AUDITING
Week 8
11.11 Identify the three steps in a preliminary assessment of risk.
Step 1:
Step 2:
Step 3:
11.12 What audit strategy is the auditor likely to adopt if, at the planning
stage, control risk is assessed as less than high?
In assessing the control risk at less than high, the auditor has identified specific internal
control policies and procedures that they believe will be effective in preventing or detecting
misstatements related to the assertion. Evidence is needed to support this, therefore the audit
strategy the auditor will adopt is a lower assessed level of control risk approach.
11.21 Assessing control risk
An auditor is required to obtain a sufficient understanding of each of the components of an
entitys system of internal control to plan the audit of the entitys financial statements and to
assess control risk for the assertions embodied in the account balance, transaction class, and
disclosure components of the financial statements.
Required
(a)
Explain the reasons an auditor may assess control risk at the
maximum level for one or more assertions embodied in an account
balance.
(b)
What must an auditor do to support assessing control risk at less
than high when the auditor has determined that controls have been
placed in operation?
(a) An auditor may assess control risk at the maximum level for some or all assertions
because the auditor believes internal controls are unlikely to pertain to an assertion, are
unlikely to be effective, or because evaluating their effectiveness would be inefficient.
(b) To support assessing control risk at less than the maximum level, an auditor must
determine whether internal controls are suitably designed to prevent or detect material
misstatements in specific financial statement assertions and obtain evidence through tests
of controls that the policies and procedures are operating effectively.
12.11 Which components of the audit risk model can be controlled by the auditor?
Discuss the interrelationships.
In terms of which components can be controlled by the auditor, the only part would be
detection risk (ASA 200). This is varied based on the assessment of inherent risk and control
risk. Inherent risk is given for a particular client, the auditor assesses it but cannot change it.
Similarly, control risk is given for a particular client, however if control risk is medium or
2
low the auditor may choose to rely on the controls and will therefore have to perform some
compliance testing. Audit risk is specified for the auditor, but is probably constant for the
majority of the clients of the audit firm.
For a given level of audit risk, detection risk is inversely related to the assessed levels of
inherent risk and control risk for each financial report assertion. The level of detection risk
influences the auditors assessment of the nature, timing and extent of the procedures needed
to gain sufficient appropriate audit evidence.
12.12
12.19 What steps may the auditor perform in evaluating the reasonableness of
accounting estimates?
Due to the use of judgement and therefore the subjective nature of these balances, accounting
estimates are often the ones where the most disputes occur between the auditor and
management. ASA 540 suggests that one or a combination of the following approaches
should be adopted in the audit of accounting estimates to obtain sufficient appropriate audit
evidence.
(a) Review and test the processes used by management to develop the estimate.
This would include a review of the data and assumptions used by management in
preparing the estimate, testing the calculations performed, and comparison of the
accuracy of estimates made by management in prior periods.
(b) The use of an independent estimate for comparison.
The auditor may make his or her own independent estimate of the balance and compare it
with managements.
(c) Review subsequent events.
A review of subsequent events after the end of the accounting period may provide
evidence as to the accuracy of the estimate made by management.