Audit risk and client business risk (UEH)

2. Audit Risk and Client Business Risk

2.1. What is Audit Risk and RoMM?

2.2. Audit Risk Model

2.3. Risk strategy in audit

TOPIC 4 – AUDIT PLANNING Mai Duc Nghia (UEH)

(AUDIT RISK AND CLIENT BUSINESS RISK) 2

2.1. Overview of the Audit Risk (1) 2.1. Overview of the Audit Risk (2)

 What is Audit risk (AR)?  AR is a function of the risks of material misstatement and
detection risk.
 AR is the risk that the auditor will give an
inappropriate audit opinion when the financial report is AR = Risks of material misstatement (RoMM) X Detection risk
materially misstated.

 Role of auditor: Before issuing an opinion on the  Risks of material misstatement (RoMM): is the risk that
financial statements are materially misstated prior to audit.
financial report, the auditor needs to reduce audit risk to
an acceptable level to ensure the opinion is reliable. 3 4
Audit risk and client business risk (UEH)

RR có SSTY ở cấp độ tổng thể BCTC

Levels of RoMM RoMM at overall financial statement level
Levels of Risks of material misstatement

RoMM at assertion level

for classes of transactions
 The risks of material misstatement may exist at 2 levels:
RoMM at assertion level
for account balances
 The overall financial statement level
RoMM at assertion level
for disclosures.
 The assertion level for classes of transactions,
account balances, and disclosures.

RR có SSTY ở cấp độ cơ sở dẫn liệu

5
6

(2) RoMM at the assertion level

(1) RoMM at the overall financial statement level
RoMM at reflects the possible occurrence of material misstatements related to
 The overall financial statement level: risks that are a particular assertion of an account, transaction, or disclosure.
pervasive to financial report as a whole and may affect many Example: When audit “an inventory account” that could be perishable (dễ hư
assertions.
hỏng, eg.: foods, vegetables).
Example: If there is a going concern risk, or BOD are not integrity & don’t have
sufficient competence. RoMM at assertion: “Valuation and allocation” of inventory is high.
Because there is a risk that inventories are NOT written down to their
 Auditor may assess that the whole FSs are likely materially
Net Realize Value (NRV) to reflect the reduction in value due to damages or declining in
misstated.
price.
7 8
Audit risk and client business risk (UEH)

(2) RoMM at the assertion level 2.2. Audit Risk Model

At assertion level, the RMM is a combination of inherent and control risk RoMM
The audit risk model helps
(inherently risky items will increase RMM, but this risk is reduced if proper identify the potential and
controls implemented). likelihood of misstatements. AR = IR x CR x DR

• Inherent risk (IR): Susceptibility of an assertion to material misstatement given

inherent and environmental characteristics, but without regard to prescribed control
procedures. PDR = AAR ÷ (IR × CR)
• Control risk (CR): Risk that material misstatement might not be prevented or
detected by internal control procedures. where: PDR = Planned detection risk
AAR = Acceptable audit risk
o Note: Inherent and control risk are the entity’s risks, they are exist independently of the audit
IR = Inherent risk
of the FSs.
CR = Control risk
9 10

Three components Audit risk model for planning

of Audit Risk Model
(ISA 200)

o Inherent risk (IR)

o Control risk (CR)
o Detection risk (DR)

Figure 1: 11 12
Audit risk
Audit risk and client business risk (UEH)

Factor influence to Inherent Risk (IR) Factor influence to Control Risk (CR)
 Entity’s industry characteristics
Inherent risk (IR): Control risk (CR):
 Nature of entity’s business environment
Susceptibility of an (changes in politics, regulations, technological advance, lack of sufficient Risk that material  Control environment deficiencies
assertion to material working capital to continues operation, a declining industry characterized by a misstatement might not  Lack of effective controls
misstatement given large number of business failure,...) be prevented or
 Insufficiencies of controls
inherent and  Complexity of underlying transactions detected by internal
environmental (difficult calculations, complex accounting standards,...) control procedures.
characteristics, but
 Account balances derived from accounting estimates which
without regard to
require judgment.
prescribed control
procedures.  The susceptibility of assets to loss or misappropriation.
13 14

Detection risk Factor influence to Detection Risk (DR)

Factor influence to Detection Risk (DR)
Detection risk (DR): Risk that auditors’ substantive procedures will lead
auditor to conclude no material misstatement exists when, in fact, one  The effectiveness and audit procedures,
does. and their application by auditor
During the planning phase of the audit, a planned acceptable level of  The adequate audit planning
detection risk is determined for each significant assertion.
 Proper assignment of personnel to the engagement team
 Therefore, audit risk is a combination of inherent risk, control risk and
detection risk.  The application of professional skepticism

 Supervision and review of audit work performed.

15 16
Audit risk and client business risk (UEH)

THE RELATIONSHIP OF AUDIT RISK Exercises

COMPONENTS
For each situations, select the component of audit risk that is most directly
Misstatements
illustrated:
1. One personnel is in charge of both recording and custody of inventories.
Inherent risk 2. Senior auditor did not supervise and review the work performed by audit
assistant properly.
3. Sample size is too small to represent the whole population.
Internal control Control risk 4. Audit client is a listed company.
5. Invoices are not pre-numbered before use.
6. Products are jewelries made from gold and gemstones.
Audit procedures Detection risk 7. Allowance for doubtful debt accounts.
8. There is no code of conduct in place at audit client.

Audit risk
BCTC 18
UEH 17

Reducing audit risk Reducing audit risk

 Purpose: An auditor reduces audit risk to an acceptable level  Auditors cannot change inherent risk.
by performing audit procedures until there is sufficient
 Auditors cannot directly change control risk, although they can suggest
appropriate evidence for each assertion of each significant
changes to enhance control system for future periods.
transaction class or account balance to provide reasonable
assurance that the financial reports are not materially misstated.  An auditor can obtain evidence to support an assessed level of control
risk that is less than high (expect to rely on internal control) by
 The audit risk model focuses audit effort on those classes of examining the entity's internal control and testing its effectiveness.
transactions or balances (and the particular assertions) that are
likely to contain material misstatements.

19 20
Audit risk and client business risk (UEH)

Reducing audit risk Exercises

The auditor can alter the level of detection risk. Auditor can reduce Determine detection risk (DR) and comment on the results
detection risk and therefore audit risk by (ISA 200):
AR 1% 1% 5% 5% 5% 10% 10%
o adequate planning IR 20% 50% 20% 50% 50% 20% 50%
o proper assignment of personnel to audit engagement team CR 50% 50% 50% 50% 100% 50% 50%
o application of professional scepticism DR
o appropriate decisions on nature, timing and extent of audit
procedures
o effective performance of audit procedures and evaluation of results
o supervision and review of audit work performed.

21 22

Reducing audit risk

Detection risk matrix
Audit risk

Assessment of control risk At the overall level

High Medium Low At the assertion level

High Low Low Medium

Inherent Control Detection
Assessment Medium risk risk risk
of inherent Low Medium High
risk
Low Medium High High Sampling Non-Sampling
risk risk
23 24
Audit risk and client business risk (UEH)

2.3 Audit strategy: Business Risk Approach Relationship between client business risk and global, local
and internal environments
What is Business risk?
 Business risk can be defined as:
- Risk that an entity’s business objectives will not be attained
as a result of external and internal forces brought to bear on an entity and, ultimately,
the risk associated with the entity’s profitability and survival.
 Requires extensive knowledge of client’s business and industry.
 Business risk may arise from:
 Industry developments
 New products or services
 Expansion of business
 Regulations environments
25
26

What is “Business Risk Approach”? BUSINESS RISK APPROACH

 Business risk (BR) affects audit risk since BR may result in “Material misstatements”
in the financial statements.
The auditor assesses the specific BRs that the entity faces in order to determine The relationship
whether the result in errors, fraud, or other irregularities, and ultimately in a of business risk
materially misstated FSs. to the
determination
of audit risk

27

28
Audit risk and client business risk (UEH)

Assess Risk of Material

Mối quan hệ giữa RRKT và Mức trọng yếu
Misstatement
through client’s Business risk

Quan heä giöõa

ruûi ro kieåm toaùn
vaø möùc troïng yeáu
R M
Quan heä giöõa ruûi ro
kieåm toaùn, möùc
troïng yeáu vaø baèng E
chöùng kieåm toaùn

29
30

Section Break

31