ACCT Audit Presentation

Group5-AssessingRisksofMaterialMisstatement.pdf

Home >Business & Finance homework help >Accounting homework help >ACCT Audit Presentation

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 1/16

Appendix K5

Young Fashions: Assessing Risks of Material Misstatement and Linkage to Further Audit Procedures

This appendix is nonauthoritative and is included for informational purposes only.

Observations and Suggestions

While performing risk assessment and other procedures, you may identify risks of material misstatement. You should then assess these risks at both the financial statement and the relevant assertion level. As stated in paragraph 5.68 of this guide, you should document these assessments of risk. This appendix illustrates one example of how you might prepare that documentation.

Appendixes K1, K2, K3, and K4 provide example documentation of the risk assessment procedures performed to gain an understanding of the client and its environment, including internal control. In these examples, the auditor identified conditions that indicate a risk of material misstatement, which were summarized in the last part of each appendix. Those conditions have been carried forward to this appendix so they can be assessed.

Carrying forward identified risks to a central worksheet such as the one included in this example will help the auditor assimilate risks that have been identified in different areas. For example, the auditor of Young Fashions observed that senior management does not actively supervise and monitor the IT department. On its own, that condition may be considered an isolated condition that would warrant only a narrow response. However, when aggregated with other, related conditions, the auditor may determine that a more robust response was necessary.

This example also includes references to risks of material misstatement due to fraud, which the auditor may identify as part of performing risk assessment and other procedures.

Once the risks of material misstatement are assessed, you should design an appropriate audit response. Your response to financial statement level risks will be different from your response to relevant assertion level risks. This appendix provides a summary of the auditor’s response and then a cross reference to the working paper or audit program step where the auditor performed and documented the procedures that have been summarized in this appendix.

Determining whether a risk is a "significant risk" that requires special audit consideration is an important part of the auditors risk assessment process, and this appendix illustrates how you might document your determination of whether a risk is "significant."

Paragraphs 5.36–.37 of this guide provide guidance on determining significant risks at the financial statement and relevant assertion levels.

The primary objective of this example is to illustrate the documentation of the linkage between assessed risk and the design of further audit procedures. In reviewing this example, consider the summary of the audit approach and how the described approach is responsive to the assessed risk.

All information that appears in this font style illustrates information completed by the auditor.

Instructions for Preparation

This form documents your assessment of the risks of material misstatement that you have identified through the performance of risk assessment and other audit procedures. Your assessment should be performed at both the financial statement level and at the relevant assertion level for significant transactions and material accounts or disclosures.

This form also documents your determination of whether an identified risk constitutes a significant risk that requires further audit consideration.

You may then summarize your planned audit response to each identified risk. It is common for a single planned response to address more than one risk. The purpose of providing a summary of the planned audit responses is to establish a clearly

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 2/16

defined link between the assessed risk of material misstatement and the auditors response. Audit working papers can be linked electronically or through cross references (with an explanation of the purpose and meaning of the linkage for clarity).

The summarized planned response could then be crossreferenced to the working paper or audit program steps where you provide more detailed documentation of the procedures performed, the results of those procedures, and your conclusion.

Financial Statement Level Risks

Observations and Suggestions

This section of the appendix summarizes the financial statement level risks of material misstatement identified as a result of performing risk assessment and other procedures. To the extent possible, financial statement level risks should be related to what can go wrong at the relevant assertion level. The risks summarized here are those that could not be related to a specific assertion or small group of assertions. These types of financial statement level risks require overall audit responses which, for this example, have been summarized in the table presented.

It is common for a single audit response to address several risks of material misstatement. For example, the auditor of Young Fashions has grouped all risks related to IT general controls, because they all are addressed by the work performed by the IT specialist.

The final column of the table, "Ref.," should be a reference to the working papers that describe in more detail the auditors overall response. These working papers have not been included in this example.

All information that appears in this font style illustrates information completed by the auditor.

Ref.

W/P Risk No.

Description of the Condition Risk Caused by the Condition

Significant Risk? Summary of Response Ref.

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 3/16

Key officers do not actively participate in the supervision or monitoring of IT. Lack of active supervision is considered a fraud risk factor that could provide an opportunity for fraudulent financial reporting. [principle 16]

IT system may not provide the data needed by users to perform accounting or internal control functions. [principle 13 and principle 14]

No Our engagement team includes an IT specialist whose responsibilities include

gathering additional information related to these matters.

identifying and assessing risks of material misstatement.

identifying and assessing the severity of IT control deficiencies.

advising the team on developing an appropriate audit response to the assessed risks, including the design of further audit procedures.

Based on our assessment, we will not be able to rely this year on IT general controls for the first nine months of the year; however, there do not appear to be any misstatements or failures of application controls as a result of these deficiencies.

w/p

XXx

X2 4 Company growth periodically stretches accounting, IT and operational resources [principle 3 and principle 4]

Financial and nonfinancial information may not be processed accurately or in a timely fashion.

X3 6 Lack of controls over the development of spreadsheets used to process financial information. [principle 12]

Spreadsheets currently in use may process information inaccurately. New spreadsheets may be developed and used in other areas, creating the risk of error in those information streams.

X3 7 Deficiency of logical access controls over data and applications during first nine months of the year. [principle 11]

Financial data may have been changed inappropriately.

X3 8 Network server was located in an unsecure location during most of the year. [principle 11]

Financial data or logical access controls may have been compromised.

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 4/16

No formal controls over bonus arrangements, which is a fraud risk factor. The CEOs decide on the bonus amounts and distributions without formal policies. [principle 8]

Bonus arrangements may create an incentive/motivation for fraud by employees affected by the bonus arrangements

No During the audit team brainstorming session, we emphasized the need to maintain professional skepticism when gathering information and evaluating audit evidence, particularly with regard to the reliance on information provided by the clients system that may be used to perform analytical procedures, especially during the period that IT general controls were not effective.

More experienced audit team members performed key walkthroughs and made inquiries relating to fraud.

w/p

XXx

X2 5 Informal understanding of all the information needed to perform financial reporting functions. Software is limited in its ability to keep pace with functional business requirements. [principle 13 and principle 14]

Company may not capture all information needed to prepare financial statements.

X2 6 Managements monitoring of internal control is only partially adequate, as it is based on a review of financial results and not on the design and operating effectiveness of internal control [principle 16]

Deficiencies in the design of internal control may not be identified or remediated on a timely basis, creating an opportunity for fraud if the deficiency is severe.

X2 7 Misstatements result in a correction of the accounting records but not always a consideration of underlying control deficiencies that caused the misstatement [principle 5 and principle 17]

Relevant Assertion Level Risks

Observations and Suggestions

This section of the appendix summarizes the relevant assertion level risks that were identified as a result of performing risk assessment and other procedures. These risks have been carried forward from appendixes K1, K2, K3, and K4.

This case study focuses only on revenue, and so this worksheet includes only the risks that relate to revenue. In practice, the table presented would include risks of material misstatement that were identified for other significant transactions and material accounts and disclosures.

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 5/16

Each transaction, account or disclosure area is divided into two sections:

Overall risks. There are nonspecific risks related to each assertion for the main transactions related to the account. For this example, the major transactions for revenue are gross sales and endof season markdowns and chargebacks.

Specifically identified risks. These are the specific risks of material misstatement identified as a result of performing the risk assessment procedures.

In this example, the auditor has assessed the individual components of the risk of material misstatement, inherent risk, and control risk as well as a combined risk of material misstatement.

In the following example, other documentation provides support for the “high, moderate, or low” assessments. Such assessments without support would be inadequate for directing the nature, timing, and extent of other audit procedures.

At the assertion level, the auditor should determine whether any of the risks of material misstatement are considered significant risks.

All information that appears in this font style illustrates information completed by the auditor.

Ref.

Assessed Risk of Material Misstatement

(see XXX explaining the basis for these determinations) Ref.

W/P Item No.

Description of Risk

Significant Risk?

Relevant Assertion(s) Inherent Control

Combined Risk of Material

Misstatement Summary of Audit

Approach

Audit Program Step

Revenue Overall Risks

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 6/16

Ref.

Assessed Risk of Material Misstatement

(see XXX explaining the basis for these determinations) Ref.

W/P Item No.

Description of Risk

Significant Risk?

Relevant Assertion(s) Inherent Control

Combined Risk of Material

Misstatement Summary of Audit

Approach

Audit Program Step

Gross receivables and gross sales

Existence / Occurrence

Moderate High Moderate Confirm receivables by PPS sample at 12/31. Ask about any disputes over invoices and compare to internal files to confirm accuracy of company records provided.

Perform limited sales cutoff tests

Be alert to sales existence issues related to sales from 1st 9 months re confirmations or allowances or writeoff procedures.

Use computer assisted audit techniques (CAATs) data extraction to perform detailed substantive analytical procedures

No Completeness Moderate High Moderate Accuracy Moderate High Moderate Cutoff Low High Low

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 7/16

Ref.

Assessed Risk of Material Misstatement

(see XXX explaining the basis for these determinations) Ref.

W/P Item No.

Description of Risk

Significant Risk?

Relevant Assertion(s) Inherent Control

Combined Risk of Material

Misstatement Summary of Audit

Approach

Audit Program Step

Endofseason markdowns and chargebacks

See below Existence Low fn 1 High Moderate Analysis of customer inventory levels

Analysis of historical end ofseason markdowns and chargebacks by product line and customer.

Confirmation with significant customers

Completeness Low High Moderate Accuracy Moderate High Moderate Cutoff Low High Low fn 2 Specifically Identified Risks

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 8/16

Ref.

Assessed Risk of Material Misstatement

(see XXX explaining the basis for these determinations) Ref.

W/P Item No.

Description of Risk

Significant Risk?

Relevant Assertion(s) Inherent Control

Combined Risk of Material

Misstatement Summary of Audit

Approach

Audit Program Step

X1 1 Inherent Risk Considerations

General downward pressure on prices and end of season markdowns may result in over or under reporting sales and receivables due to a poor estimate of markdowns owed to customers. Markdowns are a significant estimate, which provides an opportunity for fraudulent financial reporting.

Yes Accuracy Valuation

High High High The customers inventory levels at the end of the season are a significant factor underlying estimated markdowns. Lack of availability of this information for new accessories line will make it difficult to make the estimate.

Our audit approach is based on evaluating the reasonableness of the information used by management to make its estimate of markdowns on accessories. Audit procedures include obtaining confirmation of inventory levels from major customers, performing analytical procedures by customer and product, an analysis of post balance sheet sales of accessories by major customers, comparison of goods shipped to goods ordered and inquiries of sales reps for significant customers.

As a significant risk, detailed substantive procedures will provide most of the audit evidence.

xxx

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 9/16

Ref.

Assessed Risk of Material Misstatement

(see XXX explaining the basis for these determinations) Ref.

W/P Item No.

Description of Risk

Significant Risk?

Relevant Assertion(s) Inherent Control

Combined Risk of Material

Misstatement Summary of Audit

Approach

Audit Program Step

X1 3 Control Risk Considerations

Lack of integration of new accessories line with inventory management system has resulted in a lack of information about inventory of accessories held by customers. Lack of information, together with lack of historical data about markdowns of this new product may result in the inability to make a reliable estimate of markdowns for this line. [principle 11 and principle 12]

Yes Accuracy Valuation

High High High

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 10/16

Ref.

Assessed Risk of Material Misstatement

(see XXX explaining the basis for these determinations) Ref.

W/P Item No.

Description of Risk

Significant Risk?

Relevant Assertion(s) Inherent Control

Combined Risk of Material

Misstatement Summary of Audit

Approach

Audit Program Step

XX Inherent Risk Considerations

The company processes a significant volume of sales orders. These transactions are processed electronically, and the proper functioning of the IT system is critical if orders (and ultimately revenue) are to be properly reported. Additionally, there is a presumption in the auditing literature that improper revenue recognition is a potential fraud risk.

No fn 3 Accuracy Completeness

Cutoff

High High High Our engagement team includes an IT specialist whose responsibilities include

identifying and assessing risks of material misstatement.

identifying and assessing control deficiencies.

advising the team on developing an appropriate audit response to the assessed risks, including the design of further audit procedures, including

develop data extraction application to compare purchase order file pre implementation to post implementation file.

examine procedures followed by the company in implementing new system.

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 11/16

Ref.

Assessed Risk of Material Misstatement

(see XXX explaining the basis for these determinations) Ref.

W/P Item No.

Description of Risk

Significant Risk?

Relevant Assertion(s) Inherent Control

Combined Risk of Material

Misstatement Summary of Audit

Approach

Audit Program Step

X3 Control Risk Considerations

During the year, the company installed a new version of its order management system. During upgrade, there was a potential loss or corruption of data that was transferred from old version to new. [principle 11]

No Accuracy High High High

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 12/16

Ref.

Assessed Risk of Material Misstatement

(see XXX explaining the basis for these determinations) Ref.

W/P Item No.

Description of Risk

Significant Risk?

Relevant Assertion(s) Inherent Control

Combined Risk of Material

Misstatement Summary of Audit

Approach

Audit Program Step

XX Inherent Risk Considerations

Purchase orders define the terms of sales transactions, which affect revenue recognition.

No Occurrence Moderate High Moderate Read purchase orders for major customers to identify terms that may raise revenue recognition issues.

Confirm significant terms of purchase orders with customers. (Including a review of confirmation addressee to determine that customer individual should be knowledgeable of significant contract terms).

Inquiries of in house legal counsel, sales reps for significant customers, and accounting

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 13/16

Ref.

Assessed Risk of Material Misstatement

(see XXX explaining the basis for these determinations) Ref.

W/P Item No.

Description of Risk

Significant Risk?

Relevant Assertion(s) Inherent Control

Combined Risk of Material

Misstatement Summary of Audit

Approach

Audit Program Step

X4 1 Control Risk Considerations

Communication of changes to standard purchase orders between legal and accounting is not reliable, which creates the risk that sales could be recorded at wrong amounts or in the incorrect period. [principle 14]

No Occurrence

Inherent Risk Considerations

The company processes a significant number of inventory transactions, and inventory balances are material. The companys inventory is vulnerable to theft.

No Accuracy Moderate High Moderate Physical inventory count will identify differences between inventory records and inventory on hand.

Identify communications from customers indicating inaccurate shipment. Procedures include, inquiries of sales reps, confirmation with customers, review and analysis of end ofseason chargebacks.

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 14/16

Ref.

Assessed Risk of Material Misstatement

(see XXX explaining the basis for these determinations) Ref.

W/P Item No.

Description of Risk

Significant Risk?

Relevant Assertion(s) Inherent Control

Combined Risk of Material

Misstatement Summary of Audit

Approach

Audit Program Step

X4 2 Control Risk Considerations

Warehouse personnel have the ability to make shipments that vary from customer order and then access the system to record the changes [principle 12]

No Occurrence Accuracy

Brainstorming for Fraud and Error Risk

After obtaining the understanding, the partner and engagement team (list attendees and date) brainstormed the risks of error and fraud. Here are the items discussed and the resolution:

Risk Discussion Resolution

WP Reference/ Plan step

Management override of controls, especially by IT director or CoCEOs

The COCEOs and IT director could override controls, mostly to show better financial statements;

IT director could steal assets and manipulate the records, but he has no access to cash receipts (lock box) or inventory; he can’t manipulate checks, since he does not sign checks

Exercise skepticism in dealing with Co CEOs (senior or manager to participate in all meetings with CoCEOs); plan extensive tests of journal entries and estimates.

Misappropriation of assets not a significant risk.

No direct evidence of manipulation and cross monitoring by executives mitigates this risk somewhat.

Bonus system Could cause employees to overstate income

Review of Bonus Program and annual decision process. Extensive tests of related journal entries and estimates.

Include analytic procedures and comparisons within and between periods.

Extensive inventory tests to ensure proper income basis for bonuses.

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 15/16

Risk Discussion Resolution

WP Reference/ Plan step

Lack of IT logical and physical security controls for the first 9 months of the year in a heavily computer dependent environment

Anyone could have changed data or formulas, either to misrepresent the financial statements or to cover a misappropriation of assets.

CAATs to detect unusual transactions and select sample of other transactions.

Extensive tests of revenue and expense transactions.

Be alert in tests to issues relating to automated controls in first nine months and any impact on application controls from the security and access deficiency.

Business risks for the client Clients new strategies are risky, providing incentive for misstated financial statements; this is countered somewhat by strong balance sheet and earnings

Extensive analytic procedures.

Plan review of strategies and financial statements by apparel industry expert.

Estimate for markdowns Misstatements could be either error or fraud; good controls over routine markdown estimate; problem with accessories

See separate discussion of approach to markdowns.

Inventory in overseas locations and intransit items

Inventory could be stolen by employees, vendors, manufacturers or others; however, CoCEOs monitor shrinkage. Ending inventory will be fairly stated if counted, priced and extended correctly as of reporting date.

Items could be included on inventory of 2 locations; however, check for transfer shipping near 12/31.

Our correspondent will observe and test inventory at major overseas locations; we will observe the U.S. locations and monitor closely any transfers or goods in transit at inventory date.

Inventory pricing, given changing markets

Misstatements could be either error or fraud; good controls over costing; poor controls over lower of cost or market

Will ask management to correlate items that department stores have difficulty selling with inventory valuation; then will test using CAATs; will extensively test lower of cost or market.

Spreadsheets Lack controls primarily an error risk rather than a fraud risk

Use IT specialist to extensively test all spreadsheets; test formulas. Recommend a formal process to protect spreadsheets from accidental or deliberate unauthorized changes.

Sales and shipping cutoff at yearend

Low risk because few shipments near 12/31 (seasonal business, and company closes for holidays)

Limited procedures needed. XX

Collect ability of receivables (bad debts)

Low risk because customers strong financially or preapproved credit cards used.

Be alert for changes in risk.

Inquire / observe re any new policies or programs of granting credit or accepting new customers with lower credit quality.

Sales occurrence Low risk in last three months since good controls; see above for IT weaknesses.

Be alert in confirmations and allowances or writeoffs to any issues relating to first nine months.

This is a section of the documentation and does not include all items discussed.

https://publication.cpa2biz.com/PrintDocument.ashx?id=1602817&type=Document&doPrint=true 16/16

Footnotes (Relevant Assertion Level Risks):

fn 1 Although inherent risk may be low, consideration may also be given to the likelihood and magnitude of misstatement when reaching an assessment of RMM. RMM is a judgment based on the facts and circumstances.

fn 2 The low exposure at year end due to closing the business around year end for an extended holiday was considered in reaching this conclusion and was documented. See Brainstorming Session documentation.

fn 3 The auditor considered and documented elsewhere that there was no specific revenue fraud risk identified for this engagement.