CHAPTER 6

Risk of material misstatements is the risk that the financial statements are materially
misstated prior to audit. Risk of material misstatement may exist at two levels:
 Overall financial statement level – refer to risks of material misstatement that relate pervasively
to the financial statements as a whole and potentially affect many assertions
 Assertion level – refer to risks of material misstatement that relate to classes of transactions,
account balances, and disclosures
Risk of material misstatement at the assertion level has two components:

a. Inherent risk – the susceptibility of an assertion about a class of transaction, account balance or
disclosure to a misstatement that could be material, either individually or when aggregated with other
misstatements, before consideration of any related controls

b. Control risk – the risk that a misstatement that could occur in an assertion about a class of
transaction, account balance or disclosure and that could be material, either individually or when
aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely
basis by the entity’s internal control

c. Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an
acceptably low level will not detect a misstatement that exists and that could be material, either
individually or when aggregated with other misstatements.

Steps in assessing Audit Risk:

1. Set the desired level of Audit Risk

Audit risk – the risk that the auditor gives an inappropriate audit opinion when the financial statements
are materially misstated; it is the risk that the auditor may unknowingly fail to modify appropriately the
opinion on financial statements that are materially misstated

2. Assess the level of Inherent Risk (such as low, medium, or high) – for example, low level if likelihood
of misstatement is low

Inherent risk – the susceptibility of an assertion to a misstatement that could be material, either
individually or when aggregated with other misstatements, assuming there are no related controls to
mitigate such risks

Sources of assessment include knowledge of entity and its environment and preliminary analytical
procedures.

3. Assess the level of Control Risk (such as low, medium, or high) – for example, low control risk if
internal control is effective, or high control risk if internal control is not effective

Control risk – the risk that a material misstatement, either individually or when aggregated with other
misstatements, that could occur will not be prevented or detected and corrected on a timely basis by
the entity’s internal control

Sources of assessment include knowledge of internal control and observation and inspection

Combined assessment:
The auditor usually makes combined assessment of inherent and control risks. If the combined
assessment of inherent risk and control risk is high, the auditor should:

 Place more emphasis on obtaining external evidence

 Reduce reliance on internal evidence
Design more effective substantive procedures

• 4.) Determine the acceptable level of detection risk: The acceptable level of detection risk
depends on the assessed level of inherent and control risk (inverse relationship)

• Detection risk – the risk that the auditor will not detect such a material misstatement that
exists/occurs in an assertion

• Detection risk is a function of the effectiveness of an auditing procedure and its application by
the auditor

• Detection risk is significantly affected by the nature, timing, and extent of the auditor’s
substantive procedures

• Detection risk is a complement of assurance provided by substantive tests (for example, a 10%
detection risk means a 90% assurance of detecting material misstatement)

Detection risk can be increased or decreased by the auditor by performing substantive tests but can
never be reduced to zero because of the inherent limitations in the procedures carried out, the human
judgments required, and the nature of the evidence examined.

• The auditor uses the Audit Risk Model:

• Audit Risk = Inherent risk x Control risk x Detection risk

   

Acceptable level of Audit risk

Detection risk = Inherent

risk x
Control risk
CONSIDERATION OF INTERNAL CONTROL

• BASIC CONCEPTS AND ELEMENTS OF INTERNAL CONTROL

•  

• Internal control (IC) – the process designed, implemented and maintained by those charged
with governance, management and other personnel to provide reasonable assurance about the
achievement of an entity’s objectives.

a. Internal control is a process. Internal control is not an end in itself but a means of achieving the
entity's objectives.
 b. Internal control is effected by those charged with governance, management and other
personnel. Internal control is accomplished by people at every level of organization.

Responsibilities:

 Management: to design, implement and maintain internal control to assist in achieving

the entity's objectives

 Those charged with governance: to ensure the integrity of accounting and financial
reporting systems through oversight of management

 Staff personnel: to perform their respective functions in order to accomplish the

objectives of the entity

•  

a. Primary purpose/reason for establishing internal control is to provide reasonable assurance

about the achievement of an entity’s objectives.

•  

a. Internal control can be expected to provide reasonable assurance of achieving the entity's
objectives – this is due to inherent limitations of any system of internal control; although
internal control is designed to prevent, detect and correct problems, an effective internal
control can only minimize but not eliminate material misstatements, whether due to fraud or
error.

b. Management overriding the internal control.

c. Circumvention of internal controls through the collusion among employees.

d. The cost-benefit relationship is a primary criterion in designing internal control, that is, the cost
of a control should not exceed its expected benefits. This is known as the concept of
reasonable assurance.

e. Most internal controls tend to be directed at routine transactions rather than non-routine
transactions.

f. The potential for human error due to carelessness, distraction, mistakes of judgment and the
misunderstanding of instructions. Human error may include errors in the design or use of
automated controls.

g. The possibility that procedures may become inadequate due to changes in conditions, and
compliance with procedures may deteriorate.

h. Segregation of duties may be difficult to achieve in a smaller entity.

• Entity’s objectives: what an entity strives to achieve

• Categories of entity's objectives:

1. Financial reporting objective – this objective relates to reliability of financial reporting

 2. Operational effectiveness objective – this objective is intended to enhance effectiveness and
efficiency of operations

• Compliance objective – this objective relates to entity’s compliance with applicable laws and
regulations

•  
Classification of internal control:

• According to objectives:

• Financial reporting controls – controls to achieve reliability of financial reporting objective

• Operational effectiveness controls – controls to achieve operational effectiveness objective

• Compliance controls – controls to achieve compliance objective

a. Preventive controls – to deter problems before they arise

Examples:

 Segregation of employee duties

 Control physical access to assets, facilities and information

b. Detective controls – to discover problems as they arise

Examples:

 Preparing bank reconciliation

 Preparing monthly trial balance

c. Corrective controls – to remedy problems discovered with detective controls

Example:

 Maintaining backup copies of transactions and master files

Benefits of strong internal control:

• Reduced cost of an external audit

• Availability of reliable data for decision-making purposes

• Protection of important documents and records

• Assurance of compliance with applicable laws and regulations

 
ASSERTIONS AND AUDIT OBJECTIVES

• Nature of Assertions:
• Financial statements are not statements of facts. They are a collection of claims and
assertions, made implicitly or explicitly by the entity’s management, about the recognition,
measurement, presentation, and disclosure of information in the financial statements

Assertions (or management assertions) are representations by management, explicit or otherwise,

that are embodied in the financial statements. These assertions relate to the fairness of presentation
of the financial statements, thus, they are directly related to applicable financial reporting framework.

Levels of Assertions:

• 1. Financial statement level – entity’s management representation that the financial

statements as a whole are presented fairly, in all material respects, in accordance with the
applicable financial reporting framework

• For example, management asserts the financial statements are free from material
misstatements.

• 2. Account balance or class of transactions level – entity’s management representation that

the underlying account balances and class of transactions, including related disclosures, are
free of material misstatements

• For example, when considering the sales balance, management is asserting that sales
revenue is complete (completeness assertion), the transactions occurred (occurrence
assertion), and transactions have been appropriately recorded in the accounting
records (accuracy assertion).

Categories of Assertions used by the Auditor:

• Assertions about classes of transactions and events for the period under audit

• Occurrence – recorded transactions and events have occurred and pertain to the entity

• Completeness – all transactions and events that should have been recorded have been
recorded

• Accuracy – amounts and other data relating to recorded transactions and events have been
recorded appropriately

• Cutoff (proper period) – transactions and events have been recorded in the correct accounting
period

• Classification – transactions have been recorded in the proper accounts

Assertions about account balances at the period end

• Existence – assets, liabilities, and equity interests exist

 • Rights and obligations – the entity holds or controls the rights to assets, and liabilities are the
obligations of the entity

• Completeness – all assets, liabilities and equity interests that should have been recorded have
been recorded

• Valuation and allocation – assets, liabilities, and equity interests are included in the FS at
appropriate amounts and any resulting valuation or allocation adjustments are appropriately
recorded

Auditor’s Use of Relevant Assertions:

The auditor uses relevant assertions in developing audit objectives that will be the basis for designing
audit procedures. Relevant assertions are assertions that have a meaningful bearing on whether an
account is fairly stated.

For example:

 Existence assertion, not valuation, is typically relevant to the audit of cash account.

 The valuation assertion would be relevant to assessing the inventory balance than assessing
sales balance.

The auditor should use relevant assertions to:

• Consider the types of potential misstatements that may occur

• Examples include:

• Does the asset exist? (Existence)

• Are all sales transactions recorded? (Completeness)

• Is inventory properly valued? (Valuation)

• Did the transaction occur? (Occurrence)

• Are amounts properly presented and disclosed in the financial statements? (Accuracy)

• Assess the risks of material misstatement

The auditor should identify what controls have been implemented to address the relevant assertions.

Examples:

 How does management ensure transactions are recorded? (Completeness)

 How does management ensure that significant estimates are based on reasonable assumptions
and properly recorded in the financial statements? (Accuracy)

Design audit procedures that are responsive to the assessed risks

Examples:

 If the risk is high that receivables are being overstated, the audit procedures should be designed
to specifically address the valuation assertion.

 When the auditor designs tests of controls, emphasis should be placed on testing controls over
the relevant assertions rather than just significant controls.

Audit Objectives:

The auditor develops audit objectives that relate to management assertions about the financial
statement components. To achieve audit objectives, the auditor shall design audit procedures and
gather sufficient appropriate audit evidence whether the assertions are in accordance with the
applicable financial reporting framework.

1. Types of Audit Objectives: Whether general or specific:

a. General audit objectives – are broad objectives of auditing an account balance or class of
transactions

 Examples of general audit objectives include existence, completeness, valuation, classification,

cut-off, accuracy, presentation and disclosure, validity, ownership, and overall reasonableness

b. Specific audit objectives – audit objectives stated in terms tailored to the specific audit engagement

2. Whether substantive or compliance

a. Substantive audit objectives – objectives that relate to the determination of the validity of
assertions on account balances or class of transactions or disclosures found in the financial
statements

b. Compliance audit objectives – objectives that relate to the degree of entity’s compliance with
relevant controls