Sb7e SM ch06 Final Solution Manual Auditing International Approach

CHAPTER 6
ASSESSING RISKS AND INTERNAL CONTROL
SOLUTIONS FOR REVIEW CHECKPOINTS
ESSENTIALS
6-1. The term risk means the probability of something happening in the future, usually it refers to something
undesirable.
6-2. Saying that audit under GAAS is performed from a risk-based perspective means that it starts with an
understanding of the business risks that the auditee’s management must navigate to keep the business successful.
Management is responsible for addressing the risks arising in the company’s business environment and operations.
Management is also responsible for ensuring the company’s financial statements fairly present the business’s
economic performance and financial position, both good and bad.
6-3. At the preliminary stages of audit planning, the auditors will take a high level view, based on the nature of the
business and its environment, its financial strength, and its corporate governance, to make an assessment the risk
of material misstatement for the financial statements overall. Issue that could have a pervasive impact on the
financial statements are considered, such as going concern uncertainty or complex related party transactions. This
allows the auditors to focus on key risk areas that they expect to encounter and set up an overall audit strategy
that sets out the main resources required to perform the audit.
6-4. Management is responsible for addressing the risks arising in the company’s business environment and operations
to keep the business successful. Management is also responsible for ensuring the company’s financial statements
fairly present the business’s economic performance and financial position, both good and bad.
6-5. Business risks arise from the business environment and operations. Management deals with them by applying risk
assessment tools, including strategic planning, using appropriate business processes, and implementing reliable
information systems.
6-6. Risks related to financial reporting and disclosure are managed mainly by implementing strong internal control
over the financial information system.
6-7. Auditors’ understanding of the business and its management controls allow them to assess how effective the
management processes and controls are likely to be. If management’s risk assessment processes are not strong, it
becomes more likely that the business risk will not be reduced. This leads to more problems that should be
captured in the financial information system. In this way, business risk can contribute to higher RMM. If these
problems are not picked up by the information system, perhaps because they are not routine or expected
situations, it may affect the fair presentation of the financial statements. If the financial information systems &
internal control are not strong, this also can result in misstatements in the financial statements. So auditors need
to understand how management itself assess risk to determine how effective the management processes and
controls are likely to be in managing the inter-related business and financial reporting risks that can increase the
RMM.
6-8. Assertions are the claims that management is making that its financial statement numbers and disclosures are
fairly presented. Assertions are narrowly defined aspects of the overall financial statements, including the classes
of transactions, the account balances and the disclosures in the financial statements.
Smieliauskas & Bewley, Auditing: An International Approach, 7th Edition Page 6-1
Solutions Manual © 2016, McGraw-Hill Education. All Rights Reserved.
6-9. The five main assertions are existence, completeness, ownership, valuation, and presentation.
For Cash (an account balance) the five assertions are:
• The cash really exists (e.g., it could be counted, or examined at the bank).
• All the cash that exists is included (e.g., there isn’t a bank account left out).
• The company owns the cash (e.g., there are no restrictions on the company use of the cash).
• The cash is appropriately valued in accordance with GAAP (e.g., if the financial statements are in Canadian
dollars, all cash balances are measured in those dollars, and if in other currencies they are converted at an
appropriate exchange rate)
• The cash has been classified appropriately and disclosures required to achieve fair presentation are
included (e.g., the cash is included in current assets, and statement of cash flows properly presents the
changes in cash in the required categories of operating, financing and investing).
For Accounts Payable A/P (an account balance) the five assertions are:
• The A/P really exists (e.g., it is a real obligation of the company at year end).
• All the A/P that exists is included (e.g., there isn’t an amount owing that has not been accrued).
• The company owes the A/P (e.g., they have not accrued an invoice from a different company).
• The A/P is appropriately valued in accordance with GAAP (e.g., at face value if very short term, amortized
cost if longer term)
• The A/P has been classified appropriately and disclosures required to achieve fair presentation are included
(e.g., trade A/P due within one year is included in current liabilities).
For Revenues (a class of transaction) the five assertions are:

• The revenue actually occurred (e.g., it was not fictitious or related to the next period).
• All the revenue that occurred is included (e.g., there isn’t a revenue that was earned before year end that
did not get accounted).
• The company owns the revenue recorded (e.g., commission revenues are shown at the percentage earned
not the gross amount charged).
• The revenue is appropriately valued in accordance with GAAP (e.g., an appropriate revenue recognition
policy has been used that complies with the GAAP criteria applicable)
• The revenue has been classified appropriately and disclosures required to achieve fair presentation are
included (e.g., the accounting policy for revenue recognition is disclosed and explained in an
understandable way)
6-10. The assertions provide a very powerful conceptual tool for planning and performing an audit. In the risk
assessment step of the audit process, breaking the financial statements down to assertions for the classes of
transactions, the account balances and the disclosures helps auditors to think more specifically about what
assertions are most difficult to get right in a particular business, and to consider if management’s risk assessment
processes, business processes, and internal control systems are strong enough to lower the highest risk assertions.
In the risk response step of the audit process where audit procedures are performed to respond to the assessed
risks, assertions really can help auditors to identify the most relevant evidence they can gather to gain reasonable
assurance that the RMM is acceptably low.
6-11. The first factor is the inherent risks arising in the business environment and operations: these can make material
misstatements more likely to happen in the first place. The second factor is the control risks arising from lack of
effective internal control over the financial information system: these can allow material misstatements enter the
information system and go uncorrected.
6-12. The auditor assesses the RMM in the assertions in the all the main transactions, account balances and disclosures
in the company’s financial statements. The auditor’s business knowledge and understanding of management’s
internal controls indicate which assertions are most vulnerable to misstatements arising from inherent and/or
control risks. For example, the auditor might assess the risk of inventory valuation as ‘high’, ‘medium’ or’ low’, or in
terms of numerical probabilities, or ranges of probabilities. It should be remembered these risk assessments are
essentially qualitative, based on an auditor’s professional judgment, they cannot be quantified precisely.
6-13. The term audit risk is defined in GAAS as the risk that the auditor gives an opinion that the financial statements are
fairly presented when they actually are materially misstated. Essentially, audit risk refers to the risk of audit failure,
that is, when the audit has failed to meet its objective.
6-14. Conceptually, we can look at audit risk and audit assurance as complements: By obtaining a reasonable (i.e., high)
level of assurance that there is no MM, the audit risk is lowered.
6-15. To meet the ethical requirement to use due care and the overall objective of an audit, when issuing a clean audit
opinion the auditor can accept only a low level of audit risk, and thus requires a high level of audit assurance.
6-16. The components of the model are audit risk (AR), inherent risk (IR), control risk (CR), (which, when taken together
are known as the risk of material misstatement (RMM)) and detection risk (DR). Audit risk (AR) is defined as the
probability that the auditor gives an opinion that the f/s are fairly presented when they actually are materially
misstated. Inherent risk (IR) is defined as the probability that material misstatements affecting one or more f/s
assertions could have occurred in the first place, before any controls were applied. Inherent risk (IR) is defined as
the probability that material misstatements affecting one or more f/s assertions could have occurred in the first
place, before any controls were applied. Detection risk (DR) is defined as the probability that the auditors
procedures will fail to detect a misstatement that has occurred and has not been corrected by the company’s
internal controls. It is the auditor’s responsibility to keep the DR to a low enough level to achieve an acceptably
low level of AR. The auditor lowers DR by performing independent investigation work that gives assurance that
MM have not occurred.
6-17. Since engagement characteristics differ, some engagements might call for a much lower AR than others. If the
circumstances of the engagement indicate that the consequences of audit failure would be extremely damaging to
the auditor’s reputation and would likely create legal liability, this will increase the auditor’s risk from accepting
the engagement, so the auditor will try to achieve the lowest AR possible. Since achieving lower AR requires
getting more assurance, it requires higher audit effort and thus increases the cost of doing the audit. Factors like
the extent to which users rely on the audit opinion, the kinds of decisions they make, the financial health of the
business, and the competency of management can affect how much impact an audit failure would have on the
auditor’s reputation and liability. Auditors consider these kinds of factors to decide how low the achieved AR needs
to be for a particular engagement. In engagements where there are fewer, or no outside users relying on the
audited f/s to make risky investment decisions, the auditor might be willing to accept somewhat more audit risk. In
that case the auditor will still be using due care, but can perhaps be more cost efficient in doing the audit work
6-18. The audit risk model formula is as follows:
AR = IR x CR x DR { or AR = RMM x DR }
The formula can be rearranged to:
DR = AR ÷ RMM { or DR = AR ÷ (IR x CR) }
To plan the audit, the auditor sets the AR level for the audit overall, and assesses RMM (or IR and CR) at the
assertion level. The IR and CR are conditions that exist in the auditee, the auditor is responsible for assessing these
but has no control over them. By arranging the formula to focus on DR, the model is used to indicate the level of
DR that needs to be achieved. DR is lowered by doing more audit verification procedures. The auditor is
responsible for keeping the DR to a low enough level to achieve the acceptably low level of AR.
6-19. A low DR means there is a low risk that the auditor’s examination procedures work have not revealed a material
misstatement that exists in the account, class of transactions or disclosure. A high DR might be accepted if the IR
and CR are both low, so little assurance is required from audit detection procedures. A low DR will be required
when IR and CR are high, since there is little assurance that a material misstatement does not exist in the financial
statements, and the audit detection procedures will be the only way to determine whether or not it does.
6-20. The audit risk model can be used as thinking tool for making audit planning decisions and for performing an
effective audit. Assessing these related types of risk can help to identify the financial statements assertions that
will require the most audit effort, and those that do not require as much time and attention.
6-21. Auditors get assurance about the financial statements assertions from three main sources: the inherent nature of
the assertion, the effectiveness of controls over the assertion, and the relevant evidence obtained through the
independent audit investigation work. The assurance level is the complement of the risk factors in the audit risk
model.
6-22. The information system is made up of business processes and the accounting processes are related to them. The
accounting processes capture relevant financial data and generate the information that is presented in the
financial statements.
6-23 Typically, manufacturing businesses will have accounting processes for revenues from customers, for purchases
from suppliers, for payroll to employees, and for financing and investing transactions, and production accounting
process for accumulating costs of manufacturing inventory.
6-24 Since each process involves related classes of transactions and account balances, it is more effective for auditors to
use the auditee’s accounting processes as a basis for dividing up their audit programs, for assigning audit staff to
the work on one process so they will be examining all the related aspects of it.
TEXT
6-25 Business risk is the auditee risk that the auditee will be unable to achieve its business objectives or execute its
strategies. Understanding management’s risk assessment process helps to assess the risk that the financial
statements could be materially misstated. Auditing standards (e.g., CICA Handbook - Assurance, CAS 315)
emphasize the auditor’s need to understand business risk and the “entity’s risk assessment process” in order to
plan and execute appropriate audit procedures. This is referred to in the text as the business risk approach to
planning and executing the audit. The auditor may identify risks of material misstatement that management’s risk
assessment process failed to identify and if the auditor believes there is a material weakness in the entity’s risk
assessment process, the auditor needs to communicate this to the audit committee or equivalent. Generally, the
business risk approach requires the auditor to take a broader view of the whole organization and assess the risks of
material misstatements that arise from a variety of aspects of the business.
6-26 The two parts of business analysis are strategic analysis and business process analysis. The goal of business analysis
is to learn about the auditee’s analysis of the risks its business faces, in particular, whether the analysis identifies
all material business risks.
6-27 Auditor’s knowledge of the business (e.g., from previous audits of companies in the same or similar industries) is
the key to understanding the risks associated with a particular auditee’s business strategy. Common risks
associated with a business strategy are risks of cost leadership, risks of differentiation, and risks of focus. These are
discussed in the chapter appendix. Senior management is the chief source of information about the auditee
company’s business strategy.
6-28 A business processes is a structured set of activities within the entity that is designed to produce a specific output
in accordance with the business strategy.
6-29 Business processes are the source of the transactions and events that need to be captured in the business’s
information system and its financial statements, so it is important for auditors to understand the business
processes that create evidence that can support the validity and accuracy of the information that ends up in the
financial statements.
If the business process produces value-added output in the way that the strategy intended it to do, it is more likely
that the business will achieve its objectives and not fall prey to the various risks. The purpose of business process
analysis is to identify the system to assure adherence to the business strategy. The auditor must understand the
process and identify key sub-processes to examine in detail these key sub-processes, inherent business risk
associated with the sub-process, and the control environment associated with the sub-process. The information
the auditor seeks to learn about a target business process are the following: process objectives (i.e., role in
achieving the entity’s business objectives), process activities, classes of accounting transactions and cycles
employed, process risks, and process controls. This understanding of the business process helps the auditor to
assess what are the most significant risks of material misstatement of the financial statements.
6-30 In the airline industry, a key business risk is being required to service routes that are not profitable. The company
needs to plan schedules and fares that ensure revenues can cover costs. Cost controls are also critical to the
strategy to address this risk.
In a manufacturing business a risk is not producing the right quantity of the right products at the right time.
Processes that predict market demand and integrate production scheduling, including supply chain integration, are
examples of processes to address this risk.
6-31 Business risks are related to the kinds of strategies the organization will pursue and the types of business processes
it will set up in its organizational structure. Businesses that operate in a fairly predictable environment often will be
run hierarchically - they tend to use structured, routine business processes to achieve their strategies - this tends
to be possible when a large part of the operation involves fairly predictable high volume transactions. Businesses
that operating in more complex and changing environments tend to use less hierarchical organizational structures -
they will tend to use more variable and judgmental processes to achieve strategies that involve more unique, one-
off types of output. Organizational structures can also be viewed as being ‘rigid’ (and hence more likely to see
hierarchical decision-making processes) or ‘organic’ (hence using more fluid decision-making processes).
6-32 Business risks that could affect the financial statements when complex IT and e-commerce are used include
integration of various systems, accessibility risks mean the security infrastructure and related controls should more
extensive, financial records generated need to be supported by appropriate controls that may need to be
automated.
6-33 The business process analysis has to consider the extent to which management has identified e-commerce
opportunities and risks in its strategy; whether the e-commerce activities are being aligned carefully with the
entity’s overall business strategy or just adopted ad hoc in response to opportunities and risks as they arise;
whether management’s risk assessment process covers the changing sources of revenues and costs for the entity
and how effectively the business processes capture and control these; whether evaluation techniques are
appropriate to assess the incremental profitability of e-commerce activities, etc.
6-34 External performance measures are key performance indicators reported to analysts, creditors and shareholders.
Internal performance measures are those used for personnel review and incentive programs like bonus plans.
These uses can create pressures on the business that may increase the risk that managers are motivated to
misstate the financial statements. Events or conditions that indicate an incentive or pressure to commit fraud or
provide an opportunity are referred to as “fraud risk factors”. For example, the need to meet expectations of third
parties to obtain additional equity financing or the granting of significant bonuses if unrealistic profit targets are
met may create pressure to manipulate financial reports fraudulently.
6-35 Gimmicks to manipulate earnings include inappropriate revenue or expense recognition to move profits from
future to current period or vice versa, failing to accrue liabilities, fabricating ‘transactions’ that boost profits, etc.
6-36 Quality of earnings refers to the company’s ability to continue to earn profits on a similar basis to its current
earnings, both in terms of the amounts and the trends over relatively long periods of time. Quality earnings will be
consistent and highly associated with the underlying core business activities.
6-37 The auditor has a continuing responsibility to communicate any suspicions or evidence of fraud, to a level of
management higher than the employees involved in the case of lower-level employees. If the possible fraud
involves high-level managers the auditor must communicate this with those charged with governance, such as the
audit committee or the board of directors. The auditor is responsible for communicating any suspected or known
fraud with management and those charged with governance on a timely basis, regardless of the stage of audit
work.
6-38 Procedures used in financial performance analysis include but are not limited to: analysis of key financial
statement ratios, examining trends of such ratios over time, review of significant accounting policies, developing a
balanced scorecard, and analyzing the consistency of financial and nonfinancial performance measures. Major
discrepancies in any of the above indicate a higher risk of material misstatement. For example, major
inconsistencies between financial and nonfinancial measures of performance, inadequate management
justification of unusual or questionable accounting policies, and ratios out of line with industry trends would lead
the auditor to assess a higher risk of material misstatement, and result in additional substantive work to reduce
this risk to the acceptable level.
6-39 Five principal assertions in financial statements:
1. Existence assertion:
The practical objective is to establish with evidence that assets, liabilities and equities actually exist and that
sales and expense transactions actually occurred. Cut-off can be considered an aspect of the existence
assertion (Existence in a specified time period). CAS 315 uses the term occurrence when existence is
applied to transactions.
2. Completeness assertion:
The practical objective is to establish with evidence that all transactions of the period are in the financial
statements and all transactions that properly belong in the preceding or following accounting periods are
excluded. Another term for these aspects of completeness is cut-off.
Completeness also refers to proper inclusion in financial statements of all assets, liabilities, revenue,
expense and related disclosures.
3. Ownership (or Rights and Obligations) assertion:

The practical objectives related to rights and obligations are to establish with evidence that assets are
owned (or rights such as capitalized leases are shown) and liabilities are owed.
4. Valuation (or Allocation, Measurement) assertion:

The practical objective is to establish with evidence that proper values have been assigned to things (assets,
liabilities, equities and related disclosures) and events (revenues, expenses and related disclosures).
‘Allocation’ refers to the practical objective of obtaining evidence about “valuations” achieved by cost
allocations such as depreciation and inventory costing methods. ‘Measurement’ is the term used to refer to
application of an appropriate generally accepted method to determine the dollar amount to include in a
financial statement, as in CICA s.1000 or other conceptual accounting frameworks.
5- Presentation and Disclosure assertion:

The practical objective is to establish with evidence that accounting principles used by management are
appropriate in the circumstances and are applied properly, and that disclosures contain all information
required by generally accepted accounting principles.
6-40 Assertions are the focal points for all audit procedures because they are the fundamental management claims that
are being audited. Audit procedures produce evidence that relates to one or more specific assertions. As will be
explained in detail later in Chapter 8, auditors use “audit objectives” that are derived from the five principal
assertions to design specific evidence gathering procedures.
6-41 Auditing completeness involves getting evidence about what is not there. Auditors have to depend on
management’s representations to some extent, and corroborate these with evidence from a variety of sources,
including internal controls. There is rarely a ‘slam dunk’ type of procedure that provides strong conclusive evidence
that everything that should have been included has been included.
6-42 Auditors should think about what could go wrong in a particular assertion because this is an effective thought
process for assessing the risk that there is a material misstatement related to the assertion. There are many ways
that error and fraud can affect the assertions, so a creative thinking technique is helpful for assessing risk in an
audit.
6-43 An audit plan will be made up of a set of audit programs, which contain specific descriptions of the ‘audit work’ -
this refers to all the audit procedures that will be performed by the audit team to gather evidence and give them
assurance about whether or not there is a material misstatement. If you are given an audit program with a list of
audit procedures and are using them to plan this year’s audit, you need to consider: “What are the assertions
management is making by reporting this financial information?” Which assertion(s) does this procedure produce
evidence about?” “Does the list of procedures (the audit program) cover all the assertions?”
6-44 The four risks included in the audit risk model and their descriptions are:
Inherent risk: the probability that material misstatements, due to errors or fraud, have entered the data
processing system.
Control risk: the probability that the auditee’s system of internal control will fail to detect material
misstatements, provided any enter the accounting system in the first place.
Detection risk: the probability that audit procedures will fail to find material misstatements, provided any
have entered the system and have not been detected or corrected by the auditee’s internal
control system.
Audit risk (also sometimes called “overall risk” or “tolerable risk” or “ultimate risk”): a concept applied both to the
probability of giving an inappropriate opinion and to the probability of failing to discover
material misstatements in a particular disclosure or account balance. It represents the
amount of risk the audit is accepting, for example if audit risk is 5% the auditor is accepting a
5% probability of giving the wrong audit opinion. Another way of thinking of audit risk is the
complement of assurance - so at 5% audit risk the auditor is 95% sure that the financial
statements are not misstated
The audit risk model is a conceptual model of how the four types of risk are related. Audit risk is a combination of
the other risks:
Audit Risk = Inherent Risk x Control Risk x Detection Risk.
6-45 The audit risk level an auditor will be willing to accept varies according to auditee and engagement circumstances.
Generally, the more risky the auditee or the more users rely on the audited financial statements, the lower the
planned audit risk. As the possibility of being sued for material misstatement increases, an auditor will decrease
planned audit risk to compensate for the increased risk associated with the engagement. This possibility of
negative consequences for the auditor tends to be higher when the company is listed on a public stock exchange,
when the company is in financial difficulty, and when users are making significant financial decisions based directly
on audited financial statement information.
6-46 Inherent risk assessment will vary from auditee to auditee and is an important application of the auditors
understanding of the business risks. It is helpful to assess inherent risk on an assertion by assertion basis, as
sometimes the risk arises mainly from one assertion (e.g. valuation of accounts receivable when the auditee has a
liberal credit policy). Accounts with high inherent risk are those subject to misstatement because of complexity
(inventory valuation in a manufacturing business), volume (sales transactions in a large retail business), likelihood
of theft (jewelry or small consumer electronic gadgets), or because they are difficult to control (cash receipts in a
charity). Inherent risk tends to be low in accounts that change little (share capital), are low volume (dividend
payment) or calculated from other amounts (amortization).
6-47 Control frameworks are tools that help auditors to identify all the aspects of control that should exist in the
auditee’s business. This includes ‘company-level’ or ‘management controls’ as well as control over business
processes, information systems and financial statements. There are various frameworks an auditor can choose
from, and usually an audit firm will develop a version for use by its audit teams. The frameworks help auditors to
focus on key aspects of control relevant to the financial statements and to evaluate whether all the required
controls exist and whether they are designed to be effective in reducing risks to an acceptable level. The auditor’s
control identification and evaluation process is called the control risk assessment. Control frameworks thus are
useful tools that assist auditors in their control risk assessment processes.
6-48 Some well accepted control frameworks are: CICA’s Criteria of Control Committee (COCO) Guidance on Control;
Committee of Sponsoring Organizations of the Treadway Commission, Internal Control – Integrated Framework
(COSO); and Control Objectives for Information and Related Technology, published by the IT Governance Institute
(COBIT).
6-49 In connection with auditor’s judgments about internal control, anchoring is the mental carryover of prior
knowledge and the application of prior conclusions to the current control system, usually without gathering much
new evidence.
6-50 In the hockey game analogy, the defending hockey team’s fans can represent the users of the company’s financial
statements. If the audit (goalie) does not stop the puck from entering the net (material misstatement in the
financial statements not detected and corrected) it is a bad outcome for the users as the financial statements may
be misleading or useless for their decisions.
6-51 For example, from a recent Audit Risk Alert:
Some of the effects of bad economic times that create risk of material misstatement, and auditors should be alert
to detect in auditees’ financial statements, include:
 Asset valuations--recoverability and bases of accounting.

 Inappropriate offsetting of assets and liabilities.
 Changes in cost-deferral policies and the reasonableness of amortization periods.
 Allowances for doubtful accounts, in general, and loan-loss allowances for financial institutions, in particular.
 Compliance with financial covenants and the necessity to obtain waivers from lending institutions to meet
current requirements.
 Changes in sales practices or terms that may require a change in accounting.
 Changes in revenue recognition approaches and assumptions
6-52 “Audit risk in an overall sense” refers to the audit taken as a whole and the probability that an auditor will give an
inappropriate opinion on financial statements. Generally, this is the risk of giving the standard unqualified report
when the financial statements contain material misstatements or the report should be qualified or modified in
some manner.
“Audit risk applied to individual account balances” refers to the probability that auditors will fail to discover
misstatement in a particular account balance at least equal to the tolerable misstatement assigned to the audit of
that balance. This version of audit risk is applied in concept at the individual account balance level.
6-53 In theory, the materiality decision (how much precision is required in the audit opinion) is independent of audit
risk decision (how much assurance is required in the audit opinion). It is helpful for an auditor to keep these two
considerations separate since the materiality decision focuses on what dollar amount of misstatement is likely to
affect users’ decisions, while the audit risk level decision is focused on the audit firm and how careful it wants to be
to avoid providing a clean opinion on materially misstated financial statements. In practice, the two concepts are
related because they have a similar impact on the amount of audit evidence required, for example when a fraud is
suspected a smaller materiality level is used - this has the same result as using a lower tolerable audit risk level.
Materiality and audit risk decisions both have an impact on the auditor’s decisions on the nature, extent and
timing of audit evidence to be gathered. You may want to refer ahead to Exhibit 8-6 which shows the impact of
both materiality and audit risk decisions on audit evidence gathering decisions.
6-54 Business risk needs to be considered in assessing audit risk. Audit risk relates to accurate reporting on business
risks, thus, the higher the business risks the greater the need to report them accurately. As a consequence, the
general relationship is that the higher the auditee’s business risk the lower the planned audit risk needs to be.
6-55 Business risk analysis can be incorporated into the audit risk model to provide insight into many risks of material
misstatement that arise from accounting uncertainties and estimation risk. These risks cannot be detected by
substantive factual evidence because they are based on forecasts of future economic factors. These uncertainties
can be viewed as accounting risks that relate to the business risk. The auditor’s understanding of business risk can
help to assess how significant such non-detectible accounting estimation misstatements might be. Business risk
analysis is a way for the auditor to distinguish accounting risk from audit risk, and ensure that the financial
statements adequately present the risks to users. If these risks are assessed as unacceptably high, effectively the
scope of the audit is too limited to allow the auditor to provide reasonable assurance on the financial statements
overall.
6-56 Four “processes” and accounts in them:
Revenue process
| Purchases process
| | Production process
| | | Finance process
| | | |
| | | |
-- -- -- --
X X X X Cash
X Accounts receivable
X Allowance for doubtful accounts
X Sales
X Sales returns
X Bad debt expense
X X Inventory
X Fixed assets
X Accum depreciation
X Accounts payable
X Accrued expenses
X General expense
X Cost of goods sold

X Depreciation expense
X Bank loans
X Long term notes
X Accrued interest
X Capital stock
X Retained earnings
X Dividends declared
X Interest expense
X Income tax expense
An accounting process can also be referred to as a ‘cycle’, because transaction information from the same type of
business process (e.g., a sale on account) will run through the same set of accounts over and over during an
accounting period (e.g., sales revenue, accounts receivable and cash are the main accounts involved in recording
sales on account). A cycle perspective groups the set of accounts affected by a particular class of transaction
together for audit examination, which often increases efficiency.
6-57 The cash account is represented in all the processes/cycles, because: (a) cash receipts are involved in cash sales
and collections of accounts receivable (revenue process), (b) cash receipts arise from issuing shares and loan
proceeds (finance process), (c) cash disbursements are involved in buying inventory and capital assets and paying
for expenses purchases process), and (d) cash disbursements are involved in paying wages and overhead expenses
(production process).
6-58 Predictable relations should exist among the accounts in each process/cycle. Also, the audit evidence that is
available for one component of the process often also contains information for other components, because high-
volume routine transactions are recorded using the journal entries. A process groups the accounts related because
a typical routine transaction (e.g. recording a sale, or paying salaries) affects them all.
MULTIPLE CHOICE ANSWERS
MC 6-1 [LO1] Business risk is related to business strategy because:

a.auditors assess business risk so they can provide their auditees with a business strategy.
b.business risks are events or actions that cause changes in technology.
c. managers frequently change their business risks in response to changes in the business strategy.
d. business risks are events or actions that may have a negative effect on the audit client’s ability to achieve its
strategic objectives.
MC 6-2 [LO1] Information technology changes can affect business risk when:
a. they result in a need to change business processes.
b. they do not include ecommerce activities.
c. systems become less complex.
d. systems become less integrated
MC 6-3 [LO1] The auditor assesses a business risk as high when:
a.it is unlikely and moderate.
b. it is likely and significant.
c. it is possible and insignificant.
d.it is likely and insignificant.
MC 6-4 [LO1] Which of the following is not likely to be an important source of information the auditor can use to
understand a client’s business:
a.geologist’s reports on mineral reserves.
b.internal auditors.
c. retail sales statistics.
d. Monday night football scores.
MC 6-5 [LO2] If the XYZ company reports a $355,000 balance of accounts receivable, the existence assertion means
a. there are no accounts receivable by XYZ that have not been included in the balance
b. all the amounts making up the $355,000 balance will be collected in full, in cash
c. all the amounts included in the $355,000 balance represent valid sales on account that are still outstanding and
due to the company
d. the receivables have not been sold to another company
MC 6-6 [LO3] The risk that the auditors’ own work will lead to the decision that material misstatements do not exist in
the financial statements, when in fact such misstatements do exist, is:
a.Audit risk.
b.Inherent risk.
c. Control risk.
d. Detection risk.
MC 6-7 [LO4] Auditors are responsible for the quality of the work related to management and control of:
a.Inherent risk.
b.Relative risk.
c. Control risk.
d. Detection risk.
MC 6-8 [LO4]
The auditors assessed a combined inherent risk and control risk at .67 and said they wanted to achieve a .15 risk of
failing to detect misstatements in an account with a material balance. What audit risk are auditors planning to accept
for this audit?
a. 0.20
b. 0.10
c. 0.75
d. 0.05
MC 6-9 [LO5] The cash account is included in more than one accounting process because:
a. all the business processes involve either receiving or paying out cash at some point.
b.cash is the most difficult asset to control.
c. cash is the easiest asset to steal.
d.cash can be either an asset or a liability.
MC 6- 10 [LO5] The revenue process of a company generally includes these accounts:
a. inventory, accounts payable, and general expenses
b. inventory, general expenses, and payroll
c. cash, accounts receivable, and sales
d. cash, notes payable, and capital stock
MC 6-11 [LO5] Management’s general purpose financial statements
a. are the responsibility of the auditor
b. include only non-routine transactions
c. make assertions that are the focal point of audit procedures
d. can rarely be reconciled to the auditee’s trial balance
MC 6-12 [LO2] Management assertions are
a. Stated in the footnotes to the financial statements.
b. Implied or expressed representations about the financial statements.
c.Explicitly expressed representations about the financial statements.
d. Provided to the auditor in the assertions letter, but are not disclosed on the financial statements.
MC 6-13 [LO3] In the Audit Risk Model, Audit Risk (AR) refers to
a. an uncorrected misstatement that would probably affect users of the financial statements.
b. the probability that a material misstatement occurred in an assertion of a class of transactions, account balance
or disclosure.
c.the probability that management’s internal controls did not catch a misstatement once it has occurred
d. the probability that audit procedures don’t catch a misstatement that has occurred and was not caught by the
auditee’s internal control
e. the risk the auditor is willing to accept of giving a clean audit opinion on financial statements that are
materially misstated
MC 6-14 [LO3] In the Audit Risk Model, Inherent Risk (IR) refers to
a. the probability that management’s internal controls did not catch a misstatement once it has occurred.
b. the probability that a material misstatement occurred in an assertion of a class of transactions, account
balance or disclosure.
c.the risk the auditor is willing to accept of giving a clean audit opinion on financial statements that are materially
misstated.
d. the probability that audit procedures won’t catch a misstatement that has occurred and was not caught by the
auditee’s internal control.
e. a misstatement that would probably affect users of the financial statements.
MC 6-15 [LO3] In the Audit Risk Model, Control Risk (CR) refers to
a. the risk the auditor is willing to accept of giving a clean audit opinion on financial statements that are materially
misstated
b. a misstatement that would probably affect users of the financial statements.
e. the probability that a material misstatement occurred in an assertion of a class of transactions, account balance
or disclosure.
MC 6- 16 [LO3] In the Audit Risk Model, Detection Risk (DR) refers to
a. the risk the auditor is willing to accept of giving a clean audit opinion on financial statements that are materially
misstated
b. the probability that a material misstatement occurred in an assertion of a class of transactions, account balance
or disclosure.
e. a misstatement that would probably affect users of the financial statements.
MC 6-17 [LO2] Assertions are used in financial statement auditing for
a. defining aspects of the classes of transactions, account balances and disclosures in the financial statements to
help auditors to specify the impact of business risks on fair presentation.
b .providing specific substantive evidence auditors can rely on to indicate material misstatements
c. providing auditors with independent evidence and reasonable assurance about whether the financial statement
information is fairly presented
d. supporting the auditor’s conclusions and the opinion in the auditor’s report regarding what could have gone
wrong in the financial statements
MC 6-18 [LO2] BDD Co. has a large balance of accounts receivable from many different customers, some of which are more
than 60 days overdue. BDD management asserts that it will collect all the accounts eventually by applying pressure
on the slow payers. For this reason, BDD’s management claims that it would be understating BDD’s assets if it were
to set up a provision for bad debts. The assertion that may be materially misstated for BDD’s accounts receivable
balance by this situation is:
a. the completeness assertion
b. the inherent risk assertion
c. the existence/occurrence assertion
d. the valuation assertion
e. the recognition assertion
MC 6-19 [LO2] LMN Co. is holding consignment inventory held for another company, which must be excluded from LMN’s
financial statements to comply with
a. the completeness assertion
b. the ownership/rights and obligations assertion
c. the existence/occurrence assertion
d. the valuation assertion
e. the recognition assertion
MC 6-20 [LO2] If XYZ Co. records sales revenues in its current year financial statements for shipments that were made the
first day of its following fiscal year, the assertion affected is
a. valuation (the sales amounts are not correctly calculated)
b. completeness (the sales were not completed at year end)
c. existence/occurrence (the sales did not occur during the fiscal year)
d. ownership/rights & obligations (XYZ does not have the rights to the sales at year end)
MC 6-21 [LO2] The sole shareholder of Jade Company had a contractor pave the parking lot at the company building, and
also pave the driveway of his home. Both paving jobs were billed to the company on a single invoice. The assertion
affected by this activity is
a. accuracy
b. valuation
c. completeness
d. ownership/rights and obligations
e. existence/occurrence
MC 6-22 [LO3] Oakland Hills (OH) is a ski resort and the revenue they report each year is greatly affected by the
temperature and snowfall in the winter months. The variation in revenues from year to year is difficult for
management as their bonus is based on increasing income year over year. The situation above best describes what
kind of risk?
a. Audit Risk
b. Inherent Risk
c. Control Risk
d. Detection Risk
MC 6-23 [LO3] Evelyn is the controller of Mylan Connections (MC), a Public Relations firm with 50 account managers.
Travel expenses for the consultants represent one of the largest expenses for MC. Evelyn does a thorough review
of each expense report at the end of the month to ensure that all expenses are valid. The expense reports are then
passed on to the VP Operations for his approval. When Evelyn is on vacation, the VP Operations simply approves
the expense reports to ensure there are no delays in reimbursing the consultants. The situation above best
describes what kind of risk?
a. Audit Risk
b. Inherent Risk
c. Control Risk
d. Detection Risk
MC 6-24 [LO4] When performing the audit risk assessment, it was determined that the audit risk for GXP’s current year
audit increased from moderate to high. As a result, the auditor should
a. proceed with the audit in a similar manner to the prior year as this is a recurring engagement and he is familiar
with the client.
b. refuse the mandate for the current year to avoid an audit risk that is too high.
c. adjust the audit work performed in the current year as compared to the prior year to reduce audit risk to an
acceptable level.
d. accept the engagement only if GXP agrees to a review level engagement which would reduce the auditor’s liability.
SOLUTIONS FOR EXERCISES AND PROBLEMS
EP6-1 Industry risks include: competition, product integrity, labelling, suppliers of organic products may be hard to find,
demand for products and willingness to pay higher prices is very uncertain.
Regulatory risks include: ‘organic’ registration and certification is required, standards need to be complied with to
qualify, and this requires appropriate compliance systems and monitoring by management.
Operating risks include: real estate investments’ location and value, new store acquisitions, perishable inventory to
be managed, possibility of product liability if unsafe food products are sold, etc.
All these risks have an impact on accounting in this business. Product inventory valuation is complex because
estimates of costs are required and valuation depends on determining salability of the various organic food
products. There are valuation issues related to whether products are eligible for ‘organic’ labelling, and can be sold
for adequate prices that cover costs on a timely basis given the perishable nature. Accounting for real estate used
in the business also raises issues such as whether locations are viable, whether investments are recoverable as any
impairment must be identified for valuation of these assets. There are also possible and contingent liabilities that
need to be disclosed or recorded if required by the accounting framework.
It is important for the auditor to ensure appropriate accounting information is reported about the business’s
financial performance and conditions, and that disclosure of risks is adequate and in accordance with the financial
reporting framework’s requirements
EP6-2 As Royal Health is a public company, the auditor would likely accept only a low level of audit risk. Three audit
issues that affect audit risk and risk of material misstatement include:
 Inventory: The company is growing its own inventory, so cost accumulation and determination of quantities
may increase risk of misstatements in the existence and valuation assertions. The product is a commodity, and
the auditor may require expert assistance to obtain appropriate evidence.
 Related party transactions: The company has significant marketing expenditures that are not at arms’ length.
This increases risk of misstatement since valuation may not be at fair value, and evidence will need to be
obtained regarding fair value of the marketing services used. The auditor will also need to ensure that related
parties, and the transactions and balances with them, are accounted for and disclosed in accordance with the
financial reporting framework.
 Foreign sales: The company makes sales in other countries, so there is risk of misstatements arising in
currency translation. Also, the terms of sale, and determining when title transfer has occurred, may be
complex across borders. The availability of evidence from far-flung customers may also be an issue that
increases the risk of misstatement, and also may limit the scope such that it will be difficult for the auditor to
perform procedures to attain an acceptably low audit risk level.
EP6-3 Business processes generate accounting information. Types (or classes) of transactions related to a business
process are also viewed as an accounting process or “cycle.” Accounting processes provide convenient way to
separate transactions for study and assessment during audit. This is because the same general ledger accounts will
be used over and over in the process/cycle so the balances can be related via analytical procedures. Also, an error
in one of accounts will affect the others in the process, so the risk of material misstatement is related for all
accounts in a particular process. Examples of accounting processes used in the text are Revenues, Purchases,
Payroll & Production, and Financing.
EP6-4 Business Processes, different industries

a) Bicycle manufacturer
 Revenue processes - processes for accumulating customer orders, credit approval, tying in to
production and delivery scheduling, record keeping for units shipped, customer relations management
processes, issuing invoices, tracking receivables, cash collections, etc.
 Purchases processes - processes for materials procurements tying into production scheduling, supplier
relations management, recording materials received, setting up payables, cash payments, etc.
 Production processes - tying in to customer order process, lead time for materials procurement and
manufacturing labour scheduling, cost accumulation for materials, labour and overheads, quantity
tracking, transfers from work-in-progress to finished goods inventory, etc.
 Finance processes - cash flow projections tying in to borrowings to cover negative cash balance phases
after paying for materials and labour, borrowing and repayment, investing surplus cash, etc.
b) Architect firm
 Revenue processes - processes for obtaining client projects, credit approval, tracking hours and
progress billing, record keeping for hours, issuing invoices, tracking receivables, cash collections, etc.
 Purchases processes - processes for procuring supplies and services, setting up payables, cash
payments, etc.
 Production processes - project planning and staff scheduling, tying in to tracking hours and billings, etc.
after paying for staff hours/salaries, borrowing and repayment, investing surplus cash, etc.
c) Retail grocery store
 Revenue processes - processes for pricing stock on store shelves, cash register control procedures for
sales, cash receipts reconciliations, cash deposits, etc.
 Purchases processes - processes for goods procurement tying into sales projections and economic
ordering quantities, modifications to purchasing plans for special promotions and seasonal demand
items, supplier relations management, recording goods received, inventory management processes,
setting up payables, cash payments, etc.
 Production processes - not applicable
after paying for inventory procurement, borrowing and repayment, investing surplus cash, etc.
EP6-5 Auditors should pay particular attention to external and internal performance measures for the following reasons:
Quality of earnings refers to a company’s ability to replicate its earnings, both in terms of the amounts and the
trends over relatively long periods of time. While users are particularly interested in high quality earnings that are
informative about future performance, managers likewise have incentives to paint the best picture possible.
Auditors have to consider whether the earnings reported reflect actual underlying economic performance and also
provide a realistic basis for users to assess whether the performance is repeatable in future.
External performance measures reported to analysts, creditors and shareholders and internal performance
measures used for personnel review and incentive programs like bonus plans can create pressures on the business
that may increase risk that managers are motivated to misstate financial statements.
For example, the need to meet expectations of third parties to obtain additional equity financing or the granting of
significant bonuses if unrealistic profit targets are met may create pressure to manipulate financial reports through
aggressive accounting choices even to the point of that an auditor may assess that the risk of fraudulent reporting
is significant.
EP6-6 Assertions
Assertions used by the auditor fall into the following categories:
(a) assertions about classes of transactions and events for the period
under audit:
(i) occurrence — transactions and events that have been
recorded have occurred and pertain to the entity; Existence
(ii) completeness — all transactions and events that should
have been recorded have been recorded;
(iii) accuracy — amounts and other data relating to recorded Completeness
transactions and events have been recorded appropriately;
(iv) cut-off — transactions and events have been recorded in
the correct accounting period; and Valuation
(v) classification — transactions and events have been
recorded in the proper accounts;
Existence and completeness
(b) assertions about account balances at the period end:
(i) existence — assets, liabilities and equity interests exist; Presentation
(ii) rights and obligations — the entity holds or controls the
rights to assets, and liabilities are the obligations of the
entity;
(iii) completeness — all assets, liabilities and equity interests
that should have been recorded have been recorded; and
(iv) valuation and allocation — assets, liabilities and equity Existence
interests are included in the financial statements at
appropriate amounts and any resulting valuation or Ownership
allocation adjustments are appropriately recorded; and
(c) assertions about presentation and disclosure:

(i) occurrence and rights and obligations — disclosed events, Completeness
transactions and other matters have occurred and pertain
to the entity;
(ii) completeness — all disclosures that should have been Valuation
included in the financial statements have been included;
(iii) classification and understandability — financial information
is appropriately presented and described, and disclosures
are clearly expressed; and
(iv) accuracy and valuation — financial and other information
are disclosed fairly and at appropriate amounts.
The auditor may use the assertions as described above or may express them Existence and Ownership
differently provided all aspects described above have been covered. For
example, the auditor may choose to combine the assertions about
transactions and events with the assertions about account balances. As
another example, there may not be a separate assertion related to cut-off of Completeness
transactions and events when the occurrence and completeness assertions
include appropriate consideration of recording transactions in the correct
accounting period. Presentation
Source: CPAC Handbook – Assurance, CAS 315
Valuation
Different terms are used to provide finer definitions. The finer definitions can be helpful for developing more
specific statements of the auditing objectives, that relate specific financial statement components and to auditing
procedures. For example, to describe the existence assertion as it relates to a transaction stream some people find
it easier to think about whether transactions really ‘occurred’ rather than whether the transactions really ‘exist’.
Another term used for existence is validity, i.e., are the balances valid, are the transactions valid? Various alternate
terms have been used historically and so they are retained, but they can be viewed as synonyms. Overall, sufficient
appropriate audit evidence must be obtained to address the five principle assertions discussed in the text, with
regard to the level of risk of misstatement in each assertion, for each account balance, class of transactions, and
disclosure.
SOLUTIONS FOR DISCUSSION CASES
DC6-1 Audit risk model

Evaluation of risk assessment conclusions with AR = IR x CR x DR as a model.
a) Ohlsen is not justified in acting upon a belief that IR = 0. He may have seen no adjustments proposed
because (1) none were material or (2) Limberg’s control system has functioned well in the past and
prevented/detected/corrected material errors. If IR = 0, then AR = 0 and no further audit work need be
done. Auditing standards and practice do not permit this level of (non)work based on this little evidence
and knowledge.
b) Jones is not justified in acting upon a belief that CR = 0. She may well know that Lang’s internal accounting
control is exceptionally good, but (1) her review did not cover the last month of Lang’s fiscal year and (2)
control procedures are always subject to lapses, and management override is always a possibility.
Therefore, CR can never equal zero. If CR = 0, that implies AR = 0 and no further audit work would need be
done. Audit practice does not permit an initial assessment of control risk at zero to the exclusion of other
audit procedures.
c) Insofar as audit effectiveness is concerned, Fields’ decision is within the spirit of audit standards. Even if IR =
1 and CR = 1, if DR = 0.02, the AR = 0.02. This audit risk (AR) seems quite small. However, Fields’ decision
may result in an inefficient audit.
d) This case was deliberately left ambiguous, without putting probability numbers on the audit risks. Students
will need to experiment with the model. One approach is to compare the current audit to a hypothetical
last year’s audit when “everything was operating smoothly.” Assume:
Last Year: AR = IR (0.50) + CR (0.20) x DR (0.20) = 0.02

Current year: AR = IR (1.0) + CR (1.0) x DR (0.25) = 0.25
Features of the hypothetical comparison:

1. Inherent risk is greater than last year.
2. Control risk is greater than last year.
3. The audit was done in less time, and maybe the detection risk is a little greater.
4. Audit risk appears to be very high.
An alternative analysis is that Shad perceived higher inherent and control risk early, and he did not put audit time
into trying to assess the risks at less than 100%. He proceeded directly to performance of extensive substantive
procedures and worked a lesser total number of hours, yet still performed a high-quality audit by keeping AR low
by keeping DR low. In this case, however, Shad would still need to do at least a cursory examination of controls,
and document the conclusion, to provide support in the audit file for the assessment of control risk as being very
high, and the decision not to rely on internal control (see CAS 200, paragraph 7).
DC6-2 Planning, inherent and control risk, manufacturing business

The case requires one to apply one’s knowledge of the business, given the facts provided in the case and other
reasonable assumptions, to judge the relevant inherent and control risks for different financial statement
components, to designing appropriate and cost-effective controls and assessing the adequacy of these controls.
Various valid considerations and procedures can be generated.
a) The inherent risk assessments can take into consideration the nature of the item and the risk that an error
can have occurred in accounting for that item in the first place
b) The general tendency for high value items that have higher inherent risks to require stronger controls can be
discussed. This can lead to recognizing the constraint that more extensive controls are more costly and at
some point the additional benefit is not justified. The risk will remain that errors that have occurred will not
be caught by control procedures - this is control risk.
c) Procedures can be described that relate to identifying risk and the controls in place to mitigate those risks.
The assessment involves judgment as to whether the inherent risk is adequately reduced by the control
procedure, and whether the procedure is being followed so as to effectively reduce the risk to a reasonable
level.
d) The question requires consideration of impact of the nature of the business on what needs to be accounted
for, what inherent risks exist in the business and thus its accounts. This illustrated the importance to the
auditor of understanding how a business creates value and earns profits. (The question could be expanded
to address control risk in these different businesses, as above)
DC6-3 Business understanding, risk analysis

The TGL case provides an exercise for a group project or in-class group discussions.
a) Review the list of factors in Appendix 6A and describe how each applies to the TGL companies, or indicate if
it is not applicable. The categories can be divided up among groups and each group then presents their
results to the rest of the class. The categories factors provide search parameters for the optional Internet
research project.
b) The factors, as they apply in the grocery business are considered in terms of operating characteristics of TGL
to identify risks that may have financial implications. For example, large increases in energy costs can affect
the costs of product storage, transportation, heating and lighting in stores. Operating changes may be
introduced to lower energy use, but may have negative consequences. For example, raising refrigeration
temperature may increase food spoilage. Incentives relating to meeting profit targets may induce
employees to under-accrue electricity bills, affecting the completeness assertion for accounts payable.
c) TGL appears to be striving for differentiation from other grocery stores through product and service
differentiation, with one-stop convenience providing value to customers. They also can achieve cost
leadership because of their size and buying volumes, and through vertical integration. Processes to achieve
this strategy will involve at the enterprise-wide level, logistics (right quantities of right products in right
location), cost management, sales volume analysis. Store level processes include:
 Revenue processes - processes for pricing stock on store shelves, cash register control procedures for
sales, cash receipts reconciliations, cash deposits, etc.
 Purchases processes - processes for goods procurement tying into sales projections and economic
ordering quantities, modifications to purchasing plans for special promotions and seasonal demand
items, supplier relations management, recording goods received, inventory management processes,
setting up payables, cash payments, etc.
 Production processes - not applicable
 Finance processes - cash flow projections tying in to borrowings to cover negative cash balance
phases after paying for, borrowing and repayment, investing surplus cash, etc.
d) Strategic risks: supply chain restructuring, adoption of new information system platform, new contracted
out general merchandise warehouse and distribution facility, GST audit
Possible process deficiencies: supply chain management, planning and management processes relating to
organization changes/restructuring, information system planning and development, management of third-
party warehousing and distribution functions, GST collection and remittance processes.
Potential financial statement impact: Lower profits and missed targets create incentives for overly
aggressive accounting choices. Systems problems can result in omitted transactions, and other accounting
errors or omissions. An unrecorded contingent liability may exist related to GST reassessment, etc.
DC6-4 a) Key business factors in the CB case that its auditors must understand to assess the risks of material
misstatement (RMM) include:
Industry, regulatory, other external risk factors

- global operations: risk of currency fluctuations, political risk e.g. expropriation of assets by
government, unfavourable tax or duty imposed
- highly competitive industry, competing with powerful large companies, price cutting may threaten
profitability
- materials are commodities with fluctuating world prices
- many laws and regulations are costs of operating, if violated can result in additional costs or shut
down of operations
Nature of CB’s business (operations, investments, financing)

- raw material prices may rise and competition may prevent CB from passing these on
- supplier contracts need to be renegotiated annually, may lose a key supplier or face unfavourable
renegotiation terms.
- CB is dependent on a few large customers, loss of one customer can severely impact its profitability
- investment expansion of operations may overextend financial and management resources
- product liability for unsafe products is highly risky, may suffer significant costs of damages and loss
of reputation and customer confidence may reduce sales
- may not be able to protect its intellectual property successfully, or prove that it has not infringed
on other companies’ property rights since beverage products are not very distinguishable
- breach of debt covenants can require disclosure of uncertainty regarding successful renegotiation
CB’s objectives and strategy to address business risks

- expansion geographically and into new products and services to remain competitive
- cost cutting and rationalization to increase profitability/reduce losses
- new, experienced top management hired to start a turnaround by changing ‘culture’
b) Linking business risks to RMM

Industry, regulatory, other external risk factors
- RMM: commodity prices and currency fluctuations are risk factors that may affect inventory
valuation (LCM), contingent losses due to regulatory violations may be probable and require
disclosure etc. (to be valid the points must be clearly linked to industry and external risk factors)
Nature of CB’s business (operations, investments, financing)

- RMM: inventory valuation may be affected by changes in costs imposed by suppliers, marketability,
beverages have limited shelf life, disclosure of economic dependence on large customers may be
inadequate, valuation of PPE and intangibles may be affected negatively by poor investment
management risk or inadequate capitalization to complete construction, or inability to protect
intellectual property rights, contingent liability disclosures may be incomplete if unreported
product liability or patent infringement issues occur (to be valid the points must be linked to
operating/investing/financing risk factors)
CB’s objectives and strategy to address business risks

- RMM: CB’s strategies to address its risks may not succeed, if they fail the company may go
bankrupt given the cut-throat nature of its competitive environment. (to be valid the points must
relate to management’s strategic risk assessment factors)
c) Control risk appears to be high as some material weaknesses have been identified recently and the auditors
don’t know whether management has succeeded in fixing these problems yet. Assessment of internal
control would require enquiries of management, observation and documentation of the control
environment and control system, and identification of key control procedures in CB that may be effective or
significant deficiencies if they are not effective. (If any reliance on controls being effective is feasible, the
controls identified would need to be tested by procedures such as observation, examination of documents,
and reperformance - but this does not seem likely in this case.)
Applying the conceptual audit risk model:
 Inherent risk also would be assessed as high in the risk model, given the factors identified in part a).
Thus the auditors will assess a very high risk of material misstatement (IR and CR combined).
 Facts suggest lowest audit risk should be accepted - it is a public company, with complex global
operations, new management, financial difficulties, investors are unhappy - many factors indicate the
auditor faces considerable risk of being sued for business and/or audit failure due to complex and risky
operations.
 Overall the high RMM, combined with a low desired audit risk, will give a very low DR and the auditors
will need to obtain a high level of highly reliable audit evidence to support their opinion.
DC6-5 Obtaining a ‘sufficient’ understanding of internal control
The primary reason for conducting an evaluation of an auditee’s existing internal control system is to give the
auditors a basis for finalizing the details of the account balance audit program--to determine the nature, timing
and extent of subsequent substantive audit procedures. (See CAS 200, paragraph 7.)
A secondary purpose for conducting an evaluation of internal control is to be able to make constructive
suggestions for improvements. Officially, the profession considers these suggestions a part of the audit function
and does not define the work as management consulting.
Another purpose of the evaluation is to report to management and the board of directors or its audit committee
any discovery of “any reportable conditions” of internal control deficiencies. These conditions may suggest a high
risk of error, fraud or other irregularities.
DC6-6 Comprehensive audit planning decisions

a) Factors to consider to support accepting/continuing OMS, based on facts given in OMS case:
Obtaining and reviewing financial information about prospective client

- are there unusual accounts or business practices that audit firm is not familiar with? Need to understand
business risks.
- OMS provides moving and storage services to offices, we need to understand their business process,
nature of sales agreements, liabilities for damage/losses of customer property and related insurance
policies, etc. There may be issues of completeness of liabilities, and valuation of sales that will present
challenges in doing audit. The use of fuel futures is new to OMS
- this raises risks to assess related to valuation issues, whether an accounting policy per GAAP, etc.
Is the financial condition good?
--OMS profits are around $1.6 million, and have Assets-Liabilities around $1.3 million. With such a strong
balance sheet & earnings, there is high certainty it will continue as a going concern
Evaluation of audit firm’s independence
-- if OMS is a continuance decision, our firm needs to consider if it should assign new partner or manager so
he/she will be less familiar and more objective about the OMS audit. We need to re-check that all audit firm
staff still have no conflicts of interest with OMS.
Does audit firm have competency and resources to do an effective audit?
--Considering OMS’s size, location, nature of operations, it is not an unusual or complex business model and
there is no indication of major changes this year (assuming a continuing audit) so the audit firm should still
be capable to complete audit
Determine management’s willingness to accept responsibility for financial statements that are fairly presented in
accordance with GAAP/acceptable framework and accept responsibility for adequate internal control
--OMS management includes the 3 shareholders, this suggests management has integrity and enforces good
controls in their own interest as owners. However, the plans to bring in passive investors could create risks
as the current owner managers might want to bias income upwards to get higher price for new shares…
Predecessor auditor communication
-- This would be required if first time audit assumed, the audit firm will need to find out if any reasons not to
accept the engagement.
b)
Current Assets = 2,392,421
Current Liabilities = 1,451,844
Current ratio = 1.6 to 1.0
Credit revenues = 34643256.99

Net A/R= 1,428,583
A/R turnover = 24.3 times
CR analysis can tell you liquidity is good - CA can support paying CL. The auditor might do more a rigorous
test with fuel futures excluded (then CR = 1.2 to 1, so not as safe but still okay) - low risk of bankruptcy
A/R turnover tells us that the net A/R balance is collected about twice a month - with 10-day payment terms
this is longer than their collection policy. It suggests there may be some collection delays that can result in
higher risk of bad debts - need to investigate sufficiency of AFBD provision.
c) Materiality levels
Quantitative starting point: 5-10% normal operating income
Base: Calculate “normal income” from trial balance data
NIBT= $1.6 million
Materiality level determination:

Objective is to determine a reasonable Overall Materiality level for financial statements as a whole, consistent
with reasons
Start by taking 5% of NIBT to provide lower end of range (or other reasonable approaches can be considered)
Pre-tax income $1.6 m @ 5% = $80,000
Justification for judgment considers the following:

Qualitative considerations -
Outside investors may look at financial statements to support share price they will pay, for example they
may be using a multiple-of-earnings approach -
Consider the preliminary level in relation to other financial statements components that users may look at,
such as revenues, total assets, etc.
Calculate performance materiality as 70% of materiality level chosen, based on the guidance given in the case. So if
$80,000 chosen above, $56,000 will be used as Overall Performance Materiality.
d) The auditor’s decision on acceptable audit risk level is based on nature of engagement, consequences of audit
failure
Factors to note, with appropriate impact on audit level acceptance:
 Public vs. private company -- OMS is private, would raise AR willing to accept
 Users making risky financial decisions from f/s -- new investors will use audited f/s to check trends using
this year’s audited f/s, possible to calculate and earnings based purchase price, would lower AR
 Auditee financial health/risk of business failure -- OMS financially sound, may raise AR acceptable
 --OMS has plans to grow so faces new risks if strategy doesn’t work - may lower acceptable AR
 Management’s reputation/integrity, willingness accept responsibilities for preparing GAAP f/s,
designing and implementing adequate I/C and to provide written representations -- at OMS this appears
as no problems stated in case, also can support raising acceptable AR level
 Overall, some factors indicate the auditor can accept higher risk and other suggest it should be lower.
This indicates the auditor can accept a moderate level of AR for the OMS audit. Using the guidance in
the case, of the three choices ‘low, lower, lowest’ the ‘lower’ level is appropriate.
e) In order to design an effective audit, auditors must understand the business and the economic environment of
the business including factors such as:
 economic conditions -
 geographic locations -
 developments in taxation and regulation -
 specific industry characteristics & risks -
 business objectives-
 key strategies employed to meet those objectives - quality control, research/improve production
processes, etc.
 risks that threaten achievement of those objectives -
Consider the following case facts in relation to the above business risk factors:
 80% credit sales - collection risk
 Extras not well controlled as main moving contract since no segregation of collection and ability to not
report - risk of incorrect billings
 Manager discounts may be inappropriate - could allow kickback scheme
 Unrealized gains on futures as revenues - could be risky if lack internal expertise, use of estimates
creates misstatement risk
 Plan to expand, may fail and bring whole company down
 Destroying customer property - insurance can increase,
 Economic - interest rates, increase insurance premiums overall
 Geographic - spread out
 Few assets for amount of services selling - could lower quality and damage reputation and future sales
f) Revenues transactions arise from credit and cash sales. There are different services with different revenue
transactions streams: moving, extra moving services, storage services
Assertions and related IR assessments:

 Existence: No case specific facts suggest a high risk of recording false revenues, so low IR
 Completeness: Depends on good controls over recording all sales & extras, possible to miss recording
unless controls are good, especially extras since may not be contracted through segregated office staff
(movers might arrange these with customers unknown to office staff and pocket extra cash) - so high IR
 Valuation: -- case facts suggest a risk of errors of calculating customer charges due to the different types
of revenue and extra charges that are difficult to monitor, so high IR
 Ownership: - no case specific facts suggest a risk of billing unauthorized amounts, so low IR
 Presentation: classification not complex, accounting policies for revenue & disclosure are clear to apply,
management has strong accounting skills - so low IR (An exception may be for the recording unrealized
gain on futures in revenues - not ‘held for trading’ so it’s not GAAP to put with ordinary revenues, OCI
would be appropriate - this seems to be a specific risk on this aspect of the revenue total only)
DC 6-7 FINANCIAL PERFORMANCE ANALYSIS LO1, LO2
i- Stock up your freezer promotion: This may indicate be a strategy to shift revenues from a future period to the
current period as customers were encouraged to purchase goods in December even if they were only going
to be used in future periods. Revenues should only be recognized when they are earned. If the transaction
was completed (paid and shipped to the client) prior to year-end, then the revenue recognition criteria have
been met, even if the client only uses the product at a future date (BCI completed their end of the deal).
The risk of material misstatement is however increased as Jackie indicated that they had trouble keeping up
with deliveries, so some of the sales claimed for December may not have actually been delivered before
year end. This suggests a cut-off issue and additional testing should be done on these sales to ensure all
sales recorded were in fact shipped prior to year-end. There is a risk of material misstatement related to the
revenue existence/occurrence assertion.
ii – Revenue Recognition – Weddings: The change in the revenue recognition policy could indicate a bias to
increase net income for the current year by recognizing a portion of the revenues from an event that is to
take place in the following accounting period. The fact that no one else in the industry seems to adopt this
policy suggests it is an aggressive accounting policy and increases the risk of a material misstatement for the
audit. There is a risk of material misstatement related to the revenue existence/occurrence assertion.
Additional procedures and enquiries will be needed to decide if this change in accounting policy is
acceptable. Jackie does have a point that an effort to secure the contract and go over the initial planning is
made in the current period and it could be argued that a portion of the revenues should be recognized in
the current period. However, the fact that they currently recognize 20% of the revenues while only 10% is
non-refundable. Since it can be argued that only the 10% non-refundable portion should be recognized
before the wedding is held, the company’s preferred approach suggests once again that BCI is adopting an
aggressive revenue recognition policy. There is a risk of material misstatement related to the revenue
existence/occurrence assertion.
iii- Contingency – Organic Lunch Box
BCI is currently the subject of a lawsuit for misrepresentation with regards to the content of their organic
lunch boxes. Accounting guidelines normally require that a provision be booked if it is likely that BCI will be
liable and an amount can be reasonably estimated. Jackie is dismissing the lawsuit, however, BSP cannot
simply rely on Jackie’s statement. The fact that no provision was booked is in line with a bias to increase net
income for the period. This increases the risk of material misstatement in relation to the completeness
assertion for liabilities.
Additional procedures such as discussion with management and confirmations with external legal counsel
should be performed on this particular claim to determine if it is likely that BCI will be found liable.
DC 6-8 Preliminary Analysis, Materiality, Assertions.
a) To assess the risk of material misstatement, the auditor must understand the nature of the business on
what needs to be accounted for, because it will affect what inherent risks exist in the business and thus its
accounts. This illustrates the importance to the auditor of understanding how a business creates value and
earns profits. The case requires one to apply one’s knowledge of the business, given the facts provided in
the case and other reasonable assumptions, to judge the relevant inherent risks for different financial
statement components in relation to the five principle assertions: existence, completeness, ownership,
valuation and presentation [ECOVP]
b) To make a decision on materiality, we first identify the main users of financial statements – these are the
minority shareholders who have asked for an audit for the first time this year. Also, the bank holding the
long term loan shown in the trial balance likely will use the f/s to evaluate the risk of the company not
paying back its loan. Other qualitative factors could be relevant, like contracts or covenants based on f/s
balances, transaction volumes, indicators of fraud, etc. For quantitative assessment, apply appropriate
benchmarks, e.g. 5-10% pre-tax normal income, ½% to 1% revenues or assets, and then also consider
qualitative factors, to generate reasonable range. Select one level from range and justify the quantitative
choice based on qualitative factors.
c) Two possible ratios that could be calculated for analysis are:

i) current ratio/quick ratio
– may indicate liquidity problem, financial condition is poor, risk of business failure.
ii) gross margin percent
– may suggest performance of operation is inefficient, or price competition affecting viability
- for more meaningful ratios and analysis, further information is needed, e.g. past periods to compute
turnover, efficiency ratios, industry average, to allow for more different comparisons.
Other valid ratios, implications, and related further investigation are also acceptable if clearly explained and
supported
d) Assessment of the risk of material misstatement (RMM) takes into consideration both the inherent and
control risks, at the assertion level. The inherent risk assessments are based on the nature of the item and
the risk that an error can have occurred in accounting for that item in the first place, regardless of controls.
The general tendency is for high value items that are attractive to steal, like TVs, to have higher inherent
risks related to the existence assertion. For Dawood, it is manufacturing the TV and monitors, so the
valuation may be subject to errors in complex cost allocations, and the net realizable value may fall due to
technological obsolescence, so the valuation assertion has high risk of misstatement. Several other accounts
could also be noted as high risk, such as warranty provision (high valuation assertion risk as this is an
estimate) or manufacturing equipment (PPE) because it is highly material and may become obsolete or
inefficient over time, affecting its valuation. Another item that may have high inherent risk in Dawood is the
accounts receivable balance if there is a concern about collectability, as the valuation assertion would have
a high risk of misstatement.
Two items that may have low inherent risk assessments are the bank loan - it is straightforward to value it
and confirm its existence and completeness. Share capital might also be noted as a low risk account, since
its ownership is well documented and since it is not complex to account for, its existence, valuation and
completeness would not have high inherent risk.
Generally, assessing high inherent risk leads the auditor to expect management to have strong risk
assessment processes, and strong controls in place to offset/reduce these risks. If this is the case, when
inherent risk and control risk are combined as RMM, the assessed risk could be lower than the inherent risk
alone. However, to rely on this assessment the auditor must test the relevant controls. In Dawood’s case it
may be feasible and efficient for the auditor to test these controls and get some assurance from them, and
that will lower the amount of assurance required from substantive tests. On the other hand, if the controls
are not very strong the RMM will be very high for high inherent risk items and the auditor will need a lot of
substantive evidence to be able to get reasonable assurance to form an opinion about whether the f/ss are
fairly stated.
e) Inventory in manufacturing business will have raw material, WIP and finished goods
Assertions: (note - assessments of RMM below are for finished goods, WIP risk assessments may differ)
Existence: moderate
- The question is whether all the TVs and monitors recorded really are on hand. Since these items are
attractive items that could be stolen, the risk is raised, but verification by physical inspection can provide
very reliable evidence. Further, if controls in place appear strong over recording the purchases, it would be
difficult to make an entry for an inventory purchase that doesn’t exist. Thus the risk is moderated.
Completeness: moderate
- The question is whether all the inventory the company actually owns has been recorded. This depends on
good controls over recording all purchases, and moving costs of WIP through the production accounting
process properly. Since it is possible to miss recording unless controls are good, and inventory is key to the
company’s success, we can assume the controls over this are good and the risk is moderated.
Valuation: high
- The question is whether the dollar amount allocated to the finished goods is correctly calculated and
complies with GAAP (i.e., the financial reporting framework selected by management, including the relevant
inventory valuation policies and methods). There are a number of factors that can lead to risk of
misstatement of the valuation assertions, such as: the TVs might not be able to be sold at expected prices;
the raw materials and components used may not be of suitable quality; the costs of the components may
not be correctly recorded; all production costs incurred in the process may not be captured accurately such
overhead allocations.
Ownership: low
- The question is whether Dawood has proper title to the inventory. The risk is assessed as low since it is
unlikely that Dawood will record inventory that is has not purchased and taken title to upon delivery, or will
include inventory once it is sold (under an assumption that the terms of sale for this type of business are
not complex to follow, and title transfers when goods are delivered with little uncertainty about completing
the sale)
Presentation: low
- The question is whether the inventory is properly classified in the financial statements and all disclosures
required by GAAP are complied with. This is assessed as a low risk assertion since the classification not
complex (as long as there are reasonable systems controls in place to measure the different classes of
inventory: RM, WIP and FG), accounting policies for inventory valuation & disclosure are clear to apply,
management is assume to have the required accounting skills.
Other valid risk assessments could be made based on different assumptions, or on different interpretations
of the facts provided since these are fairly limited in the case.

Sb7e SM ch06 Final Solution Manual Auditing International Approach

Uploaded by

Copyright:

Available Formats

Sb7e SM ch06 Final Solution Manual Auditing International Approach

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sb7e SM ch06 Final Solution Manual Auditing International Approach

Uploaded by

Copyright:

Available Formats

What are the five main assertions that auditors consider?

What are the five main assertions that auditors consider?

What risks does the auditor consider when assessing the valuation assertion of inventory?

What risks does the auditor consider when assessing the valuation assertion of inventory?

CHAPTER 6

ASSESSING RISKS AND INTERNAL CONTROL

SOLUTIONS FOR REVIEW CHECKPOINTS

For Revenues (a class of transaction) the five assertions are:

6-18. The audit risk model formula is as follows:

The formula can be rearranged to:

DR = AR ÷ RMM { or DR = AR ÷ (IR x CR) }

6-39 Five principal assertions in financial statements:

3. Ownership (or Rights and Obligations) assertion:

4. Valuation (or Allocation, Measurement) assertion:

5- Presentation and Disclosure assertion:

Audit Risk = Inherent Risk x Control Risk x Detection Risk.

6-51 For example, from a recent Audit Risk Alert:

 Asset valuations--recoverability and bases of accounting.

6-56 Four “processes” and accounts in them:

X Cost of goods sold

MULTIPLE CHOICE ANSWERS

MC 6-1 [LO1] Business risk is related to business strategy because:

SOLUTIONS FOR EXERCISES AND PROBLEMS

EP6-4 Business Processes, different industries

Assertions used by the auditor fall into the following categories:

(c) assertions about presentation and disclosure:

Source: CPAC Handbook – Assurance, CAS 315

SOLUTIONS FOR DISCUSSION CASES

DC6-1 Audit risk model

Last Year: AR = IR (0.50) + CR (0.20) x DR (0.20) = 0.02

Features of the hypothetical comparison:

DC6-2 Planning, inherent and control risk, manufacturing business

DC6-3 Business understanding, risk analysis

 Production processes - not applicable

Industry, regulatory, other external risk factors

Nature of CB’s business (operations, investments, financing)

CB’s objectives and strategy to address business risks

b) Linking business risks to RMM

Nature of CB’s business (operations, investments, financing)

CB’s objectives and strategy to address business risks

Applying the conceptual audit risk model:

DC6-5 Obtaining a ‘sufficient’ understanding of internal control

DC6-6 Comprehensive audit planning decisions

Obtaining and reviewing financial information about prospective client

Credit revenues = 34643256.99

Materiality level determination:

Pre-tax income $1.6 m @ 5% = $80,000

Justification for judgment considers the following:

Assertions and related IR assessments:

DC 6-7 FINANCIAL PERFORMANCE ANALYSIS LO1, LO2

iii- Contingency – Organic Lunch Box

DC 6-8 Preliminary Analysis, Materiality, Assertions.

c) Two possible ratios that could be calculated for analysis are:

You might also like