AUDIT RISK DEFINITIONS

Audit risk is defined as ‘the risk that the auditor expresses an inappropriate audit opinion
when the financial statements are materially misstated. Audit risk is a function of the risks of
material misstatement and detection risk’. Hence, audit risk is made up of two components –
risks of material misstatement and detection risk. Risk of material misstatement is defined as
‘the risk that the financial statements are materially misstated prior to audit. This consists of
two components... inherent risk ... control risk.’

Audit
Risk

Risk of Detection
Material Risk
Misstatement

Inherent Control
Risk Risk

The Audit Risk Model

Figure. 1

INHERENT RISK (IR) is the risk or probability that a material misstatement can exist
before considering the possible effect of the client’s internal controls.
Factors Associated with Inherent Risk at the Assertion include:

• Account represents an asset that can be easily stolen such as cash, laptops
• Account balance made up of complex transactions
Size and volume of transactions: Large transactions have a higher risk than small
transactions; similarly high volumes of transactions have a high risk due to strains

1
• Account balances that require a high level of estimation such as, provisions for accounts
receivables and provisions for obsolete inventory
• Account balances that are subject to adjustments and are not in the ordinary routine.
• Account balanced composed of a high volume of non-routine transactions
• Related party transaction
•Competence of personnel for recording the transactions. Generally, incompetent personnel
may cause a number of errors compared to incompetent personnel

A few key factors can increase inherent risk.

Environment and external factors: Here are some examples of environment and external
factors that can lead to high inherent risk:

• Rapid change: A business whose inventory becomes obsolete quickly experiences high
inherent risk.

• Expiring patents: Any business in the pharmaceutical industry also has inherently risky
environment and external factors. Drug patents eventually expire, which means the company
faces competition from other manufacturers marketing the same drug under a generic label.

• Availability of financing: Another external factor is interest rates and the associated
availability of financing. If your client is having problems meeting its short-term cash
payments, available loans with low interest rates may mean the difference between your
client staying in business or having to close its doors.

• Susceptibility to theft or fraud: If a certain asset is susceptible to theft or fraud, the

account or balance level may be considered inherently risky. For example, if a client has a lot
of customers who pay in cash, the balance sheet cash account is going to have risk associated
with theft or fraud because of the fact that cash is more easily diverted than customer checks
or credit card payments.

Looking at industry statistics relating to inventory theft, you may also decide to consider the
inventory account as inherently risky. Small inventory items can further increase the risk of
this account valuation being incorrect because those items are easier to conceal (and therefore
easier to steal).

• Factors Associated with Management: Competence and integrity of management;

Potential incentives to misstate the financial statements

2
Control risk C (CR) is the risk that a material misstatement would not be prevented or
detected by the internal control system in the organization. If the internal control is very
strong then the control risk will be very low and vice versa. Thus there is an inverse
relationship between the quality of internal control and control risk. The stronger the internal
controls the lower the control risk and vice versa. Control risk reflects the possibility that the
system of internal control will allow misstatements to be recorded in the financial statements.
But, strong internal control applied steadily throughout the period will reduce control risk.

Figure: 2

The auditor combines the assessment of IR and CR to assess the likelihood of a RMM.
Hence, RMM = IR × CR. The auditor may use a quantitative or qualitative approach to
express a combined assessment of IR and CR. While both approaches are acceptable, most
auditors prefer a qualitative approach because it is more effective and efficiency.

Detection risk (DR) is the risk that the auditor will not detect material misstatements in the
financial statements through the performance of substantive audit procedures. It is the level of
detection risk that ultimately determines the nature, timing, and extent of substantive
evidence necessary to support the assertions contained in the financial statements.

For a given level of audit risk, the acceptable level of detection risk bears an inverse
relationship to the assessment of the risk of material misstatement (RMM) at the assertion

3
level. So when the RMM is assessed as low, the auditor will require lower substantive
evidence and may therefore seek less persuasive evidence in support of the assertions implicit
in the financial statements. Conversely, when the risk of material misstatement is assessed as
high, the auditor will seek more evidence that material misstatements have not occurred.

The following table provides a numerical depiction of this scenario.

Table 1: Relationship between Audit Risk, Inherent Risk Control Risk and Detection Risk

Low MM Moderate MM High MM

Audit Risk 5% 5% 5%
RMM = IR × CR 25 50 100
DR 20 10 5
Evidence to be Collected Low Moderate High

Note, RMM = Risk of Material Misstatement = Inherent Risk × Control Risk

Detection risk directly impacts the quality and amount of evidence collected. As RMM
increases, the auditor will respond by doing the following:
● assigning more experienced personnel
● increasing the supervision and review of work performed by less experienced staff
members
● obtaining high quality evidence
● increasing the quantity of evidence obtained

The audit risk model depicts audit risk (AR) as being a function of IR, CR, and DR. In
accordance with ISAs, an audit is designed to provide reasonable assurance that the financial
statements as a whole are free of material misstatements. The concept of reasonable
assurance acknowledges that there is a risk the audit opinion is not appropriate when the
financial statements are materially misstated — this is audit risk. Reasonable assurance is
obtained when the auditor has reduced audit risk to an acceptably low level.

Assume the company is a public company (PLC) with debt outstanding, so the auditor sets
AR at 0.03. IR with respect to valuation is determined to be somewhat below moderate (0.40)
because of the improving state of the economy and the resulting lower levels of write-offs.
The auditor reviews and tests the internal controls over the valuation assertion (one control is

4
that the credit manager approves all sales over Shs.10 million) and finds that they are
working well in the year under review; Thus CR is set at 0.20 (for low control risk).

Next, the auditor uses the AR model to determine that DR = 0.375. That is, the auditor
determines that evidence will have to be gathered such that the risk of audit procedures
failing to detect a material misstatement with respect to the valuation of accounts receivable
is 37.5%. DR is calculated using the audit risk model, as follows:

AR = IR × CR × DR that is, (AR = 0.03) = (IR = 0.4) × (CR = 0.2) × (DR = X)

0.03 = 0.08X = 0.3 = 0.8X or 30 = 8X. Thus X 3/8 = 0.375

The auditor can reduce planned DR by performing more substantive testing

Increased audit
evidence

Lowering Acceptable Audit Risk

Lower Detection
Risk

Figure:3, Relationship between Detection Risk and Audit Evidence

The auditor would use this information to determine the sample size. There is a relationship
between AR and the amount of evidence required to provide the necessary assurance. It can
be seen from the audit risk model that such a relationship exists for all risk components. The
following exhibit depicts these relationships
Because detection risk is inversely related to inherent risk and control risk, and detection risk
is inversely related to the amount of evidence required, increasing inherent risk or control risk
will decrease detection risk and thus increase the amount of evidence required. The converse
is also true.

5
Finally, it is important to be aware of the relationship between audit risk and assurance.
Because audit risk is the probability that the audit will provide an unqualified opinion when a
material misstatement exists, the audit risk is the probability that the opinion is not correct.

Quantitative example, 2
Assume that in the above case your client has simple transactions, competent accounting
staff, no intention to misstate financial statements, and internal controls are effective. Your
previous experience of the client and the results of the preliminary testing this year indicate a
low risk of material misstatement existing in the accounting records. Your assessment of
inherent and control risk shows that they are as low as 40% and 20% respectively. You also
set audit risk at .05, then the auditor’s planned detection risk in this engagement will be
DR = AR ÷ (IR x CR), thus DR = .05 ÷ (0.4 x 0.2) = 0.625 or 62.5%

Thus, the auditor could design tests of accounting records with a lower detection risk, i.e.,
62.5%, because only minimal substantive tests of account balances are needed to provide
supporting evidence on the expectations that the accounts are not materially misstated.

Relationships between Risks Relevant To Audit

Audit risk is defined as ‘the risk that the auditor expresses an inappropriate audit opinion
when the financial statements are materially misstated. Audit risk is a function of the risks of
material misstatement and detection risk’. Hence, audit risk is made up of two components –
risks of material misstatement and detection risk.

For purposes of the ISAs, audit risk does not include the risk that the auditor might express an
opinion that the financial statements are materially misstated when they are not. This risk is
ordinarily insignificant. Further, audit risk is a technical term related to the process of
auditing [see paragraph A33 of the International Standard on Auditing (ISA) 200]

Risk of material misstatement (RMM) is defined as “the risk that the financial statements are
materially misstated prior to audit”. This consists of two components: inherent risk (IR) and
control risk (CR).

Inherent risk is ‘the susceptibility of an assertion about a class of transaction, account balance
or disclosure to a misstatement that could be material, either individually or when aggregated
with other misstatements, before consideration of any related controls.’

6
Control risk is ‘the risk that a misstatement that could occur in an assertion about a class of
transaction, account balance or disclosure and that could be material, either individually or
when aggregated with other misstatements, will not be prevented, or detected and corrected,
on a timely basis by the entity’s internal control.’

Detection risk is defined as ‘the risk that the procedures performed by the auditor to reduce
audit risk to an acceptably low level will not detect a misstatement that exists and that could
be material, either individually or when aggregated with other misstatements.’

AR is usually set at a low level of 5% (0.05) that the financial statements do not contain any material
misstatements). While it is not prohibited to accept an AR of 1%, 3% or 10% but this is not usual. 5%
AR suggests a certainty level (CL) of 95%

The auditor would first assess the RMM (IR × CR), and then solve the risk model for DR. Using the
ARM the DR can be determined as follows

DR = AR OR AR If the AR is .05 and the RMM is .4, DR will be .05 = .125

RMM IR × CR .4

Table 2, Relationship between Risk of Material misstatements and Detection Risk

Scenario A Scenario B
Audit Risk (AR) 5% (0.05) 5% (0.05)
Inherent Risk (IR) 80% (0.8) 80% (0.8)
Control Risk (CR) 60% (0.6) 10% (0.1))
Risk of Material Misstatements (RMM) (0.48) (0.08)

Detection Risk (DR) = 0.05 0.05

0.48 0.08
= 0.001 0.006
Note: The RMM is a function of the IR and the CR, i.e., RMM = IR × CR

Note the following:

1. The AR in both scenarios A and B is. 5% (0.05) and

The IR is 80% (0.8) in both scenarios A and B

7
The CR in scenario A is 60% (0.6) while that in scenario B is10% (0.1) signifying that the
internal control in scenario A is weak while that in scenario B is strong.

2. The RMM in scenario A is 0.48 (0.8 × 0.6) and that in scenario B is 0.08 (0.8 × 0.1). This
is because the RMM consists of two components that is: IR × CR.

3. As the RMM in scenario A, is higher than that in in scenario B it follows therefore, that the
financial statements in scenario A are most likely to be more misstated than that in scenario
B.

4. Since there is a direct relationship between the RMM and the amount of audit evidence to
be collected, it follows that more evidence needs to be collected for scenario A than for
scenario B. The reason is that such accounts have got more misstatements either due to error
or fraud Remember, the higher the RMM in the financial statements the more audit evidence
needs to be collected and vice versa.

5. The DR under scenario A (0.001) is lower than that under scenario B (0.006). This
indicates that higher RMM are related to low DR and lower RMM are related to high DR.
That is, if the RMM is high the auditor will need to plan for a low DR and vice versa. By the
same reasoning, the relationship between the DR and the amount of audit evidence to be
collected is inverse. The lower the DR the more audit evidence is needed to be collected and
vice versa.

Table 3: Relationship between Audit Risk Components and Audit Evidence

Relationships Between
Audit Risk (AR) Detection Risk Direct
Inherent Risk Detection Risk Inverse
Control Disk Detection Risk Inverse
Audit Risk (AR) Audit Evidence Inverse
Inherent Risk Audit Evidence Direct
Control Disk Audit Evidence Direct
The relationship between the other components of the audit risk model, detection risk and
audit evidence is summarised as follows:

Table 4: The relationship between components of the audit risk and audit evidence

Detection Risk Amount of audit

8
 evidence needed
Audit Risk Direct Inverse
Inherent Risk Inverse Direct
Control Risk Inverse Direct

Risk of material Misstatements Inverse Direct

(inherent risk × control risk)

The above relationships may be explained as follows:

1. The relationship between audit risk and detection risk is direct. The higher the audit risk
the higher the detection and vice versa

2. Both the audit risk and the detection risk have an inverse relationship with audit evidence.
Thus if the audit risk or detection risk is low the auditor would need to collect more evidence
and vice versa. If the auditor wants to collect more evidence he/she should keep both the
audit risk and the detection risk low

3. The relationship between the risk of material misstatement and the detection risk is inverse.
Thus if the risk of material misstatement is high, then there is a need for a planning for a low
detection risk and thus collect more evidence

4. If the risk of material misstatements is low, then there is no need for increased audit
evidence. The auditor must plan in such a way that the detection risk is at an optimal level.
The auditor must not make the detection risk too low (too much evidence) as this will
increase costs of collecting evidence. On the other hand, if the detection risk is made too high
(insufficient evidence), it might not be able to detect misstatements.
Detection risk is important because the collection of evidence depends on it.

The Table below shows the relationship between Inheritance Risk, Control Risk and the
Detection Risk. For example, if both the Inherent Risk and Control Risk are high then the
Detection Risk should be very low. In contrast, if both the Inherent Risk and Control Risk are
low then the Detection Risk should be Very High. If both the Inherent Risk and Control Risk
are moderate (medium) then the Detection Risk should also be moderate (medium).

9
 ITERATIVE QUESTION
FROM BTX PAST PAPER

B Which of the following pairs of statements correctly expresses the relationship

8 between the audit risk and the amount of audit evidence needs to be collected?
8
A (i) If the client’s audit risk is low then the detection risk should be low.(ii) if the
detection risk is low then less audit evidence needs to be collected
B (i) If the client’s audit risk is low then the detection risk should be high.(ii) if the
detection risk is high then less audit evidence needs to be collected
C (i) If the client’s audit risk is low then the detection risk should be low.(ii) if the
detection risk is low then less audit evidence needs to be collected
D (i) If the client’s audit risk is low then the detection risk should be low.(ii) if the
detection risk is low then more audit evidence needs to be collected

Business Risk, Auditors Engagements and Audit Risk

10
The four critical components of risk that will affect the audit approach are illustrated in
Figure 1. They are the enterprise risk; engagement risk; financial reporting risk and the audit
risk. Enterprise risks are those risks that affect the operations of the business while
engagement risks are the auditors encounter by being associated with a particular client.
Engagement risks is the risk that the auditor is exposed to financial loss, or damage to his or
her professional reputation from litigation, adverse publicity, or other events arising in
connection with financial statements audited and reported on. Financial reporting risks are
those risks that relate directly to the recording of transactions and the presentation of financial
data in an entity’s financial statements.

Figure 1, Overview of Risk Elements affecting an Audit

1. Economic climate 4. Technological changes

Enterprise
2. Business Volatility Risk 5. Competitors

3. Business Location

1. Integrity of management 3. Financial Condition

Engagement
2. Quality of Management Risk 4. Regularity Action

1. Financial Reporting Financial 3. Management Incentives to

Complexity Reporting Misstate Financial Statements
Risk

2. Internal Controls

Audit Risk
1. Competency of Auditors

Audit risk is the risk that the auditor may provide an unmodified (clean) opinion on the
financial statements that are materially misstated.

11
Each of the risk components is interrelated to other components and more importantly each
component of risk can be managed. The effectiveness of risk management process will
determine whether a company continues to survive. Some of the basic risk relationships that
an auditor must understand in planning and conducting the audit are illustrated in Figure 1.
The first box in Figure 1 demonstrates that an entity is faced by a number of business risks
such as the economic climate, business volatility, business location, technological changes as
well as its competitors.

Enterprise (Business) Risk

Auditing standards define business risk as a risk resulting from significant conditions, events,
circumstances, actions or inactions that could adversely affect an entity’s ability to achieve its
objectives and execute its strategies, or from the setting of inappropriate objectives and
strategies (ISA 315). For instance, technological changes represent a high risk for a company
where technology develops at an amazingly fast speed such as a telephone trading company.
This is because the devices produced yesterday become out-of-date very fast and loose
market. History indicates that devices that have only one use like calculators, alarm clocks
and cameras were good yesterday but today they are being replaced by smartphones. Phone
chargers and with cords are also fading out in favor of wireless models

There is a chance that remote charging may soon become a reality. Chargers will soon
become unnecessary People will be able to charge their phone from anywhere without any
physical contact at all.
While we are not sure what idly innovative ideas the future will bring, but there is a pretty
good sense of which devices will fall into to disuse. Here are few things that will probably be

12
obsolete by 2020: Fax machines, CDs and DVDs. Gold rings and gold chains will also be
obsolete because the yellow metal is slowly disappearing from earth's surface, and miners are
pulling themselves out of this business By 2030 there won’t be any privacy because wherever
you are, wherever you go, with the advancement of the Internet of Things (IoT) technology
you will always be under watch. It will not make any difference if you have logged out or go
offline. By 2040 Fast-Food workers will also be looking for a job change because Taking
orders, preparing meals, and serving guests are jobs that will be handled by robots while
touch screens will be installed for selecting items from the menu, your meal will be
assembled by the bots themselves.

In a global market, businesses face a number of competitions. Business Competition is the

contest among businesses selling similar products and targeting the same buyers to gain more
market share compared to others. Competitors will try to win market share by cutting costs,
improving efficiency, lowering price and innovating by either creating new products and
services or improving upon old ones. Business competition can be fierce, especially in
markets with aggressive competitors. Increased competition can create lower market share
and fewer profits for any company. It makes a business overspend on marketing and other
promotional strategies to persuade the customers, and business partners..

Businesses that plan for growth or invest in new technology (innovative) are more successful
than businesses that stand still. Companies that experience innovation success grab onto it
and believe that it is their secret to everlasting success. Unfortunately, this is not the case. On
the other hand an unwillingness to innovate puts any company at risk of failure, but refusing
to evolve with the market can be even more devastating. “Without a robust and resilient
innovation strategy, no company can survive. Former industry heavyweights such as
Blackberry and Nokia have all been laid low after being faced with aggressive competitors.
Coca-Cola and Pepsi-Cola are other biggest rivals in the history of businesses.

Economic turmoil may put an enterprise at risk because a country may find itself without
proper finances and most may be poor.

Volatility can put an enterprise at high risks as the prices of commodities may rise or fall
sharply within a short term period. Geographical location is also a potential risk for
enterprises for a number of reasons such as crimes threats, availability of reliable security,
local politics, high competitions and availably of reliable customers.

13
Enterprise risk, in turn, affects the auditors’ assessment of engagement risk, that is, whether is
is too risky for an auditor to be associated with a client because such association will likely
have an adverse effect on the auditor. It is the responsibility of the management to properly
manage enterprise risk. It is believed that good management can manage risk the risk better.
Conversely weak management can worsen the risk (make it more likely to happen).

Engagement Risk
Engagement risk has been defined as the risk (resulting in a potential loss) that the auditor
might incur by being associated with a particular client. As shown in figure: 1 engagement
risk is influenced by:
 The integrity and quality of management. Specifically, management with questionable
integrity increases the engagement risk.
 Financial condition of the company. For example, if a company is on the brink of
declaring bankruptcy, it is more likely that the auditor’s opinion will be questioned+-
If the auditor questions management integrity, then the auditor cannot trust management
responses to audit questions and there is a likelihood that management will try to cover up
financial misstatements. Auditors have discovered that being associated with companies with
poor` integrity creates risks that can destroy the auditor or significantly increase costs.

Auditors Responses to Engagement Risks

The auditor reacts to high engagement risks by:
 Not associating with high risk audit clients. That is referred to as the “client
acceptance or retention decision, or
 Setting audit risk low, that is, to manage the risk of materially misstated financial
statements by increasing amount of audit work to render an audit opinion.
There are several factors that affect the auditor’s decisions to accept or retain an audit client,
but most factors revolve around management integrity, competence, the company’s risk
management process, corporate governance and the financial condition of a company.

Financial Reporting Risk

Financial reporting is the process of reporting the profit or loss and the financial position of a
reporting entity. Financial data is the name given to the record of actual transactions carried
out by a business e.g. sales of goods, purchases of goods, payment of expenses
The key factors that affect financial reporting risk include:
 The quality of the company’s internal control

14
  The complexity of the company’s transactions and financial reporting
 Management’s motivation to misstate the financial statements
 The company’s financial health

Accepting New Clients: Reducing Risks

Current auditing standards on “Audit Firm Changes” require a successor auditor to discuss
with the predecessor auditor to gain an understanding of the reasons for the change. Because
of the confidentiality rule, the successor auditor must obtain the clients permission to talk to
the predecessor auditor. The auditor is particularly interested in determining whether there
was any disagreement with the client on auditing or accounting procedures that would have
led to the auditor’s dismissal or resignation. Auditing standards requires the focus on the
following: integrity of Management; disagreement with management on accounting or
auditing procedures

(Engagement risk)

1: Engagement risk is the risk that auditors encounter by being associated with a particular
client: which of the following would not be considered an engagement risk?
A: loss of reputation
B: inability of the client to pay the auditor
C: financial loss because management is not honest and inhibits the audit process
D: Technological changes
2: Engagement risk means that it may be too risky for an auditor to be associated with a client
because such association will likely have an adverse effect on the auditor. Engagement risk is
influenced by several factors. Which of the following do not influence engagement risk?
A: the integrity and quality of management
B: The current financial position of the client
C: if the company is on the verge of declaring bankruptcy
D: Geographic location of the client

3: Engagement risk has been defined as a risk (resulting in a potential loss) that an auditor
might incur by being associated with a particular client. Engagement risk is most likely not
increased when an audit firm is associated with the following:

A: management with questionable integrity

B: a failed company, e.g., a company files for bankruptcy
C: a materially misstated financial statement
D: a company with strongly effective corporate governance

15
4: Audit firms understand that being associated with companies with poor integrity creates
risk that can destroy the firms. Thus each year they take several measures to address the risky
clients. Which of the following measures is not related to the avoidance of risky clients?
A: establish a client acceptance procedure and decide whether to accept a client
B: establish a client retention procedure and decide whether to retain a client
C: avoids all companies that have questionable management integrity
D: Choice “C” is the only right answer
5: The auditor responds to high engagement risks in one of the two ways. Which of the
following responses is (are) true?
(i) to effectively manage engagement risk by not associating with “high risk” audit
client (“client acceptance or retention decision”)
(ii) by setting audit risk low, i.e., to manage the risk of materially misstated
financial statements by increasing an amount of audit work
A: (i) only
B: (ii) only
C: (i) and (ii) and simultaneously
D: (i) or (ii) but separately

6: Which of the following factors do not influence the auditors’ decision to accept or retain
the audit client?
A: management integrity
B: management competence
C: the company’s risk management process
D: the industry in which the client is operating

7: There are a number of factors that affect the auditor’s decision to accept or retain an audit
client. The main factors include:
A: the effectiveness of corporate governance
B: the industry (type of business) in which the client is operating
C: the location of the client
D: All the above.

8: The quality of corporate governance is often considered as a major factor in determining

whether to accept or retain an audit client. The key factors that a CPA will analyse regarding
corporate governance includes all of the following except the following:
A Management integrity
B: the geographical location of the business
C: quality of management’s risk management
D: independence and competence of the board of directors

16
9: The key factors that a CPA will analyse regarding corporate governance includes one of
the following
A: The political loyalty of those charged with governance
B: the quality of the internal control process
C: the social contribution of the company regarding the local community
D: whether senior managers are involved in politics

10: Management integrity is considered the most important factor affecting the client
acceptance or continuation. There are a number of potential sources that the auditor should
consult in gathering information about management integrity. Which of the following may
not be a potential source of information regarding management integrity?
A: previous (predecessor) auditors
B: members of the board of directors
C: preliminary interviews with management
D: political leaders in the local area

11: One of the potential sources that the auditor should consult in gathering information about
management integrity is interviews with predecessor auditor. What information should the
auditor seek from predecessor auditor?
A: the reasons for the change such as any dispute with management
B: whether previous auditor provided any non-audit services to the client
C: the amount of audit fees they have been receiving
D: whether to accept or reject the engagement

(Related party transactions)

12: Related party transactions represent special risks to the auditor and the conduct of the
audit. All of the following represent a special risk to the auditor and the conduct of the audit
except
A: often they are used to the special advantage of existing management
B: they have economic motivation especially for tax purposes
C: they can influence the quality of the reported financial statements
D: they represent a conflict of interest

13: The auditor is more likely to be sued if the company declares bankruptcy than if the
organisation is financially healthy. This is most likely because
A: There will be a number of investors and creditors who have lost a lot of money
B: Most of the investors need to change business
C: The investors need to get a lot amount of dividend
D: The directors refused to declare enough dividends to the existing shareholders.

17
 14: Whenever a company files for bankruptcy the investors and creditors often turn to
the auditors and allege that the financial statements were misstated, and that the auditor
should have known that they were misstated. The investors and creditors won’t go to the
company management because:
A: they are not aware that management acts in their best interests
B: they know that management cannot do anything to cover their losses
C: They believe that the auditors have much money than the management
D: None of the above is true

15: Auditing standards require auditors to understand the financial health of the company. They are
required to understand inter alia (among others):
(i) Assess management’s motivation to misstate the financial statements
(ii) Identify areas that are more likely to be misstated
(iii) Identify account balances that appear to be over/understated
(iv) Assess the likelihood of financial failure
A: (i) and (ii) only
B: (i), (ii) and (iii) only
C: (ii), (iii) and (iv) only
D: (i), (ii), (iii) and (iv)

(Financial Reporting Risk)

16: Financial reporting risk is one of the four critical components of risks that will affect the
audit approach outcome. Financial reporting risks relate directly to the recording of
transactions and the presentation of the financial data. Factors that affect financial reporting
risks include:
(i) The quality of the company’s internal control
(ii) The company’s financial health
(iii) Management’s motivation to misstate the financial statements
(iv) The complexity of the company’s transactions and financial reporting
A: (i) only
B: (i), (iii) only
C: (i), (iii) and (iv) only
D: (i), (ii), (iii) and (iv)

17: If management is motivated to misstate the financial statements because of economic

problems, it is easier to do so:
(i) If the company has poor internal controls
(ii) If the company has complex financial reporting
A: (i) only
B: (ii) only
C: both (i) and (ii) together
D: none of the above is true

18
 ITERATIVE QUESTIONS
BTX Past Papers Below
0 Which of the following pairs of statements correctly expresses the general relationship
2 between the engagement risk and audit risk?
A (i) If the integrity of management is high then the auditor’s engagement risk should
be high (ii) If the integrity of management is high then the audit risk needs to be low
B (i) If the integrity of management is high then the auditor’s engagement risk should
be high (ii) If the integrity of management is high then the audit risk needs to be high
C (i) If the integrity of management is high then the auditor’s engagement risk should
be low (ii) If the integrity of management is high then the audit risk need to be high
D (i) If the integrity of management is high then the auditor’s engagement risk should
be low (ii) If the integrity of management is high then the audit risk needs to be low
E (i) If the auditor’s engagement risk is high then the audit risk needs to be high (ii) If
the auditor’s engagement risk is low then the audit risk needs to be low

0 Which of the following pairs of statements correctly expresses the general relationship
3 between the the technological obsolescence of an entity’s products and the audit risk?
A (i) If the technological obsolescence of a products is high then the entity’s business
risk should be high (ii) If the business risk is high then, the audit risk should be high
B (i) If the technological obsolescence of an entity’s products is high then its business
risk should be high (ii) If the technological obsolescence of an entity’s products is
high, the auditor may set a low audit risk
C (i) If the technological obsolescence of an entity’s products is high then its business
risk should be low (ii) If the technological obsolescence of an entity’s products is
high, the auditor may accept a high audit risk
D (i) If the technological obsolescence of an entity’s products is high then its business
risk should be low (ii) If the technological obsolescence of an entity’s products is
high, the auditor may accept a low audit risk
E (i) If the client’s business risk is high then the auditor should set the audit risk high
(ii) If the client’s business risk is low then the auditor should set the audit low

19