ACCA (UK)
AUDIT AND ASSURANCE – F8
CHAPTER 6
RISK ASSESSMENT
�RISK ASSESSMENT
The Importance of Risk Assessment
Chapter Objectives
To prepare a suitable audit plan, the auditor needs to have an in depth knowledge and
understanding of
The entity to be audited
The environment which it operates
The auditor needs this knowledge and understanding in order to assess the risk attached to the
audit. Risk assessment is a key feature of the audit planning process and the assessment
of risk in the audit will affect
The amount of the audit work performed
The areas on which the auditor will focus his attention
At all stages of the audit, including during risk assessment, the auditor must bear in mind what
the overall objectives are. ISA (200) Overall objectives of the independent auditor and the
conduct of an audit in accordance with International Standards on Auditing.
“To obtain reasonable assurance about whether the financial statements as a whole are free
from material misstatement, whether due to fraud or error, thereby enabling the auditor to
express an opinion on whether the financial statements are prepared, in all material respects,
in accordance with an applicable financial reporting framework; and to report on the financial
statements”
2|Page SPIRES
�RISK ASSESSMENT
Professional Scepticism, Professional Judgement
Professional Scepticism is an attitude that includes a questioning mind, being alert to
conditions which may indicate possible misstatement due to error or fraud, and a critical
assessment of audit evidence.
Auditors must plan and perform an audit with an attitude of professional scepticism
recognizing that circumstances may exist that cause the financial statements to be
materially misstated.
This requires the auditor to be alert to:
Audit evidence that contradicts other audit evidence obtained
Information that brings into question the reliability of documents and
responses to inquiries to be used as audit evidence
Conditions that may indicate possible fraud
Professional Judgement is the application of relevant training, knowledge and
experience in making informed decisions about the courses of action that are appropriate
in the circumstances of the audit engagement.
Auditor to exercise professional judgement in planning and performing an audit of
financial statements. Professional judgement is required in the following areas:
Materiality and audit risk
Nature, timing and extent of audit procedures
Evaluation of whether sufficient appropriate audit evidence has been
obtained
Evaluating management's judgements in applying the applicable financial
reporting framework
Drawing conclusions based on the audit evidence obtained
What is Misstatement
The term 'misstatement' is not defined in ISA 315, but in ISA 450, Evaluation of Misstatements
Identified During the Audit, which contains this definition: 'a difference between the amount,
classification, presentation or disclosure of a reported financial statement item and the amount,
classification, presentation or disclosure that is required for the item to be in accordance with the
applicable financial reporting framework. Misstatements can arise from fraud or error.' In other
words,
3|Page SPIRES
�RISK ASSESSMENT
A misstatement arises where there is a difference between the reported figures, and what is
expected to be reported in order for the financial statements to be fairly presented (or show a true
and fair view).
Misstatements can be factual, in the case of a clear breach of a requirement of a financial
reporting standard, or could be judgmental, arising from unsuitable estimation techniques or the
selection of inappropriate accounting policies.
Materiality
ISA 320 Materiality in planning and performing an audit provides guidance to auditors in this
area and states the objective of the auditor is to apply the concept of materiality appropriately
in planning and performing the audit.
What is Materiality
“Information is material if it is omission, or misstatement could influence the economic decisions
of users taken on the basis of the financial statements”
What is the significance of materiality
The auditor is responsible for providing “an opinion on whether the financial statements are
prepared in all material respects, in accordance with an applicable financial reporting frame
work.
If financial statements contain material misstatement they cannot be deemed to show a true and
fair view.
The guidance of in ISA 320 states that the determination of materiality is matter of professional
judgment and that the auditor must consider
The circumstances surrounding the entity
Both size and nature of misstatements
The informations needs of the users as a group
Traditional Benchmarks of Materiality
0.5% - 1% of Revenue
5% - 10% of profit before tax
1% - 2% of Goss assets
4|Page SPIRES
�RISK ASSESSMENT
Note: These benchmarks do not come from the auditing standards. Materiality is a matter of
professional Judgement. The above common benchmark used, but different audit firm may use
different benchmarks or firm may use different threshold for each clients.
Auditor only test on a sample basis, so they have to evaluate their findings and determine how
likely it is that error identified in the sample are representative of material errors in the whole
population under scrutiny.
Materiality, as determined for the financial statements as a whole, may not be the best guide in
determining nature and extent of audit test. For this reason ISA’s introduced a further concept:
Performance Materiality
Performance materiality is the amount or amounts set by the auditor at less than materiality for
the financial statements as a whole to reduce to an appropriately low level the probability that the
aggregate of uncorrected and undetected misstatements exceeds materiality for the financial
statements as a whole.
Audit Risk
"Audit risk" means the risk that the auditors give an inappropriate audit opinion when the
financial statements are materially misstated. Audit risk has three components: inherent risk,
control risk and detection risk.
Inherent Risk
Definition of Inherent – “Existing in something as permanent, essential or characteristic
attitude”
In accounting, the concept of inherent risk is often used in financial audits. It refers to the risk
that a material mistake, such as an omission or error, appears in a company’s financial
statements due to non-internal-control reasons. Inherent risk is one of the risks that auditors
must evaluate while conducting the examination. (Planning stage)
5|Page SPIRES
�RISK ASSESSMENT
Inherent risk is embedded in a business and its transactions regardless of the mitigation
through internal control. The more complex a company’s business model and transactions are,
the higher the inherent risk is. Companies in highly regulated industries also face greater inherent
risk.
Examples:
Client trades overseas- FOREX currency risk- Translation risk
Bonus Plans for Sales team- Increase risk of manipulation to increase the bonus
Companies with lots of subsidiaries will have mistake made during the consolidation
process
Complex business environment - Mining company – How to value natural resources
Control Risk
Control risk is the risk that a material misstatement that could occur in an assertion and that
could be material, individually or when aggregated with other misstatements, will not be
prevented or detected and corrected on a timely basis by the entity's internal control.
Detection Risk
Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an
acceptably low level will not detect a misstatement that exists and that could be material,
individually or when aggregated with other misstatements.
This is the component of audit risk that the auditors have a degree of control over, because, if
risk is too high to be tolerated, the auditors can carry out more work to reduce this aspect of audit
risk and, therefore, audit risk as a whole. One way to decrease detection risk is to increase
sample sizes. Sampling risk and non-sampling risk are components of detection risk.
Although increasing sample sizes or doing more work can help to reduce detection risk, the
following actions can also improve the effectiveness and application of procedures and therefore
help to reduce detection risk:
Adequate planning
Assignment of more experienced personnel to the engagement team
6|Page SPIRES
�RISK ASSESSMENT
The application of professional scepticism
Increased supervision and review of the audit work performed,
All of the above reduce the possibility that an auditor might select an inappropriate audit
procedure, misapply an appropriate audit procedure, or misinterpret the audit results.
Risk Assessment Procedures
ISA 315 (Revised) Identifying and assessing the risks of material misstatement through
understanding the entity and its environment states that the objective of the auditor is to identify
and assess the risks of material misstatement, whether due to fraud or error, through
understanding the entity and its environment, including the entity's internal control, thereby
providing a basis for designing and implementing responses to the assessed risks of material
misstatement.
7|Page SPIRES
�RISK ASSESSMENT
A combination of the following procedures should be used to obtain an understanding:
Inquiries of management, internal auditors and others within the entity
Analytical procedures
Observation and inspection
ISA 315 also states the auditor shall consider whether information obtained from client
acceptance or continuance processes is relevant.
8|Page SPIRES
�RISK ASSESSMENT
9|Page SPIRES
