion on financial statements as a whole. • On an individual item like accounts receivable, it is the risk that a material misstatement occurs beyond an acceptable level. • Acceptable level is defined by materiality
Risk and Evidence Auditors gain an understanding of the client’s business and industry and assess client business risk. Auditors use the audit risk model to further identify the potential for misstatements and where they are most likely to occur.
Example of DifferingEvidence Among Cycles Sales and Collection Cycle Acquisition and Payment Cycle Payroll and Personnel Cycle A Inherent risk medium high low B Control risk medium low low C Acceptable audit risk low low low D Planned detection risk medium medium high
Example of DifferingEvidence Among Cycles Inventory and Warehousing Cycle Capital Acquisition and Repayment Cycle A Inherent risk high low B Control risk high medium C Acceptable audit risk low low D Planned detection risk low medium
Audit Risk Modelfor Planning PDR = AAR ÷ (IR × CR) Where PDR = Planned detection risk AAR = Acceptable audit risk IR = Inherent risk CR = Control risk
Impact of Engagement Riskon Acceptable Audit Risk Auditors decide engagement risk and use that risk to modify acceptable audit risk. Engagement risk closely relates to client business risk.
Factors AffectingAcceptable Audit Risk The degree of which external users rely on the statements The likelihood that a client will have financial difficulties after the audit report is issued
Factors AffectingAcceptable Audit Risk The auditor’s evaluation of management’s integrity
Making the AcceptableAudit Risk Decision Factors Methods to Assess Risk External users reliance on financial statements • Examine financial statements. • Read minutes of the board. • Examine form 10K. • Discuss financing plans • with management.
Making the AcceptableAudit Risk Decision Factors Methods to Assess Risk Likelihood of financial difficulties • Analyze financial statements for difficulties using ratios. • Examine inflows and outflows of cash flow statements. Management integrity • See Chapter 8 for client acceptance and continuance.
Overall Requirement An audit should be planned and performed to obtain reasonable assurance about whether the financial statements are free of material misstatements, whether caused by error or fraud. An audit requires due professional care, which in turn requires that the auditor exercise professional skepticism.
Causes of Misstatements Causes ErrorsFraud Fraudulent Misappropriation Financial of Assets Reporting
Two Types of Fraud Considered in an Audit • Fraudulent financial reporting (“cooking the books”)--examples • Falsification of accounting records • Omissions of transactions • Misappropriation of assets--examples: • Theft of assets • Fraudulent expenditures
Professional Skepticism • An attitude that includes a questioning mind and a critical assessment of audit evidence • The engagement should be conducted recognizing possibility of material misstatement due to fraud • An auditor should not be satisfied with less than persuasive evidence
Terminology Simplification To simplify the display, we will abbreviate the term used in the standard “risk of material misstatement due to fraud” as follows: Risk of material misstatement = Risk of fraud due to fraud
Fraud Conditions (“Fraud Triangle”) Incentive (Pressure) Opportunity Rationalization (Attitude)
Examples of Risks Factorsfor Fraudulent Reporting 1. Incentives/Pressures Financial stability or profitability is threatened by economic, industry, or entity operating conditions. Excessive pressure exists for management to meet debt requirements. Personal net worth is materially threatened.
Examples of Risks Factorsfor Fraudulent Reporting 2. Opportunities There are significant accounting estimates that are difficult to verify. There is ineffective oversight over financial reporting. High turnover or ineffective accounting internal audit, or information technology staff exists.
Examples of Risks Factorsfor Fraudulent Reporting 3. Attitudes/Rationalization Inappropriate or inefficient communication and support of the entity’s values is evident. A history of violations of laws is known. Management has a practice of making overly aggressive or unrealistic forecasts.
Steps involved in Considering the Risk of Fraud • Staff discussion • Obtain information needed to identify risks • Identify risks • Assess identified risks • Respond to results of assessment • Evaluate audit evidence • Communicate about fraud • Document consideration of fraud
Step 1—Staff Discussion of theRisk of Fraud • Brainstorm • Consider how and where financial statements might be susceptible to fraud • Exercise professional skepticism
Step 2—Obtain information needed to identify risk of fraud • Inquiries of management, the audit committee, internal auditors and others • Consider results of analytical procedures • Consider fraud risk factors • Consider other information
Step 3—Identify Risks that may Result in Fraud and Consider • Type of risk • Significance of risk (magnitude) • Likelihood of Risk • Pervasiveness of risk