Читать книгу Wiley Practitioner's Guide to GAAS 2017 - Flood Joanne M. - Страница 37

The audit risk model describes audit risk as:

where AR is audit risk, RMM is the risk of material misstatement, and DR is detection risk. The risk of material misstatement is a combination of inherent and control risk. Although the standard describes a combined risk assessment, the auditor may perform separate assessments of inherent and control risks.

Section 315 describes how the auditor should identify and assess the risk of material misstatement, which provides a basis for designing further audit procedures. These further audit procedures (which consist of tests of controls and substantive tests) must be clearly linked and responsive to assessed risks.

Section 315 also includes the concept of significant risks, which are risks that require special audit consideration. (See “Definitions of Terms.”) One or more significant risks arise on all audits.

The following is an overview of how the process is described in Section 315:

1. Perform risk assessment procedures to gather information and gain an understanding of the entity and its environment, including internal control.

2. Based on this understanding, identify risks of material misstatement, which may exist at either the financial statement or the relevant assertion level.

3. Assess the risk of material misstatement, which requires the auditor to:

● Identify the risk of material misstatement.

● Describe the identified risks in terms of what can go wrong in specific assertions.

● Consider the significance and likelihood of material misstatement for each identified risk.

NOTE: This process for assessing risk is consistent with the process for assessing the risk of material misstatement due to fraud. Essentially it is an information gathering, assessment, and response process, in which the auditor gathers information about the entity, assimilates and synthesizes that information to make an assessment of risk, and then designs audit procedures that are responsive to those risks.

The assessment of the risk of material misstatement enables the auditor to design appropriate further audit procedures, which are clearly linked and responsive to the assessed risks.

NOTE: Section 315 describes risks as existing at one of two levels: the financial statement level or the relevant assertion level. This distinction is important because the nature of the auditor's response differs depending on whether the risk is at the financial statement level or the assertion level.

● The risk of material misstatement at the financial statement level has a pervasive effect on the financial statements and affects many assertions. The control environment is an example of a financial-statement-level risk. In addition to developing assertion-specific responses, financial-statement-level risks may require the auditor to develop an overall response, such as assigning more experienced team members.

● Assertion-level risks pertain to a single assertion or related group of assertions. Assertion-level risks will require the auditor to design and perform specific further audit procedures such as tests of controls and/or substantive procedures that are directly responsive to the assessed risk.

Section 330 provides guidance on the design and performance of further audit procedures.

In all audits, the auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the financial statements whether due to error or to fraud, and to design the nature, timing, and extent of further audit procedures.

This assessment of the risk of material misstatement becomes the basis for the proper design of further audit procedures.

NOTE: Obtaining an understanding of the entity and its environment also allows the auditor to make judgments about other audit matters, such as:

● Materiality

● Whether the entity's selection and application of accounting policies are appropriate and financial statement disclosures are adequate

● Areas where special audit consideration may be necessary – for example, related-party transactions

● The expectation of recorded amounts used for performing analytical procedures

● The evaluation of audit evidence

Even if the auditor plans a purely substantive audit, he or she still is required to obtain an understanding of internal control. Such an understanding is necessary to:

● Identify missing or ineffective controls.

● Evaluate identified control deficiencies.

● Confirm that substantive procedures alone are sufficient to design and perform an appropriate audit strategy and provide sufficient appropriate audit evidence to support the audit opinion.