Materiality and Audit Risk

Chapter 9

Materiality
The definition is the same in the auditing context as everywhere else in accounting Key references
Reasonable assurance Free of material misstatement

Preliminary Judgment
Must be made to determine what is a material misstatement Often based on initial financial statements Qualitative factors as well
Fraud Changes in trends

Remember it is all relative Must always be subject to revision

Allocation of Materiality
The auditor looks for amounts that are material in the aggregate More commonly allocated to balance sheet accounts, then by extension to income statement Tolerable misstatement : Material amount for any given account May be adjusted for fraud and for cost of audit procedures Sampling formulae depend on tolerable misstatement

Estimating Misstatement
Discovered error is projected onto the total
Example: inventory in sample is overstated by 3%, then total is assumed to be by 3% More specific confidence intervals depend on statistical parameters

Total is compared to tolerable amount If it exceeds, may increase testing or demand adjustment

Audit Risk Model

AR = IR x CR x DR AR = Audit risk
The risk that the auditor will incorrectly issue an unqualified opinion

IR = Inherent risk
The risk of material misstatements absent any internal controls or testing

Audit Risk Model

CR = Control risk
The risk that internal controls will fail to prevent or detect material misstatement

DR = Detection risk
The risk that audit tests will fail to detect material mistatement

Therefore, audit risk is a function of inherent risk, unchecked by controls and not detected by the auditor

Risk Components
Inherent risk
Higher in complex transactions Higher where items are more naturally prone to fraud Based in part on prior experience Industry and management pressures

Inherent risk cannot be changed by the auditor it just is Control risk

Depends on the design and execution of controls Where controls are good, risk is low

Risk Components, II
More Control risk
Depends on all 5 COSO categories Observed by the auditor but cannot be changed retroactively

Detection risk
A function of the types of tests the auditor does Remember nature, timing, and extent This is the only risk element that can be controlled by the auditor

AR = IR x CR x DR also means DR = AR / (IR x CR)

Is Risk Quantifiable?
Yes and No Often assessed in percentage terms Requires judgment because no number is out there to be measured Detection risk needs to be quantified for statistical testing

Interrelationship of Risks
IF IR and CR are high, then If IR is high and CR is low If IR is low and CR is low If IR is low but CR is high DR should be low (lots of testing) DR can be higher, because controls offset high IR DR can be high Somewhat indicative of fraud. DR should be very low

What is Acceptable Audit Risk?

Risk the auditor is willing to take of being wrong Generally considered in terms of unqualified where there are misstatements, but not in reverse Depends on engagement risk
Financial stability Industry factors Management integrity

Degree of reliance on audited statements

Keep Things Open

Materiality judgments are subject to revision If original bases were overstated, threshold may be too high Control risk assessment must be backed up by control testing results If tests show weaker controls, CR is higher, thus DR needs to be lower