Students must also be prepared to apply their understanding of audit risk to questions and come up with appropriate risk assessment procedures. Organizations must have adequate internal controls in place to prevent and detect instances of fraud and error. Control risk is considered to be high where the audit entity does not have adequate internal controls to prevent and detect instances of fraud and error in the financial statements. Control risk is driven by the client’s design and implementation of internal controls. RMM is the risk that the financial statements are materially misstated before the audit.
The first part of the audit risk model is the risk of material misstatement (RMM). One of the best ways to limit audit risk is to utilise the audit risk model. In order to help organisations identify the problems that may arise in their audits, the model divides the types of audit risks into categories. The standards do not specify on what level is considered an acceptable level. They only state that auditors should reduce the audit risk to an acceptably low level. Hence, auditors’ professional judgment which is based on their knowledge and experience is very important here.
What is audit risk?
When the audit is completed it will be based on the wrong numbers, which means that the audit itself will be wrong as well. The audit risk model has been designed to help businesses identify the problems that can occur in audits. There are many major accounting-related scandals that highlight the importance of these audits. Enron is perhaps the most well-known auditing scandal – and all three of these risks show up in the Enron scandal.
The level of inherent risk is affected by the environment, such as payment habits of customers, and the operation of the business, e.g. acceptance of electronic payments from customers. The control risk is affected by the effectiveness of the information system and control activities. The audit will finally determine the detection risk as audit risk model well as the nature, timing and extent of further audit procedures to reduce audit risk to an acceptably low level. When the level of combined risk of inherent risk and control risk is high, the auditor should perform more appropriate types of substantive procedures and increase the sample size for audit testing to reduce detection risk.
Discover more from BusinessIsInteresting
However, an auditor’s report is not an evaluation of whether a company is a good investment. Also, the audit report is not an analysis of the company’s earnings performance for the period. Instead, the report is merely a measure of the reliability of the financial statements.
A common mistake made by candidates is to provide a response that management would adopt rather than the auditor. The business faces the risk of slow cash flows and so there is a business risk related to the liquidity of Donald Co. While going concern is an audit risk, the above point from the scenario is not sufficient on its own to indicate going concern risk.
Financial Automation Data Sheet
Independent auditors and audit firms need to weigh several factors when performing audits. In order to score well in risk questions it is advisable to aim to identify a breadth of points from the question scenario. If the question asks for a specific number of audit risks, such as five, then it is not sufficient to identify just one or two risks. In addition, a common mistake is to identify a risk such as going concern and then give this answer over and over again. In Question 3b of the June 2011 exam, there was only a maximum of one mark available for the description of going concern risk. Having identified the audit risk candidates are often required to identify the relevant response to these risks.
- Students must also be prepared to apply their understanding of audit risk to questions and come up with appropriate risk assessment procedures.
- As auditors, we will try to see whether the business has a good internal control system to cope with such business risk.
- In this case, we cannot rely on the client’s controls (or lack of them) to reduce the risk of material misstatement for the existence assertion of inventory.
- Analytical procedures
Analytical procedures performed as risk assessment procedures should help the auditor in identifying unusual transactions or positions. - By understanding how the model is limited, auditors and companies can understand how to mitigate these and still provide the proper risk assessments.
In this case, as they cannot change the level of inherent and control risk, they need to change the level of detection risk to arrive at an acceptable level of audit risk. The risk of material misstatement is under the control of management of the company and the auditor can only directly manipulate detection risk. So, if their assessment of the risk of material misstatement and audit risk is high, they must reduce the detection risk in order to contain overall audit risk within acceptable level.