"To obtain reasonable assurance, the auditor should obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor's opinion."
The AICPA defines audit risk as the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk.
Risk of Material Misstatement
The risk of material misstatement is the risk that the financial statements are materially misstated prior to the audit, and they exist at two levels:
- The overall financial statement level: these are risks that relate pervasively to the financial statements as a whole and potentially affect many assertions (e.g., the risk of fraud or the management override of controls)
- The assertion level: these are risks that relate to classes of transactions, account balances,and disclosures. The assessment of risk at this level allows the auditor to determine the nature, timing, and extent of audit procedures. The assertion level risks are composed of:
- inherent risk: The susceptibility of an assertion about a class of transaction, account balance, or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls. Inherent risks might be higher for some accounts due to:
- complex calculations (e.g., the value of derivatives)
- significant estimation uncertainty (e.g., the allowance for doubtful accounts)
- business risks (e.g., obsolete inventory in technology companies)
- industry risks (e.g., a declining industry challenging the going-concern assumption)
- control risk: The risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements,will not be prevented, or detected and corrected, on a timely basis by the entity's internal control. Proper internal controls can never eliminate the risk of material misstatement due to the inherent limitations of an audit, for example:
- human error
- collusion
- management override of controls
Detection Risk
Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
Detection risk bears an inverse relationship to the risk of material misstatement; for example, the higher the risk of material misstatement, the more evidence that needs to be obtained to mitigate the risk that potential misstatements go undetected.
The following steps in an audit help the auditor to develop the nature, timing, and extent of his audit procedures to reduce detection risk to an appropriate level:
- Adequate planning
- Proper assignment of personnel to the engagement team
- The application of professional skepticism
- Supervision and review of the audit work performed
https://www.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00200.pdf
No comments:
Post a Comment