CHAPTER 3 – RISK ASSESSMENT & INTERNAL CONTROL

1. AUDIT RISK 2. INTERNAL CONTROL

Meaning Risk that the auditor gives an inappropriate audit opinion when the The process designed, implemented and maintained, by TCWG and Management, to provide
financial statements are materially misstated. reasonable assurance about the achievement of an entity’s objectives with regard to reliability
Definition
Consideration Audit Risk need to be considered at Overall Level as well as at the of financial reporting, effectiveness and efficiency of operations, safeguarding of assets, and
level of Individual account balance or classes of transactions compliance with applicable laws and regulations.
Meaning Factors to be considered Control 1. Whether all transactions are recorded;
Inherent

Susceptibility of an account balance  Experience on prior audits. Objectives 2. Whether recorded transactions are real;
or class of transaction to a material of
 Controls established by Mngt. Accounting
3. Whether all recorded transactions are properly valued;
misstatement, assuming that there
 Significant changes from last Control 4. Whether all transactions are recorded timely; properly posted;
are no internal controls.
assessment. System 5. Whether all transactions are properly classified & disclosed; properly
Meaning Steps in Assessment of Control Narrative Complete and exhaustive Flow Chart
Risk Records description of system as found in  Graphic presentation of I.C. of various sections in
Risk that material 1. Preliminary assessment of
Components

the operation by the auditor form of a diagram full with lines & Symbols.
control risk. Methods of
Check List Series of instructions and/or
Control

misstatements will not be Collecting  Provide most concise and comprehensive way to
2. Documentation of questions which a member of review I.C.
prevented or detected and info to
understanding & assessment of auditing staff must follow.  Provide a neat visual picture of various activities
review I.C.
corrected on a timely basis by control risk. IC Set of Questions designed to involving flow of documents through various
the internal control system. 3. Performing Tests of Controls Questionna provide a thorough view of state stages, authorizations required, filing of
4. Final Assessment of Control ire of I.C. documents, final disposal .
Risk.
 Risk that the substantive procedures performed by auditor  Useful method to determine whether errors Letter of weakness
Detection

exist and where they exist  SA 260 - Weaknesses in I.C. identified during the
fails to detect material misstatements. Surprise
 ICAI Recommendation – Surprise checks should
check in audit should be communicated to mngt & TCWG.
 Some detection risk would always be present even if an form part of normal audit.
Internal  Helps TCWG to improve the systems.
auditor was to examine 100% of the account balance or Control  Surprise check should be made at least once in
the course of an audit.  Must indicate that evaluation of I.C. is done to
class of transactions. determine NTE of further audit procedures.
 IR and CR are highly interrelated as in many cases management reacts to 3. INTERNAL CHECK
IR by designing accounting and internal control systems to prevent or
IR & CR

detect and correct misstatements.

Checks on day to day transactions, which operate continuously as a part of routine
Meaning system, whereby work of one person is proved independently to work of another, the
Relationships

 As a result, auditor needs to make a combined assessment of IR & CR as

RMM. object being prevention and earlier detection of error or fraud.
 Inverse relationship between RMM and DR.  To detect fraud and error with ease.
RMM & R

 When RMM is high, DR needs to be low to reduce audit risk to an  Avoid & minimize possibility of occurrence of fraud & error.
acceptable low level. Objectives  Increase efficiency of staff.
 When RMM is low, auditor can accept a higher DR.  Protect integrity of business.
 Mathematically AR = IR X CR X DR  Prevent misappropriation of cash & falsification of accounts.
Meaning Stages  No single person should have an Independent Control.
 Duties of staff members should be changed from time to time.
An audit Approach that 1. Understanding the auditee  Every member should be encouraged to go on leave atleast once.
Risk 1. Analyses Audit Risks, operations.
2. Set materiality thresholds based Consider  Persons having physical custody of assets must not be allowed access to books of accounts.
Based 2. Determination of residual  Implement Budgetary control procedures.
on audit risk analysis and ations
Audit 3. develop audit programmes that Risk  Judicious distribution of financial and administrative powers.
allocates a larger portion of 3. Manage residual Risk.  Procedures should be laid down for physical verification.
resources to high risk areas. 4. Reporting to Auditee.  Accounting procedures should be reviewed periodically.

Compiled by: CA. Pankaj Garg Page 43