Scribd
Upload
41 views3 pages

Auditing Report 5 (269-272)

Control risk represents an assessment of a client's internal controls and the auditor's intention to assess that risk below the maximum level of 100% as part of the audit plan. If internal controls are ineffective at preventing or detecting misstatements, control risk would be assigned at the maximum level of 100%. For an auditor to set control risk below the maximum, they must obtain an understanding of internal controls, evaluate how well they should function based on that understanding, and test controls for effectiveness. Allowable detection risk is dependent on inherent risk, control risk, and acceptable audit risk, and determines how much substantive evidence an auditor needs to accumulate. Achieved audit risk can be reduced by decreasing inherent risk, control risk, or increasing substantive audit tests to

Uploaded by

The Box
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
41 views3 pages

Auditing Report 5 (269-272)

Control risk represents an assessment of a client's internal controls and the auditor's intention to assess that risk below the maximum level of 100% as part of the audit plan. If internal controls are ineffective at preventing or detecting misstatements, control risk would be assigned at the maximum level of 100%. For an auditor to set control risk below the maximum, they must obtain an understanding of internal controls, evaluate how well they should function based on that understanding, and test controls for effectiveness. Allowable detection risk is dependent on inherent risk, control risk, and acceptable audit risk, and determines how much substantive evidence an auditor needs to accumulate. Achieved audit risk can be reduced by decreasing inherent risk, control risk, or increasing substantive audit tests to

Uploaded by

The Box
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Step 3.

Assess Control Risk


Control Risk Represents
1.) An assessment of whether a client’s internal controls are effective for preventing and
detecting misstatements, and
2.) The auditor’s intention to make that assessment at a level below the maximum (100%) as
part of the audit plan.
If after the auditor has obtained an understanding of internal control and concludes that internal
controls are completely ineffective, to prevent of detect misstatement, the auditor would assign a
high, perhaps 100% (maximum level) risk factor to control risk.
Before auditors can set control risk less than 100%, they must do these things:
1.) Obtaining an understanding of internal control,
2.) Evaluate how well it should function based on the understanding, and
3.) Test the internal controls for effectiveness.
The first of these is the understanding requirement that relates to all audits. The last two are the
assessment of control risk steps that are required when the auditor chooses to assess control risk
below maximum.

Step 4. Determine Allowable Detection Risk


Allowable Detection Risk or Planned Detection Risk is the amount of risk the auditor can allow
for an assertion or a measure of the risk that audit evidence for a segment will fail to detect
misstatements exceeding a tolerable amount, should such misstatements exist. There are two key
points about planned detection risk:
a.) It is dependent on the other three factors in the model.
b.) It determines the amount of substantial evidence that the auditor plans to accumulate,
inversely with the size of planned detection risk.
PDR can be computed using the equation:
PDR = AAR
IR X CR

Where:
PDR = Planned Detection Risk
AAR = Acceptable Audit Risk
IR = Inherent Risk
CR = Control risk
As an alternative to numeric representations for planned audit risk, inherent risk, and control
risk, some auditors use the terms high, medium, or low. Most auditors are conservative in
making these assessments. In other words, an auditor assessing inherent risk to be between low
and medium sets the risk at medium which will require him to gather a medium amount of
evidence.
The audit risk model for evaluating audit results is:

AcAR = IR x CR x AcDR

Where:
AcAR = Achieved Audit Risk. A measure of the risk the auditor has taken that an account in the
financial statements is materially misstated after the auditor has accumulated audit evidence,
IR = Inherent Risk. It is the same inherent risk factor discussed in planning unless it has been
revised as a result of new information.
CR = Control Risk. It is also the same control risk discussed previously unless it has been
revised during the audit.
AcDR = Achieved Detection Risk. A measure of the risk that audit evidence for a segment did
not detect misstatement exceeding a tolerable amount, if such misstatements existed. The auditor
can reduce achieved detection risk only by accumulating substantive evidence.

Although research indicated that it is not appropriate to use the formula to calculate achieved
audit risk, the relationships in the formula are valid and should be used in practice.
The formula shows that there are three ways to reduce achieved audit risk to an acceptable level:
 Reduce Inherent Risk. Because inherent risk is assessed by the auditor based on the
client’s circumstances, this assessment is done during planning and is typically not
changed unless new facts are uncovered as the audit progresses.
 Reduce Control Risk. Assessed control risk is affected by the client’s internal controls
and the auditor’s tests of those controls. Auditors can reduce control risk by more
extensive tests of controls if the client has effective controls.
 Reduce Achieved Detection Risk by Increasing Substantive Audit Tests. Auditors
reduce achieved detection risk by accumulating evidence using analytical procedures,
substantive tests of transactions, and tests of details of balances. Additional audit
procedures assuming that they are effective, and larger sample sins both reduce achieved
detection risk.
Combining these three factors subjectively to achieve an acceptably low audit risk requires
considerable professional judgment. Some firms develop sophisticated approaches to help their
auditors make those judgments, while other firms leave those decisions to each audit team.

AUDIT RISK IN THE SMALL BUSINESS


The auditor needs to obtain the same level of assurance in order to express an unqualified
opinion on the financial statements of both small and large entities. However, many internal
controls which would be relevant to large entities are not practical in the small business. For
example, in small businesses, accounting procedure may be performed by a few persons who
may have both operating and custodial responsibilities, and therefore segregation of duties may
be missing or severely limited.
Inadequate segregation of duties may, in some cases, be offset by a strong management control
system in which owner/manager supervisory controls exist because of direct personal knowledge
of the entity and involvement in transactions. In circumstances where segregation of duties is
limited and audit evidence of supervisory controls is lacking, the audit evidence is necessary to
support the auditor’s opinion of the financial statements may have to be obtained entirely though
the performance of substantive procedures.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy