1. Professional auditing standards present the audit risk model, which is used to determine the nature, timing, and extent of audit procedures. Describe the components of the model and discuss how changes in each component affect the auditor’s need for evidence.
The audit risk model is used to determine the nature, timing, and extent of substantive audit procedures. The components of audit risk model usually stated as follows:
DR = AR/(IR x CR)
Where: DR = detection risk; AR = audit risk; IR = inherent risk; CR = control risk
Detection Risk: auditors’ procedures will lead them to conclude that a financial statement assertion is not materially misstated when in fact such misstatement does exist. If auditors want to decrease DR, they had
…show more content…
• Cash Flow Pressures: Comptronix suffered net losses from 1986. Until the company attracted a venture capitalist, the company was able to generate strong sales and profits. Prior to 1989, Comptronix had generated only two consecutive years of profit after several years of net losses. cash flow of financial statement cannot cover many years of recurring losses. The management has motives to make up operating accounts to look perfect to attract more investors.
3. Another component of the audit risk model is control risk. Describe the five components of internal control. What characteristics of Comptronix’s internal control increased control risk for the audits of the 1989-1992 year-end financial statements?
Five components of control risk are: control environment, risk assessment, control activities, information and communication, and monitoring. Control environment set the tone of an organization by influencing the control consciousness of people. Risk assessment is management’s process for identifying, analyzing, and responding to the risks. Control activities are policies and procedures that help ensure that management’s directives are carried out. Information is needed at all levels of an organization to assist management in meeting the organization’s objectives. Monitoring of controls is a process to assess the quality of internal control performance over time.
The information and communication is
Risk monitoring and control is the next step and involves the owners of the risks to monitor various risk triggers. This works by scanning the project environment for both identified and unidentified threats and opportunities much like a radar screen (Marchewka, 2009). This approach directly relates to how to respond to the risk. Risk response allows the owner of the risk to commit resources and take actions once the risk is known or opportunity is available. This action usually follows the planned risk strategy.
Audit Risk Assessment can be done by this Audit Risk Model. This model consists of 3 types of risks i.e., inherent risk, control risk and detection risk. Eventually, audit risk is a product of these 3 types of risks (Griffiths, 2012).
Knowledge about risks related to the company evaluated as part of the auditor 's client acceptance and retention evaluation; and the relative complexity of the company 's operations. ( Auditing Standard No. 9 //. (n.d.).
The design and implementation and objectives of company controls are not adequate to meet the control objectives. The control environment control objective is ineffective. This control objective lacks a written policy on ethical conduct, is lacking oversight from the board of directors and audit committee, lacks a consistent style and philosophy from management, and lacks a strong commitment to competence. The risk assessment control objective is effective but lacks any antifraud program and controls. The information and communication control is ineffective. A virus has been detected and is affecting the files of the company. This control is lacking a strong IT department. The general controls financial reporting control objective is effective but is weak in detecting or preventing material misstatement. The monitoring control objective is ineffective; this control has need of an internal auditor.
Q1. What is the link between audit risk and engagement risk? How does the audit risk model allow the auditor to deal with these risks in the most cost effective manner?
CAS 300 requires auditors to their audit using a risk based model where the nature, timing and extent of audit procedures are based on the assessed risk of material misstatement. Pickett (2006) argues that for audits to be effective and efficient, much of the audit effort should be focused on areas that are considered to pose the highest audit risk. Additional audit procedures should be linked to individual audit assertions whereas other audit procedures need to be performed as and when needed. Thus, for an audit plan to be put in place, it is necessary for an auditor to come up with a risk profile of the client comprising an understanding of the business operating by the audit client, assess business risk and also perform its preliminary analytical review.
When performing risk assessment procedures and related activities to obtain an understanding of the client and its environment, the auditor shall obtain an understanding of the following:
17) The risk that the auditor will NOT detect a material misstatement that exists in an assertion is
The analysis of risk assessment controls are an important aspect of a system, as they are used as a basis for identifying and selecting appropriate and cost-effective measures.
Discuss the audit risk model, and ascertain which sampling or non-sampling techniques you would use in order to establish your preliminary judgment about materiality. Justify your response.
| Implication: Increased risk of misstatement of bad debt expense and allowance for bad debts. Response: Assign more experienced auditors to this area. Increase evidence.
“Keystone Computers & Networks, Inc. (KCN) is a company that sells and installs computer workstations and networking software to business customers. The CPA firm of Adams, Barnes & Co. has audited the financial statements of KCN for the past three years. The case illustrates selective audit planning working papers that were prepared by the staff of Adams, Barnes & Co. for this year’s audit.” I will be listing the order in which I would perform this audit and I will decide if I should select the client and focus on the key audit objectives while applying the audit risk model.
However, companies generally adopt a methodology for overall risk assessment. Sometimes these methodologies involve the assignation of risk oversight to leaders in each area. The approach is based upon the assumption that each area knows itself best. However, this often overlooks potential issues in favor of confronting them after they develop. As the need for
Auditors should plan the audit so that the engagement is conducted in an effective manner.
ABSTRACT: Information Technology General Controls (ITGCs), a fundamental category of internal controls, provide an overall foundation for reliance on any information produced by a system. Since the relation between ITGCs and the information produced by an organization’s various application programs is indirect, understanding how ITGCs interact and affect an auditor’s risk assessment is often challenging for students. This case helps students assess overall ITGC risk within an organization’s information systems. Students identify