Audit Risk and MaterialityAudit Risk = Risk the auditors will give the wrong opinion.Why is there risk? Only provide “reasonable assurance” not absoluteThe Audit Risk Model:ARAudit Risk(should be low)=RMMRisk of MaterialMisstatement(assessed by auditor)IR – (inherent risk)general business andaccounting riskCR – (control risk) riskthat clients internalcontrols will not catcha problemXDRDetection RiskRisk that auditprocedures do not catcha problem(controlled by auditor)A 5% confidence.05 = 1.00 x .90 ([bad] 90% chance that IC will not correct) x .056 (~6%)LOW DR means more work for auditors.05 = 1.00 x .50 [better] x .10 (10%)Rely more on clients internal controls so DR goes up because you do less workInverse Relationsip:IR + CR goes up, DR goes down because you do more workIR + CR goes down, DR goes up because you do less work- Model relies on professional judgment - AR model can be stated quantitatively and qualitatively 1Risk AssessmentPurpose: To obtain an understanding of the entity and its environment. Specifically:1. Industry, regulatory, and other external factorsCompetitive environment, customer/supplier relationships,technology, general economic conditions 2. Nature of the entityOperations, ownership structure, governance, structure accounting finance function3. Objectives, strategies, and business risksObjectives – plansStrategies – meansBusiness Risks – what prevents company from achieving its objectives4. Entity performance measuresFinancial statements, forecasts, projections, budgets, etc. 5. ***Internal controlProcedures:1. Inquiries – management, internal auditors, “outsiders”2. Analytical procedures – ratio analysis3. Observation and inspection – documents, BOD minutes,internal auditor reports4. Discussion among audit team members – “brainstorm”a. Application of GAAPb. Unusual accounting practices/transactionsc. Internal controlsd. Training for new audit stuff2Consideration of Fraud During an AuditSAS No. 99Fraud vs. ErrorIntentional Unintentional Misstatement orOmission 2 Categories of Fraud:Fraudulent Financial vs.Misappropriation ofReporting Assets“lying” stealing“Cooking the books” cause company to payNot applying GAAP properly for something itNot disclosing properly didn’t receive Responsibility:Management = To design and implement programs and controls to prevent, deter, and detect fraud.Auditor = To plan and perform (design) the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.**Professional judgment/skepticismPotential red flags:1. Discrepancies in the accounting records- Incomplete, unsupported, unauthorized and documented- Last minute adjustments- Lack of agreement 2. Conflicting or missing evidential matter- Alterations- Discrepancies on confirmation33. Problematic or unusual relationships between auditor and management- Deny access/delay access- Under time pressure- Management complains/intimidation of audit team- Overall uncooperative Communication of fraud:1. Any fraud (even immaterial) should be discussed with an appropriate level of management, at least one level above those involved.2. Fraud that causes a material misstatement should be discussed with senior management and reported directly to the audit committee.3. Fraud involving senior management should be reported directly to the audit committee.4. Only report to parties outside of the entity in the following circumstances:a. To comply with legal and regulatory requirementsb. To a successor auditorc. In response to a subpoenad. To a funding agency (government)- If serious problem with management integrity, withdrawand report auditor change to SEC4ConclusionWhat is the purpose of all this?To plan the N-E-TNatureWhat type of audit procedures to useExtentHow much audit work to doTimingWhen to do audit proceduresInterim---------IC Testing_________________________________________________1/1/12 July 10/1 11/1 12/31 1/31/13 3/31Planning of early MarchAudit FS and audit Report releasedAll must be documented (see Exhibit 4-3, page 121)“Standards require extensive documentation of the auditor’srisk assessment procedures (including fraud risk assessment) and audit responses to identified