Audit Risk and Audit Evidence

Audit Risk: The risk that the financial statements are misstated and the auditors fail to detect it, resulting in an inappropriate opinion.

Experience teaches that level of misstatement varies from entity to entity. Causes of variation depend on the nature of the entity, the effectiveness of its risk management and the internal controls.

Auditor must understand:•Entity’s business and industry•Management•Intended users•Legal and financial stability•Operations•Internal control procedures

The higher the audit risk, the more extensive the audit investigation

1

Audit Risk Components• Inherent risk• Detection risk• Detection risk

Risk should be assessed at the following levels:• Financial Statement level• Classes of transactions, account balances and disclosures level

Inherent risk: The possibility that misstatements could occur. The control procedures should be considered.

Some accounts may have greater risk (e.g. cash is more susceptible to misstatement than fixed assets; leased fixed assets are more susceptible than owned fixed assets).

Control risk: The risk that a misstatement could not be prevented or detected and corrected on a timely basis by the entity’s internal controls. Auditor cannot change the level of control risk. They can only recommend improvements for the future.

Detection risk: The risk that the auditing procedures will not detect misstatements occurring and not prevented by internal controls.

Upon assessing the risks, the auditor will develop the audit strategy along with the procedures for properly planning and controlling the risk process.

Audit Risk and Audit Evidence

2

Audit Risk and Audit Evidence

Relationship among risk components

Summary of risk components

3

Audit Risk and Audit Evidence

Risk Components matrix

Auditors may use qualitative expressions for risk, such as risk components matrix.

If the auditor's assessment of control and inherent risks is at a maximum, then the acceptable level of detection risk will have to be very low, that is the risk that the auditors’ substantive procedure will not detect misstatement will need to be low.

4

Audit Risk and Audit Evidence

Audit Evidence: The information used by the auditor in arriving at the conclusions on which the audit opinion is based. It consists of:

•Underlying accounting data•All corroborating information available to the auditors

5

Audit Risk and Audit Evidence

Sufficiency of Audit Evidence. Factors that may affect the auditor’s judgment of sufficiency include:

Materiality and risk: More evidence is necessary for material accounts (e.g. in manufacturing, inventory is more material than prepaid expenses).

Economic factors: Sufficient evidence must be collected within reasonable time and cost. ISA 500 states that difficulty or expense is not in itself a valid basis for omitting an audit procedure for which there is no alternative.

Population size and characteristics: The size of accounting populations (e.g. credit sales transactions) makes sampling a practical necessity in gathering evidence.

Document Evidence: Documentary evidence includes documents relating to transactions such as invoices and requisitions, minutes of BoD, lease agreements and bank statements. There are generated internally or externally and should be available on request.

6

Audit Risk and Audit Evidence

Externally generated documents are considered more reliable because they originate from independent parties. For more reliability, the auditor can ask the issuer to deliver this directly.

7