chapter 9 – audit risk, including the risk of fraud

Modern Auditing:Modern Auditing:Assurance Services and the Assurance Services and the

Integrity of Financial Reporting, 8Integrity of Financial Reporting, 8thth EditionEdition

Modern Auditing:Modern Auditing:Assurance Services and the Assurance Services and the

Integrity of Financial Reporting, 8Integrity of Financial Reporting, 8thth EditionEdition

William C. BoyntonWilliam C. BoyntonCalifornia Polytechnic State California Polytechnic State

University at San Luis ObispoUniversity at San Luis Obispo

Raymond N. Raymond N. JohnsonJohnson

Portland State UniversityPortland State University

Chapter 9 – Audit Risk, Including the Risk of Fraud

Chapter 9 OverviewChapter 9 OverviewChapter 9 OverviewChapter 9 Overview

Audit Risk – An OverviewAudit Risk – An OverviewAudit Risk – An OverviewAudit Risk – An Overview

• Concept of Audit Risk– Inverse of reasonable assurance– If 99% certainty is desired, the audit

risk is 1%

• Professional Judgment and Audit Risk– Usually audit firm policy– Comparable from one audit to

another

Fraud DefinedFraud DefinedFraud DefinedFraud Defined

• Acts Resulting in Material Misstatements– Fraud or Error

– Intentional or Unintentional

• 2 Types of Misstatements Relevant to Fraud– Fraudulent Financial Reporting

– Misappropriation of Assets

The Fraud TriangleThe Fraud TriangleThe Fraud TriangleThe Fraud Triangle

Fraudulent Financial ReportingFraudulent Financial ReportingFraudulent Financial ReportingFraudulent Financial Reporting

• Incentives and Pressures

• Opportunity

• Attitudes and Rationalization

Misappropriation of AssetsMisappropriation of AssetsMisappropriation of AssetsMisappropriation of Assets

• Incentives and Pressures

• Opportunity

• Rationalization

Auditing for FraudAuditing for FraudAuditing for FraudAuditing for Fraud

• Risk Assessment Procedures

• Brainstorming Session

• Specific Risks

Risk Assessment Risk Assessment ProceduresProcedures

Risk Assessment Risk Assessment ProceduresProcedures

• Inquiries of Management

• Consider Unusual or Unexpected Relationships

• Consider Other Information

Brainstorming SessionBrainstorming SessionBrainstorming SessionBrainstorming Session

• Allow junior members to benefit from senior members

• Allow more seasoned personnel a fresh set of eyes

• Allows audit management to set the appropriate tone for the audit

• Emphasize possibility of fraud existing in any audit

Specific RisksSpecific RisksSpecific RisksSpecific Risks

• Improper Revenue Recognition

• Management Override of Internal Controls

Study BreakStudy BreakStudy BreakStudy Break

1. Audit risk is set according to:A. AICPA guidelinesB. Audit firm policyC. SEC regulationsD. GAAS

B. Audit firm policy

Study BreakStudy BreakStudy BreakStudy Break

2. Which of the following is not a component of the fraud triangle?

A. Adequate trainingB. OpportunityC. RationalizationD. Incentives

A. Adequate training

Study BreakStudy BreakStudy BreakStudy Break

3. All of the following are objectives of a brainstorming session except:

A. Allow management to set the toneB. Allow for junior members to benefit

from senior membersC. Allow for a fresh outlook on situationD. Allow for identification of actual

occurrences of fraud

D. Allow for identification of actual occurrences of fraud

Audit Risk ModelAudit Risk ModelAudit Risk ModelAudit Risk Model

• 3 Components of Audit Risk– Inherent Risk– Control Risk– Detection Risk

• Illustrating the Model– AR = IR x CR x DR

• Expanded Audit Risk Model– AR = IR x CR x AP x TD

Risk Components MatrixRisk Components MatrixRisk Components MatrixRisk Components Matrix

Assessing the Components of Assessing the Components of Audit RiskAudit Risk

Assessing the Components of Assessing the Components of Audit RiskAudit Risk

• Inherent Risk

• Control Risk

• Detection Risk

Inherent RiskInherent RiskInherent RiskInherent Risk

• Inherent Risk Defined

• Assessing Inherent Risk

• Identifying Significant Inherent Risks

Control RiskControl RiskControl RiskControl Risk

• Control Risk Defined

• Assessing Control Risk– Planned assessed level of control

risk– Actual assessed level of control risk

Detection RiskDetection RiskDetection RiskDetection Risk

• Detection Risk Defined

• Assessing Detection Risk– Planned acceptable level of

detection risk

Interrelationships among Materiality, Interrelationships among Materiality, Detection Risk, and Substantive Audit Detection Risk, and Substantive Audit

EvidenceEvidence

Interrelationships among Materiality, Interrelationships among Materiality, Detection Risk, and Substantive Audit Detection Risk, and Substantive Audit

EvidenceEvidence

Components of Preliminary Components of Preliminary Audit StrategiesAudit Strategies

Components of Preliminary Components of Preliminary Audit StrategiesAudit Strategies

• Assessed level of inherent risk

• Planned assessed level of control risk

• Planned assessed level of analytical procedures risk

• Planned level of tests of details

Three Basic Preliminary Audit Three Basic Preliminary Audit StrategiesStrategies

Three Basic Preliminary Audit Three Basic Preliminary Audit StrategiesStrategies

• Response to Lower Inherent Risks

• A Lower Assessed Level of Control Risk

• A Primary Substantive Approach

Preliminary Audit Strategies Preliminary Audit Strategies and the Audit Risk Modeland the Audit Risk Model

Preliminary Audit Strategies Preliminary Audit Strategies and the Audit Risk Modeland the Audit Risk Model

Preliminary Audit Strategy Preliminary Audit Strategy ComparisonComparison

Preliminary Audit Strategy Preliminary Audit Strategy ComparisonComparison

Study BreakStudy BreakStudy BreakStudy Break

4. Which of the following is the correct audit risk model?

A. AR = IR x CR x DRB. IR = AR x CR x DRC. CR = IR x AR x DRD. DR = CR x IR x AR

A. AR = IR x CR x DR

Study BreakStudy BreakStudy BreakStudy Break

5. ______ is the risk that a material misstatement could occur and will not be prevented or detected by the entity’s internal controls.

A. Inherent RiskB. Audit RiskC. Control RiskD. Detection Risk

C. Control Risk

Study BreakStudy BreakStudy BreakStudy Break

6. The components of preliminary audit strategies include all of the following except:

A. Assessed level of inherent riskB. Planned assessed level of control riskC. Actual assessed level of control riskD. Planned assessed level of analytical

procedures risk

C. Actual assessed level of control risk