2. Control Risk
The risk that a misstatement that could
occur in an assertion about a class of
transaction, account balance or disclosure
and that could be material, either
individually or when aggregated with
other misstatements, will not be prevented,
or detected and corrected, on a timely
basis by the entity’s internal control.
www.mba4help.com
3. Control Risk
Control risk is the probability that a material misstatement exists in an
assertion because that misstatement was not either prevented from
entering entity’s financial information or it was not detected and
corrected by the internal control system of the entity.
It is the responsibility of the management and those charged with
governance to implement internal control system and maintain it
appropriately which includes managing control risk.
www.mba4help.com
4. Assessing Control Risk
The auditor should assess control risk for relevant assertions by
evaluating the evidence obtained from all sources, including the auditor's
testing of controls for the audit of internal control and the audit of
financial statements, misstatements detected during the financial
statement audit, and any identified control deficiencies.
Control risk should be assessed at the maximum level for relevant
assertions (1) for which controls necessary to sufficiently address the
assessed risk of material misstatement in those assertions are missing or
ineffective or (2) when the auditor has not obtained sufficient appropriate
evidence to support a control risk assessment below the maximum level.
www.mba4help.com
5. Assessing Control Risk
When deficiencies affecting the controls on which the auditor
intends to rely are detected, the auditor should evaluate the
severity of the deficiencies and the effect on the auditor's
control risk assessments.
If the auditor plans to rely on controls relating to an assertion
but the controls that the auditor tests are ineffective because of
control deficiencies, the auditor should:
1.Perform tests of other controls related to the same assertion.
2.Revise the control risk assessment and modify the planned
substantive procedures as necessary.
www.mba4help.com
6. Substantive Test
A procedure used during accounting audits to check for errors and
material misstatements(monetary) in financial statements and
other financial documentation. A substantive test might involve checking
a random sample of transactions for errors, comparing account
balances to find discrepancies, or analysis and review of procedures used
to execute and record transactions.
www.mba4help.com
7. Inherent Risk
Inherent risk is the probability that, in the absence of internal controls,
material errors or frauds could enter the accounting system used to
develop financial statements. You can think of inherent risk as the
susceptibility of the account to misstatement. In other words “what could
go wrong?”—inherent risk is a function of the nature of the client's
business, the major types of transactions, and the effectiveness and
integrity of its managers and accountants.
www.mba4help.com
8. Inherent Risk in Receivables
Primary risk is net receivables will be overstated, because either
receivables have been overstated, or the allowance for
uncollectible accounts has been understated
Risks affecting receivables include:
Sales of receivables recorded as sales rather than financing
transactions
Receivables pledged as collateral
Receivables classified as current when likelihood of collection
is low
Collection of receivable contingent on uncertain future
events
Payment not required until purchaser sells the product
www.mba4help.com
9. Substantive Tests of Accounts
Receivable Existence & Occurrence
Valuation
– Are sales and receivables initially recorded at their correct
amount?
– Will client collect full amount of recorded receivables?
Rights and Obligations
– Contingent liabilities associated with factor or sales
arrangements
– Discounted receivables
Presentation and Disclosure
– Pledged, discounted, assigned, or related party receivables
www.mba4help.com
10. Substantive Tests of
Accounts Receivable
Obtain and evaluate aging of accounts
receivable
Confirm receivables with customers
Perform cutoff tests
Review subsequent collections of
receivables
www.mba4help.com
11. Detection Risk
Detection risk is the probability that audit procedures will fail to detect
material misstatements provided that any have entered the accounting
system in the first place and have not been prevented or detected and
corrected by the client's internal controls.
In contrast to inherent risk and control risk, auditors are responsible for
performing the evidence-gathering procedures that manage and
establish detection risk. These audit procedures represent the auditors'
opportunity to detect material misstatements in financial statements.
Unlike inherent risk and control risk, auditors can and do influence the
level of detection risk.
www.mba4help.com
12. Determine Detection Risk
Detection risk occurs when you don’t use the right audit
procedures or you don’t use them correctly. You assess
inherent and control risk and then solve your audit risk
equation by assigning detection risk to reduce your audit risk
to an acceptable level.
Keep in mind that you can never completely eliminate
detection risk because you’ll most likely never look at each
and every transaction. Your goal is to keep it to an acceptable
minimum.
www.mba4help.com
13. 3 Major elements of
Detection Risk:
Misapplying an audit procedure: A good example is when you’re using
ratios to determine if a financial account balance is at face value accurate
(reasonable), and you use the wrong ratio.
Misinterpreting audit results: You use the right audit procedure but just
flat out make the wrong decision when evaluating your results. Maybe
you decide accounts payable is fairly presented when it actually contains
a material misstatement.
Selecting the wrong audit testing method: Different financial accounts
are best served using specific testing methods. For example, if you want
to make sure a particular sale took place, you test for its occurrence —
not for whether the invoice is mathematically correct.
www.mba4help.com
14. Detection Risk
Detection risk represents the risk that the audit team's substantive
procedures will fail to detect a material misstatement. As auditors require
higher quality evidence (lower detection risk), they must gather more
relevant and reliable evidence (appropriateness) and evaluate a larger
number of transactions or components (sufficiency).
www.mba4help.com
15. Audit samples
Audit sampling is the application of an audit
procedure to less than 100 percent of the
items within an account balance or class of
transactions for the purpose of evaluating
some characteristic of the balance or class.
www.mba4help.com
16. Types of audit sample
There are two general approaches to audit
sampling: nonstatistical and statistical.
Both approaches require that the auditor use
professional judgment in planning, performing,
and evaluating a sample.
www.mba4help.com
17. Population
Sample items should be selected in such a
way that the sample can be expected to be
representative of the population.
The auditor should determine that the
population from which he draws the sample
is appropriate for the specific audit objective.
The population contains all items to be
considered for testing.
www.mba4help.com
18. Sample Unit
Sample items should be selected in such a
way that the sample can be expected to be
representative of the population.
Therefore, all items in the population should
have an opportunity to be selected.
www.mba4help.com
19. Attribute Samples
Attribute sampling plans represent the most
common statistical application used by
internal auditors to test the effectiveness of
controls and determine the rate of
compliance with established criteria. The
results of these plans provide a statistical
basis for the auditor to conclude whether the
controls are functioning as intended.
www.mba4help.com
20. Employee Fraud
Embezzlement is a type of fraud involving employees or nonemployees
wrongfully misappropriating funds or property entrusted to their care,
custody, and control, often accompanied by false accounting entries and
other forms of deception and cover-up.
Larceny is simple theft; for example, an employee misappropriates an
employer's funds or property that has not been entrusted to the custody of
the employee.
Defalcation is another name for employee fraud, embezzlement, and
larceny. Auditing standards also call it misappropriation of assets.
Errors are unintentional misstatements or omissions of amounts or
disclosures in financial statements.
www.mba4help.com
21. Types of Fraud
Financial statements may be materially misstated as a result of errors or
fraud.
www.mba4help.com
22. Business Risk
All businesses make a countless number of decisions each and every day.
Decisions to purchase or sell goods or services, lend money, enter into
employment agreements, or buy or sell investments depend in large part
on the quality of useful information. These decisions affect business
risk, the chance a company takes that customers will buy from
competitors, that product lines will become obsolete, that taxes will
increase, that government contracts will be lost, or that employees will
go on strike.
In other words, business risk is the risk that an entity will fail to meet
its objectives.
www.mba4help.com
23. Risk Assessment
An important part of the performance principle
is for auditors to identify important concerns
(or risks) they face in the audit. This process is
referred to as risk assessment and follows
engagement planning, as follows:
www.mba4help.com
24. Risk Assessment
The risk assessment process requires an understanding of the client, its
operating environment, and its industry. This includes internal controls
operating within the client's accounting information systems that
ultimately produce the client's financial statements. Internal control
may be defined as the policies and procedures implemented by an entity
to prevent or detect material accounting frauds or errors and provide for
their correction on a timely basis. Satisfactory internal control reduces
the probability of frauds or errors in the accounts.
www.mba4help.com
25. External Auditors
The purpose of obtaining and evaluating evidence is to ascertain the
degree of correspondence between the assertions made by the
information provider and established criteria. Auditors will ultimately
communicate their findings to interested users. To communicate in an
efficient and understandable manner, auditors and users must have a
common basis for measuring and describing financial information.
www.mba4help.com
26. Test of Control
Tests of Controls are audit procedures performed to test the operating
effectiveness of controls in preventing or detecting material
misstatements at the relevant assertion level.
An auditor might use inspection of documents, observation of specific
controls, reperformance of the control, or other audit procedures to
gather evidence about controls.
www.mba4help.com
27. Test of Control for A/P
Accounts Payable
transactions are reviewed to ensure payments are made to actual
company vendors and all invoices are properly coded and paid. A/P
aging schedules are also reviewed for large unpaid balances.
Fixed Assets
are reviewed to determine that the proper asset class has been assigned
and depreciation is being calculated correctly. Salvage values are also
tested to determine validity.
www.mba4help.com
29. Group work in class
Working with your computer find at least
6 revenue recognition schemes. Discuss
in class for the mayor.
www.mba4help.com
30. Samples of Improper Revenue
Recognition Schemes
Recognize revenue on fictitious shipments
Hidden side letters that give customers unlimited right to
return product
Record consignment sales as final sales
Accelerated recognition of sales occurring after year-end
Ship unfinished goods
Ship goods before date agreed to by customer
Create fictitious invoices
Ship goods never ordered
Ship more goods than ordered
Record shipments to company's warehouse as sales
Record shipments of replacement goods as new sales
www.mba4help.com
32. Revenue Cycle test
of controls
Several of the tests of controls can be done
using the computer. The auditor must first
evaluate the effectiveness of general
controls related to program changes and file
security. The auditor should make inquiries
and inspect documentation about changes
made to the programs and master files used for
sales orders, shipping, billing, and recording.
www.mba4help.com
33. Revenue Recognition
Similarly, the SEC believes that revenue generally is realized or
realizable and earned when all of the following criteria are met:
•
•
•
•
Persuasive evidence of an arrangement exists.
Delivery has occurred or services have been rendered.
The seller's price to the buyer is fixed or determinable.
Collectability is reasonably ensured.
To be recognized, revenues must be
(1) realized or realizable
(2) earned
www.mba4help.com
34. Revenue Cycle test
of controls
For testing sales orders, the auditor can
enter test data to evaluate program results for:
a missing or invalid customer number
an invalid product code
an order that exceeds the customer’s credit limit
www.mba4help.com