Читать книгу Wiley Practitioner's Guide to GAAS 2020 - Joanne M. Flood - Страница 209

The audit risk model describes audit risk as:

AR = RMM × DR

where AR is audit risk, RMM is the risk of material misstatement, and DR is detection risk. The risk of material misstatement is a combination of inherent and control risk. Although GAAS describes a combined risk assessment, the auditor may perform separate assessments of inherent and control risks.

AU-C 315 describes how the auditor should identify and assess the risk of material misstatement, which, in turn, provides a basis for designing further audit procedures. These further audit procedures (which consist of tests of controls and substantive tests) must be clearly linked and responsive to assessed risks.

AU-C 315 also includes the concept of significant risks, which are risks that require special audit consideration. (See “Definitions of Terms.”) One or more significant risks arise on all audits.

The following is an overview of how the process is described in AU-C 315:

 Step 1. Perform risk assessment procedures to gather information and gain an understanding of the entity and its environment, including internal control.

 Step 2. Based on this understanding, identify risks of material misstatement, which may exist at either the financial statement or the relevant assertion level.

 Step 3. Assess the risk of material misstatement, which requires the auditor to:Identify the risk of material misstatement.Describe the identified risks in terms of what can go wrong in specific assertions.Consider the significance and likelihood of material misstatement for each identified risk.

AU-C 330 provides guidance on the design and performance of further audit procedures. In all audits, the auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the financial statements whether due to error or to fraud, and to design the nature, timing, and extent of further audit procedures. (AU-C 315.12)

This assessment of the risk of material misstatement becomes the basis for the proper design of further audit procedures.

Even if the auditor plans a purely substantive audit, he or she still is required to obtain an understanding of internal control. Such an understanding is necessary to:

 Identify missing or ineffective controls.

 Evaluate identified control deficiencies.

 Confirm that substantive procedures alone are sufficient to design and perform an appropriate audit strategy and provide sufficient appropriate audit evidence to support the audit opinion.