-
Reevaluating Risk Assessments
807.1 The auditor's assessment of
the risks of material misstatement at the relevant assertion level made
during planning is based on available audit evidence and naturally may
change as additional evidence is obtained.
- For example, in performing
- substantive procedures, the auditor may identify misstatements that are
- larger or more frequent than had been anticipated. In this situation,
- SAS No. 110 (AU 318), Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained,
- requires the auditor to reevaluate whether the assessment of risks of
- material misstatement at the relevant assertion level remains
- appropriate. The audit evidence may either confirm the auditor's risk
- assessments or result in the auditor performing additional audit
- procedures. Exhibit 8-2 illustrates this concept.
-
Exhibit 8-2
Reevaluating the Initial Assessment of the Risk of Material Misstatementat the Relevant Assertion Level
When planning the audit of ABC
CIRA, the auditor initially assessed a low level of risk that the CIRA
would not record assessments in the proper period. The auditor then
determined the nature, timing, and extent of substantive procedures
related to the cut-off assertion based on her assessment of a relatively
low risk of material misstatement. However, the CIRA's accounting
personnel were confused about how to record assessments for billings
that were prepared on December 31, related to the following year's
assessment.
- In her examination of assessments
- receivable, the auditor identified a misstatement of accounts receivable
- and revenue. Further investigation led to identifying cut-off issues as
- the cause of the misstatement. As a result, the auditor reevaluated her
- initial risk assessment relating to cut-off and increased the extent of
- tests of details over billing cut-off in order to obtain a higher level
- of assurance that all material misstatements relating to cut-off errors
- had been identified.
-
807.2 As indicated in Exhibit 8-2, an auditor should not assume that an identified error or instance of fraud is an isolated occurrence. Instead,
- the auditor should consider how the misstatement affects the assessed
- risks of material misstatement. In doing so, the auditor should consider
- all relevant audit evidence, even if it appears to contradict relevant
- assertions in the financial statements.
-
807.3 It is natural to have some
deviations in the way controls are applied. Deviations may be caused by
such factors as changes in key personnel, seasonal fluctuations in
activity, and human error.
- As a result, controls may not
- operate as effectively as the auditor had expected. If the auditor
- detects deviations when performing tests of controls, he should
- determine whether the tests provide an appropriate basis for reliance on
- the controls, whether additional tests of controls are needed, or
- whether the potential risks of misstatement need to be addressed by
- substantive procedures. The auditor should also consider whether
- misstatements identified when performing substantive procedures alter
- his judgment about the effectiveness of the related controls.
-
807.4 SAS No. 110 (AU 318.74)
requires the auditor to evaluate whether audit risk has been reduced to
an appropriately low level and whether the nature, timing, and extent
of audit procedures may need to be reconsidered.
- At the end of the audit, the auditor concludes whether sufficient
- appropriate audit evidence was obtained to reduce to an appropriately
- low level the risk of material misstatement in the financial statements
- and to support the opinion on the financial statements. This requires
- the auditor to evaluate whether the audit was performed at a level that
- provides the auditor with a high level of assurance that the financial
- statements, taken as a whole, are free of material misstatement. The
- sufficiency and appropriateness of audit evidence is a matter of the
- auditor's professional judgment.
-
807.5 SAS No. 110 (AU 318.76)
states that if the auditor has not obtained sufficient appropriate
audit evidence with respect to a material financial statement assertion,
the auditor should try to obtain additional evidence
- If the auditor cannot obtain sufficient appropriate audit evidence, the
- auditor should either express a qualified opinion or disclaim an
- opinion.
-
Evaluating the Existence of Fraud
807.6 Fraud Risk Assessment Is a Cumulative Process
Assessing the risks of material misstatement due to fraud is a
cumulative process that should occur throughout the audit. Fraud risks
may be identified during the engagement acceptance/continuance process,
during engagement planning,
- while obtaining an understanding of
- internal control, assessing the risks of material misstatement of the
- financial statements due to error or fraud, performing further audit
- procedures to respond to assessed risks, or communicating with
- management or others. Examples of conditions the auditor may note that
- may change or support the assessment of risks made during planning are
- included in Exhibit 8-3
-
Exhibit 8-3
Conditions That May Change or Support the Auditor's Assessment of Fraud Risks
- • Unrecorded transactions or transactions recorded improperly as to account, amount, period, or CIRA policy.
- • Balances or transactions that are unsupported or unauthorized.
- • Adjustments made by the CIRA at the last minute that substantially affect financial results.
- • Evidence of employees' unauthorized or unnecessary access to systems or records.
- • Missing documents.
- • Indications of altered documents. a
- • Only photocopies or electronic versions of documents being provided to auditors when originals are expected to exist.
- • Significant unexplained reconciling items.
- • Vague, implausible, or inconsistent responses by the client to the auditor's inquiries.
- • Significant physical assets are missing.
- • Denial by client personnel of auditor's access to records, facilities, certain employees, members, vendors, or others.
- b • Unusual discrepancies between confirmation replies and the CIRA's records.
- • Failure to retain documents or electronic files consistent with the CIRA's record retention policies or practices.
- • Unusual delays by CIRA personnel in providing requested information.
- • Unusual delays in the entity's closing process.
- • Unreasonable time pressures to resolve complex or contentious accounting issues.
- • Attempts by the management or the managing agent to intimidate audit team members or control the conduct of the audit.
- • Complaints or tips received by the auditor about fraud or potential fraud.
- • Unwillingness to make financial statement disclosures more clear or complete.
-
Notes:
- a
- If the auditor suspects that documents have been altered, it may be
- necessary to engage a specialist to determine their authenticity.
- b
- Denial of access to information may constitute a limitation on the
- scope of the audit sufficient to preclude an unqualified opinion on the
- financial statements.
|
|
