AUD 589

AUDITING 1

Risk and Materiality

Prepared by:
Yusarina Mat Isa
UiTM Kampus Puncak Alam
 Learning Objectives
• Able to:
– Understand audit risk model and how does it fit in
the client’s risk assessment
– Explain materiality and its applicability in audit
engagement
– Explain the relationship between risk and
materiality

2
I. AUDIT RISK

3
 Audit Risk
The risk that the auditor gives an inappropriate opinion when
the financial statements are materially misstated. i.e. the risk
Definition that an auditor issue an unqualified opinion when the
Audit Risk financial statements is susceptible to contain material
misstatement
Auditor should plan and perform the audit to reduce audit risk to an acceptable
low level. However, the acceptable low level risk is subjective and the auditing
standard does not provide guidance on this and its based on judgment from the
auditors itself

• Is a measure of how willing the auditor is to accept

Acceptable that the financial statements may be materially misstated
Audit Risk (AAR) stated after the audit is completed and an unqualified
opinion had been issued. Have inverse relationship with
evidence. AAR decrease, evidence increase

The auditor is unable to eliminate audit risk totally due to inherent (something
natural and part of it) limitations
4
Auditor’s Response to Risk Assessment
Assess the risk of material misstatement.

High Determine audit procedures that are Low

risk necessary based on the risk assessment. risk

Design and Evaluate whether sufficient Design and

audit evidence was
perform perform
obtained and if the
extended risk assessments normal
procedures. were appropriate. procedures.

Issue audit report. 5

 The Audit Risk Model CR (Control Risk)
The risk that internal
controls system will not
prevent or detect and
Inherent risk and control risk:
correct the error or
Risk that material misstatements exist material misstatement

IR (Inherent Risk)
The risk of material
misstatement occur
ignoring internal control Audit Risk = IR × CR × DR
system

Detection risk:
Risk that auditor’s substantive testing will not
detect misstatements

• Inappropriate audit procedure

• Fail to detect when using Nonsampling Sampling
appropriate audit procedure risk risk
• Misinterpreting audit results
6
 Audit Risk

The followings are among the factors that cause

uncertainty:-

Nature of audit test: The use of testing (sampling), not 100%

population in checking, examine material items only

Inherent limitation of the effectiveness of client’s internal

control systems – errors due to human errors, carelessness,
faulty judgment, management override and communication
breakdown

The drawing of audit conclusions based on audit evidence that is

mostly persuasive rather than conclusive. E.g. We tend to change
sample if unable to vouched to related documents

7
 Inherent Risk

The risk relating to the characteristic of the business.

Certain industries and sectors are prone to more risk.
If the auditor concludes that there is a high likelihood
of misstatement, ignoring internal controls, the
auditor would conclude that inherent risk is high.
INHERENT Example: Auditor has assessed inherent risk is high
RISK for inventory and warehouse (due to large amount
and several locations and complex transaction) and
lower for payroll and personnel (due to highly
routine). This knowledge is based on discussion with
management, knowledge of the company and results
of audit in previous years.

Internal Controls are ignored in setting

Inherent Risk because they are
considered separately in the audit risk
model as control risk.

8
 Inherent Risk
The inclusion of inherent risk in audit risk model is one of the most
important concepts in auditing. This will affects total amount of
evidence that auditor is required to accumulate.

Inherent risk can be considered

at two levels:

At the financial Statement Level At the account balance and

or entity level transaction level

9
 Inherent Risk
At the financial Statement
Level or entity level

Nature of the client’s business, size and number of location of the

company
Example: Greater obsolete inventory in electronics' manufacturer as
compared to a steel fabricator
The Management
Experience, integrity and attitude of directors and management.
Example: Dominance by a single person can cause problems. Significant
changes in the management structure during the year is also a signal
for auditor to be caution on inherent risk

Unusual pressure on management

Example: Tight reporting deadlines, market expectation or other
circumstances that might contribute to misstatement such as increase
in revenue figure
10
 Inherent Risk
At the financial Statement Level
or entity level

Factors affecting the industry

Critical issues facing the industry, entity’s position within the industry,
threats to the entity, entity operates in high competitive conditions as
indicated by trends and ratios. To maintain competitiveness, the company
tend to misstate any material figures in order to show promising trend or
ratios

Initial versus repeat engagement

After several years, auditors gain experience and knowledge about
likelihood of misstatement. Without previous assignment, Inherent Risk is
normally high in the first engagement

Economy, legislation, regulations and accounting practices affecting the

industries

11
 Inherent Risk
At the account balance and
transaction level

Result of previous audit

Misstatement found in previous audit have a high likelihood of occurring
again this year due to some company is slow in making changes. So,
respective transactions or balance of accounts should be rated to have higher
inherent risk

Related parties
Greater likelihood of misstatement exist in related parties transaction as
both parties are not “independent parties”

Non-Routine Transactions
Transactions that are unusual to client are more likely to be incorrectly
recorded because lack of experience in recording them. Example: Major
property disposal or disposal of subsidiary or lease agreement. Another
example, it is more likely that error or misstatement will be made when
accounting for complex sale and leaseback transactions is made for a
straightforward purchase of assets on normal credit term 12
 Inherent Risk
At the account balance and
transaction level

Judgment is required to correctly record account balance and transaction

Many accounts require management judgment. For example: Allowance for
doubtful debts, depreciation, useful life of assets, net realizable value of
inventory, obsolete inventory, liability for warranty and classification of repairs
expenses or assets for major repairs transactions

Other factors to consider

✓ Complexity of underlying transactions and other events which might
require the use of the work of an expert
✓ Susceptibility of assets to loss or misappropriation
✓ The quality of accounting systems
✓ The completion of unusual and complex transactions, particularly at or
near the year end

13
 Inherent Risk
TERMS
• Transaction level relates to the test of transaction. E.g. select 30
disbursement for the month of January, validate amount by looking
at the documents, and check posting to correct ledgers. Purpose to
determine the transactions have been processed to appropriate
ledger, complete and they classified properly. Example is inventory.
All transactions involve inventory were properly taken up and they
are properly classified as asset rather than expenses and they
properly recorded in the correct period and ledger.
• Account balance level relates to testing for the item/balance actually
exist, own by entity and proper valuation in the account. Example is
inventory. Inventory is physically exist, belong to company by
vouching to related document and proper valuation has been made
such as identified obsolete stock, slow moving stock, identified the
cost and market value and, so forth.
End Notes: Inherent risk will higher if auditor expect many material
misstatement due to absent of internal control system 14
 Control Risk
ISA 400.5
A material misstatement Auditor’s responsibility
could occur and not be - Obtain understanding
prevented or detected and Effective internal
control – reduce of the internal control
not corrected on a timely system of the company
basis by the entity’s control risk
internal control structure

However internal control systems cannot provide management with

conclusive assurance because inherent limitations such as:

• Cost benefit analysis. Sometimes cost to set-up internal control is too high
• Internal control is mainly for routine transactions and unable to properly address
non-routine transactions
• Human error due to carelessness, ignorance and rejection to adhere to the
system, misunderstandings of instructions
• Internal control bypassed through collusion of management or employee
• Internal control become not relevant due to changes in conditions and
environment
15
 Control Risk

Control risk also can be considered at two level:-

GENERAL LEVEL SPECIFIC LEVEL

Auditor should consider attitude of Auditor should also
management towards the consider and evaluate
important control system by whether existing control
looking at whether the company procedures is good
has established budgetary system, enough to prevent and
internal audit department, risk detect errors or not
management department and End Notes
audit committee Control risk will be higher if
internal control system is not
effective
16
 Detection Risk
This is the only RISK which can be
An auditor’s substantive procedures
directly controlled by auditor and
will not detect any misstatements that
depend upon his assessment of
occur
inherent risk and control risk

After assessing inherent risk and control risk, auditors should be able to
decide what level of detection risk will bring the audit risk to acceptably
low level. And then, auditor would consider:

• Appropriate planning, direction and supervision during the audit work

• The nature of the substantive procedures (e.g. internal or external
document)
• The timing of the substantive procedures
• The extent of substantive procedures

17
 Detection Risk
DETECTION RISK
• The audit procedures to carry out are substantive test and
analytical review procedures. The auditor’s responsibility to
design audit procedures that will provide reasonable
assurance that any material misstatement will be detected
and removed from the financial statements
• Relationship: If inherent risk and control risk are high, the
level of detection risk is low of which evidence to
accumulate is high

• End Notes: Detection risk will be higher if the auditors are

not competent and exercise due care

18
 Audit Risk Matrix
Auditor’s assessment of control risk is

High Medium Low

Auditor’s High Lowest (a) Lower Medium

assessment
of inherent Medium Lower Medium Higher
risk is
Low Medium Higher Highest

(a) If inherent risk is assessed as high and control risk as high, detection
risk is very low

19
 Illustration – Relationship among
Components Audit Risk
Payroll and Inventory and
Personnel cycle warehouse cycle
A Auditor’s assessment of Expect few Expect many
expectation of material misstatements misstatements
misstatement (Ignore internal
Control) (IR: Low) (IR: High)
(inherent risk)
B Auditor’s assessment of High Low effectiveness
effectiveness of internal control as effectiveness
prevention measures (CR: High)
(control risk) (CR: low)
C Auditor’s willingness to permit Low willingness Low willingness
material misstatement to exist.
(acceptable audit risk: Always (AAR: Low) (AAR: Low)
LOW)
D Extent evidence the auditors plan Low level High level
to accumulate
(Detection Risk) (DR: high) (DR: Low)
20
 Relationship of audit risk and audit
evidence
There is an inverse
relationship between This is also true for Inherent risk and
audit risk and the detection risk, for a control risk however,
amount evidence particular assertion, has direct
needed to support the lower the relationship with
the auditors’ opinion. detection risk audit evidence. The
The lower the level of determined by lower the inherent
audit risk to be auditors, the greater risk and control risk,
achieved, the greater the amount of the lesser the amount
amount of evidence evidence needed. of evidence needed
is needed

End Notes: Inverse relationship between evidence and audit risk and
detection risk. BUT direct relationship between evidence and inherent risk
and control risk.
21
Relationship of materiality and audit risk

In order to obtain the

For example: Reducing
same level of audit risk
There is an inverse the materiality
for RM100,000, the
relationship between amount from
auditor would have to
materiality and audit RM1,000,000 to
obtain additional audit
risk, i.e. the lower the RM100,000 and
evidence about
materiality level, the GATHER the same
possible misstatement
higher the audit risk audit evidence,
in the interval from
and vice versa “morally” audit risk
RM100,000 to
will increase
RM1,000,000

22
II. MATERIALITY

23
 Materiality
The magnitude of an omission or
misstatement of accounting information
that makes it probable that the judgment
of a reasonable person relying on the
information would be changed or
influenced by the omission or
misstatement.

Materiality is
a matter of professional
judgment.
24
Steps in Applying Materiality

Establish a preliminary judgment about materiality.

Determine tolerable misstatement.

Estimate likely misstatements and compare

totals to the preliminary judgment about materiality.

25
 Concepts of Materiality
DEFINITION MATERIALITY Materiality: Materiality is an
Information is material when auditor’s preliminary estimates
the misstatements could of the smallest amount of
influence the economic decisions misstatement that could be
of users taken on the basis of the material to the client financial
financial statements statement

CONCEPTS OF MATERIALITY
Materiality is the criteria used by If material misstatement exist,
accountants and auditors in the auditor should bring the
distinguishing between matter to the client attention to
unimportant and important take action to rectify such
matters. Auditor is responsible to misstatements in order to give a
determine that the financial true and fair view opinion on the
statements prepared by the financial statements
management are free from
material misstatement 26
 Concepts of Materiality
Of course the accounts cannot be
perfectly accurate and as such allows Sources of material misstatements
small error. While the financial are Errors and Fraud. Material
statements may contain misstatements include the material
misstatements BUT not so large that amount of the misstatement.
could change the decision. Thus,
understanding allows auditors to use
sampling techniques and audit job
therefore could be perform and
completed on a reasonable cost Bases are needed for evaluating materiality.
Because the materiality is relative,
therefore it is necessary to have bases for
establishing whether misstatement are
material. Example: PBT, net sales and total
It is a relative concept rather assets are normally used as primary base.
than absolute. Example: A Auditor may decide that a misstatement of
misstatement of RM1 million PBT of RM100,000 or more would be
would be material for a small material. The materiality threshold also can
company but may not for a be expressed in term of percentage on
large company like IBM bases selected rather than an absolute
amount 27
 Concepts of Materiality

The quantitative base for

The quantitative amounts
materiality is a percentage
may be adjusted lower for
(typically 3 to 5 percent) of:
qualitative factors such as:
• Total assets.
• First-year engagement.
• Total revenues.
• Control weaknesses.
• Income before taxes.
• Management turnover.
• Income from continuing
• High market pressures.
operations.
• High fraud risk.
• Gross profit
• Higher than normal risk
• Three-year average of
of bankruptcy.
income before taxes.

28
 Concepts of Materiality
◦ Quantitative Guideline. No official guidelines on quantitative
measures guidelines of materiality. For example:

BASE MATERIALITY
THRESHOLD (%)
Turnover 1%
Profit before tax 5% to 10%
Total assets 1%
Equity 1%

29
 Concepts of Materiality
Qualitative factors also affect materiality. Certain types of misstatements are
also important even if the dollar amounts are small. Example:

• Amount involving fraud considered more important than error (in the same
amount) because frauds will reflect honesty and reliability of the personnel
involved. Example: Misstatement of inventory amount. If the misstatement
due to fraud is more serious than the misstatement due to error.
• Small amount of misstatement could be material if bad consequences arising
from contractual obligations. Example: In granting loan to the company, the
bank for example required the company to maintain sufficient net working
capital. So if the net working capital were less than the required minimum
even though in small amount, any misstatement could be material because
this may put the loan in default.
• Misstatements that are immaterial may be material if it affect a trend in
earning. For example, for the past 5 years, earning increase 5% percent per
annum but income for this year decline by 1%. Any misstatement may be
material to maintained the trend.
• Misstatements that are immaterial but still need to disclose to comply
disclosure requirement.

30
 Concepts of Materiality
However, no specific rules or standard is provided in determining
materiality. It requires considerable professional judgment by
practitioners.

POLICY STATEMENT: MATERIALITY GUIDELINES (An Example)

Professional judgment is to be used at all times in setting and
applying guideline, the following policies are to be applied:-

The combined total of misstatement in the financial

statements exceeding 10% is normally considered material. A
combined total less than 5% is presumed to be immaterial in
the absence of qualitative factors. Combined misstatement
between 5% and 10% requires the greatest amount of
professional judgment to determine their materiality

31
 Concepts of Materiality
POLICY STATEMENT: MATERIALITY GUIDELINES (An Example)
Professional judgment is to be used at all times in setting and
applying guideline, the following policies are to be applied:-

The 5% to 10% must be measured in relation to the appropriate base.

Many time there is more than one base to which misstatements should
be compared. The followings are recommended in selecting the
appropriate base:
(i) Income statement: Combined misstatements in the income statement
should ordinarily be measured at 5% to 10% of PBT, depending on size of
income for particular year
(ii) Balance sheet: Combined misstatements in the balance sheet should
originally be evaluated for current asset, current liability and total
assets. For current assets and current liability, the guidelines should be
5% and 10% and for total assets should be between 3% to 6%, applied in
the same way as for income statement

32
End of Topic 3e