"As the basis for the auditor's opinion, GAAS require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance is a high, but not absolute, level of assurance. It is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (that is, the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level. Reasonable assurance is not an absolute level of assurance because there are inherent limitations of an audit that result in most of the audit evidence, on which the auditor draws conclusions and bases the auditor's opinion, being persuasive rather than conclusive."
Let's strip this down into some key phrases:
- "reasonable assurance": It is impossible for the auditor to obtain absolute assurance, due to certain inherent limitations of the audit; those inherent limitations are discussed below. Reasonable assurance is a high level of assurance, but certainly not an absolute level.
- "free from material misstatement, whether due to fraud or error": A misstatement is the difference between what is reported in the financial statements and what is SUPPOSED to be reported according to the applicable financial reporting framework used. It is important to note here that this section does not specify that the auditor's responsibility is to find fraud or errors; it is merely to find material misstatements. And those material misstatements might be caused by fraud or error.
With this understanding of misstatements, we understand that in performing the audit, the auditor has a risk that the financial statements are materially misstated. And the goal of the audit is to reduce that risk to an acceptably low level. This risk of material misstatement can be categorized into assertion level risks: inherent (i.e., due to the nature of the account, assertion, or disclosure) and control (i.e., due to the ineffectiveness of the design or operation of controls to detect and correct misstatements) risks. There are also financial statement level risks (i.e., those that are pervasive across several accounts, for example fraud). AU-C Section 315 goes into more detail on how to assess the risk of material misstatement. - "sufficient appropriate audit evidence": Once the auditor understands his risks at the financial statement and assertion levels, he needs to design procedures to reduce that risk to an acceptably low level. To do that, he needs to obtain sufficient and appropriate audit evidence from accounting records, representations made by management, source documents, letters or confirmations from 3rd parties, etc. Sufficient is the quantity, and appropriateness is the quality; the auditor needs to use his professional judgment in determining how much and what types of evidence are necessary in the circumstances. AU-C Section 500 goes into more detail about obtaining audit evidence.
- "audit risk...to an acceptably low level": Obtaining evidence has the goal of reducing audit risk to an acceptably low level. Audit risk is the risk that the auditor expresses the wrong opinion when the financial statements are materially misstated. This audit risk is primarily an inverse function of the risk of material misstatement and detection risk; detection risk is the risk that audit procedures might not find a material misstatement when there is one. So, the higher the risk of material misstatement, the further we need to reduce detection risk through sufficient and appropriate audit procedures, with the ultimate goal of reducing audit risk to an acceptably low level. AU-C Sections 300 and 330 provide more information regarding the design of audit procedures to reduce audit risk.
- "inherent limitations of an audit": Inherent limitations of the audit prevent us from obtaining absolute assurance that there are no material misstatements, resulting in our conclusions being persuasive rather than conclusive. Some examples of inherent limitations might be financial reporting related (e.g., there are significant and subjective estimates in the financial statements), audit related (e.g., the auditor cannot force and might not know to request the company's management to provide all information that might be useful evidence), and cost/benefit related (e.g., there is a balance between the relevance and thoroughness of the information to financial statement users, and the effort it takes to obtain the audit evidence or information). A few other limitations of an audit might be fraud, related party transactions, noncompliance with laws/regulations, or going concern risks at the company that the auditor is not aware of. Several AU-C Sections address procedures to perform that might reduce the risk of these limitations.
It is important to note that these inherent limitations are not a scapegoat for the auditor to not perform sufficient and appropriate procedures in the circumstances. Whether or not the auditor has performed the audit in accordance with GAAS is dependent on the procedures performed, the sufficiency and appropriateness of the evidence obtained, and the suitability of the auditor's report based on the evaluation of that evidence.
No comments:
Post a Comment