РефератыИностранный языкAuAudit Risk Model Essay Research Paper This

Audit Risk Model Essay Research Paper This

Audit Risk Model Essay, Research Paper


This is defined in AUS


402 as ?the susceptibility of an account balance ? to misstatement that


could be material ? assuming there were no related internal controls? (AUS


402.09). Estimating the inherent risk (IR) for each account balance or class of


transactions requires the auditor to take into account such factors as the level


of complexity involved in determining the ?correct? balance of an account,


the complexity of transactions involving the particular account(s) and the


?portability? of the assets involved. The estimation of IR is done as though


no internal controls exist ? it looks only at the nature of the account being


evaluated. Control Risk AUS 402 defines this as ?the risk that misstatements


that could occur in an account balance ? that could be material ? will not


be prevented or detected on a timely basis by the internal control structure?


(AUS 402.06). The evaluation of the level of control risk (CR) requires the


auditor to have a thorough understanding of the internal control structure that


is in place, and practiced (not necessarily the same thing) within the


organisation to be studied. Elements such as the segregation of duties, the


existence of ?management overrides?, and the level of formalised policies


and procedures in use are among the factors to be considered. Audit Risk Defined


in AUS 402 as ?the risk that the auditor gives an inappropriate audit opinion


when the financial report is materially misstated.? (AUS 402.03) The level


that is set as the acceptable audit risk (AR) reflects the degree of certainty


that the auditor and audit subject wish to achieve. An audit opinion can never


be a guarantee (AR = 0), even if every transaction during the year was tested,


due, at least in part, to the interpretive nature of many of the accounting


decisions involved. Detection Risk The final part of the risk model outlined in


AUS 402 is defined as ?the risk that an auditor?s substantive procedures


will not detect a misstatement?? (AUS 402.07) This risk relates to the


volume, effectiveness and sufficiency of the audit testing and investigation


undertaken. Both IR and CR are related to the probability that a particular


balance will contain an error, either accidental or fraudulent, while detection


risk (DR) is the probability that the auditor will not detect the error (Graham,


1985, p.15). The audit risk model is ?a joint probability statement of


independent events? (Wade, 1996) which attempts to combine these probabilities


and give an overall ?chance? of a misstatement existing (IR * CR) and


remaining undetected (* DR) ? leading to the auditor giving an inappropriate


audit opinion (AR). B) Armidale Pty Ltd ? Year 1 Inherent & Control Risk


Levels In the first year of an engagement the auditor will have gained only a


limited knowledge of the client and their practices. Faced with a poor internal


control structure the auditor may question the level of management experience


and knowledge, which AUS 402.14(b) suggests may be an indicator of high inherent


risk. This, combined with the newness of the engagement, would be sufficient


cause to set IR at a high level at the financial report level, and for most, if


not all, of the assertions below that. AUS 402.32 & AUS 402.34 mandate the


setting of control risk to high ?unless the auditor is able to identify


internal controls ? likely to prevent or detect and correct a material


misstatement? (AUS 402.32(a)). Given the conclusion of the auditor that such a


control structure does not exist within Armidale Pty Ltd they would have no


option but to set CR as high ? which is a logical choice given our previous


definition of CR. Detection Risk & Evidence Accumulation Assuming that the


auditor wishes to achieve a low level of Audit Risk, especially given the


newness of the engagement and the lack of an effective control structure we can,


by restating the audit risk model as DR = AR / (IR x CR) determine what the


level of detection risk must be set at to achieve the desired level of AR. If,


for example, an AR of 5% is desired with both IR & CR set to 100% the DR


comes out to be: DR = .05 / ( 1 x 1) DR = .05 (5%) This means that the auditor


can only accept a 5% probability that their substantive procedures fail to


detect any material misstatements. Achieving this level of assurance will


require the gathering of a large amount of evidence ? large samples will need


to be carefully tested and examined across most assertions. As the accumulation


of evidence is, due to the time and resources required, one of the more


expensive components of an audit the cost of running an audit with high CR &


IR ratings will be greater than ?normal?. The auditor must balance the costs


and fees of this initial audit against the long term relationship with this new


client ? as well as their local competitors. C) Armidale Pty Ltd ? Year 3


Setting Audit Risk High With more knowledge and exposure to the client and their


environment the auditor could choose to set the audit risk to a higher level


when, for example, there are few external users of the financial statements


(AFM312, 1999). It can also be set higher when control risk is low due to the


presence of a strong internal control structure and inherent risk is also


assessed as low. IR can be set lower based on the auditors judgement on such


factors as the stability of the company and the environment it operates in, the


level of management expertise, and the complexity and nature of transactions and


accounts involved. What is a ?low? level of IR & CR Issuing an


inappropriate audit opinion can be expensive for an auditor, especially in our


increasingly litigious society and with courts having a fairly wide definition


of an auditor?s duty of care. No system of internal controls can guarantee


100% detection of material misstatement ? mistakes, whether accidental or


/>

fraudulent, will occur and some will escape detection, again either by deception


or an oversight. Adopting a minimum level of CR of around 30% allows for this


? in effect the auditor says that they believe the internal controls are


sufficient to ensure that a minimum of 70% of misstatements will be detected


and/or corrected. Inherent risk is, by definition, evaluated as though no


internal control system is in place. While it can be set lower as suggested in


the previous section, the relationship between DR, AR, CR & IR as expressed


in the model means that setting it to a lower value increases the allowable


detection risk to achieve a desired level of audit risk. For a 5% AR with CR set


to 30% and IR to 80% we get a DR value of: DR = 0.05 / (0.3 * 0.8) DR = 0.21 If


we lower IR to 30% DR becomes 0.56 ? our substantive procedures now need to be


less than 50% effective at detecting misstatements because we ?trust? the


client and their systems. Increasing the allowable level of DR could, for


example, lead to a less thorough audit process on ?old & trusted?


clients. D) The Audit Risk Model in Practice Is the audit risk model as outlined


in AUS 402 a useful tool for helping to plan audit evidence requirements in


practice? Much of the documentation and discussion relating to the assessment of


the various risk elements involved in the model addresses the issue at the


individual account balance or transaction class level. An area of concern


(AFM312, 1999; Lea et al, 1992; Wade, 1996) is the link between these many


individual assessments and an ?overall? risk rating at the financial


statement level. As the model uses various independent probabilities it is not


possible to simply ?sum together? the assessment for individual areas. There


have been suggestions of methodologies for providing overall aggregation of


assertion level risk assessments (Lea et al, 1992) however these have not been


included in any of the current Auditing standards. This ?linkage? problem


limits the value of the model to an auditor as the amount of work required to


derive all of the estimates that AUS 402 suggests could be viewed as excessive


and requiring substantial amounts of duplication of effort. This limitation


appears to have led to the model being largely ignored, or at least


circumvented. Studies such as those by Mock and Wright (1999) have investigated


the effect of different levels of assessed risk on the design of actual audit


programs. These studies have found that, in the majority of cases, auditors


utilise a ?standard? set of substantive procedures for all engagements,


regardless of variations in risk factors. Others such as Fitzsimons (1992) and


Jacoby (1995) found that both inherent and control risk are, particularly for


small to medium sized businesses, consistently set to 100%, even with continuing


engagements ? reinforcing the use of a ?standard? test plan. Reliance on


standard plans may give the auditor a sense of security, whether justified or


not, as they have built a level of confidence in the results and can easily


compare this year to last year. Performing less substantive testing than


?normal? may open the auditor to claims of negligence if a material


misstatement escapes detection and a user of the audited statements suffers


damage as a result. The studies assert that the auditor therefore tends to be


conservative and maintain a heavy reliance on substantive testing. If both IR


& CR are automatically set at 100% for all clients, and the auditor relies


on achieving a 5% overall AR, detection risk must, according to the model, also


be set to 5%. Detection risk is made up of two components, sampling risk, and


non-sampling risk. Sampling risk arises from the selection of samples within an


overall population of transactions and accounts. If the samples selected do not


accurately reflect the population the testing may not capture a misstatement.


Sampling risk can be countered by increasing the proportion of the overall


population being tested. Accumulation of evidence, testing the sample, is one of


the high cost areas of an audit and decreasing the sampling risk can, therefore,


be a high cost exercise (Arens et al, 1987). Non-sampling risk derives from the


selection and application of the actual audit procedures to the selected


samples. Inappropriate or ineffective procedures may return misleading


information and lead to incorrect evaluation of results. The audit risk model


assumes that non-sampling risk is negligible and that detection risk is largely


controllable through sample size manipulation. While it is contended by, for


example, Gul et al (1995) that ?this risk can be reduced to a low level


through effective training, planning and supervision? the use of


?standard? test plans for all clients could lead to ?blind rote?


application of procedures without any real understanding of the purpose or


relevance of a particular test. In these conditions a series of small


non-sampling errors could rapidly accumulate and reduce the value of the


substantive testing. Where only a small allowance for error exists, due to the


reluctance of the auditor to place more emphasis on the internal control


systems, the desired level of AR could become unachievable. The audit risk model


outlined in AUS 402 as well as many of the overseas auditing standards would


seem to be useful for planning the level of testing required for specific


accounts or account classes. This is particularly so where the auditor believes


internal control systems are in place and effective (low CR) and where the


inherent risk is also medium to low. It appears, however, that, for many


reasons, the auditing fraternity has not rushed to utilise the model in


developing audit plans ? preferring to rely on standard series of tests ?


although Mock & Wright (1999) did identify some movement towards increasing


use of the model for planning purposes.

Сохранить в соц. сетях:
Обсуждение:
comments powered by Disqus

Название реферата: Audit Risk Model Essay Research Paper This

Слов:2143
Символов:13984
Размер:27.31 Кб.