Essay Title - Auditor Risk Assessment

Custom Written Accounting Essays ... Click Here

Question 1 - Discuss, in your own words, the objectives and provisions of ISA 315 ‘Obtaining an understanding of the entity and its environment and assessing the risks of material misstatement’

Auditors cannot come up to their work with a set audit program which they suppose to work in all situations. They must understand their client needs, identify and assess audit risk, and plan their work in view of that to their customer wants and needs. ISA 315 deals with understanding and assessing risk.

The auditor should obtain an understanding of the entity and its environment, including its internal control, enough to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures.

The requirements of this Standard can be divided into following five sections:

  • Risk assessment procedures and sources of information about the entity and its environment, including its internal control. This section explains the audit procedures that the auditor is required to perform to obtain the understanding of the entity and its environment, including its internal control (risk assessment procedures). It also requires discussion among the engagement team about the susceptibility of the entity’s financial statements to material misstatement.
  • Understanding the entity and its environment, including its internal control. This section requires the auditor to understand specified aspects of the entity and its environment, and components of its internal control, in order to identify and assess the risks of material misstatement
  • Assessing the risks of material misstatement. This section requires the auditor to identify and assess the risks of material misstatement at the financial statement and assertion levels. The auditor:
  • Identifies risks by considering the entity and its environment, including relevant controls, and by considering the classes of transactions, account balances, and disclosures in the financial statements;
  • Relates the identified risks to what can go wrong at the assertion level; and
  • Considers the significance and likelihood of the risks.

This section also requires the auditor to determine whether any of the assessed risks are significant risks that require special audit consideration or risks for which substantive procedures alone do not provide sufficient appropriate audit evidence. The auditor is required to evaluate the design of the entity’s controls, including relevant control activities, over such risks and determine whether they have been implemented.

  • Communicating with those charged with governance and management. This section deals with matters relating to internal control that the auditor communicates to those charged with governance and management.
  • Documentation. This section establishes related documentation requirements.

The Standard includes three Appendices that provide additional guidance on:

  • Understanding the entity and its environment;
  • Internal control components; and
  • Conditions and events that may indicate risks of material misstatement
  • Understanding the Entity and Its Environment

The auditors’ understanding of the entity and its environment consists of an understanding of the following aspects:

  • Industry, regulatory, and other external factors, including the applicable financial reporting framework.
  • Nature of the entity, including the entity’s selection and application of accounting policies.
  • Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements.
  • Measurement and review of the entity’s financial performance.
  • Internal control.

The nature, timing, and extent of the risk assessment procedures performed depend on the

Circumstances of the engagement such as the size and complexity of the entity and the

auditors experience with it. In addition, identifying significant changes in any of the above aspects of the entity from prior periods is particularly important in gaining a sufficient understanding of the entity to identify and assess risks of material misstatement.

The industry in which the entity operates may give rise to specific risks of material

misstatement arising from the nature of the business or the degree of regulation. For example, long-term contracts may involve significant estimates of revenues and costs that give rise to risks of material misstatement. In such cases, the auditor considers whether the engagement team includes members with sufficient relevant knowledge and experience.

The auditor should obtain an understanding of the nature of the entity. The nature of an

entity refers to the entity’s operations, its ownership and governance, the types of investments that it is making and plans to make, the way that the entity is structured and how it is financed. An understanding of the nature of an entity enables the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements.

  • Assessing the Risks of Material Misstatement

The auditor should identify and assess the risks of material misstatement at the

financial statement level, and at the assertion level for classes of transactions, account

balances, and disclosures. For this purpose, the auditor:

  • Identifies risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks, and by considering the classes of transactions, account balances, and disclosures in the financial statements;
  • Relates the identified risks to what can go wrong at the assertion level;
  • Considers whether the risks are of a magnitude that could result in a material misstatement of the financial statements; and
  • Considers the likelihood that the risks could result in a material misstatement of the financial statements.

The auditor uses information gathered by performing risk assessment procedures, including the audit evidence obtained in evaluating the design of controls and determining whether they have been implemented, as audit evidence to support the risk assessment. The auditor uses the risk assessment to determine the nature, timing, and extent of further audit procedures to be performed.

The determination of significant risks, which arise on most audits, is a matter for the auditor’s professional judgment. In exercising this judgment, the auditor excludes the effect of identified controls related to the risk to determine whether the nature of the risk, the likely magnitude of the potential misstatement including the possibility that the risk may give rise to multiple misstatements, and the likelihood of the risk occurring are such that they require special audit consideration. Routine, non-complex transactions that are subject to systematic processing are less likely to give rise to significant risks because they have lower inherent risks. On the other hand, significant risks are often derived from business risks that may result in a material misstatement. In considering the nature of the risks, the auditor considers a number of matters, including the following:

  • Whether the risk is a risk of fraud.
  • Whether the risk is related to recent significant economic, accounting or other developments and, therefore, requires specific attention.
  • The complexity of transactions.
  • Whether the risk involves significant transactions with related parties.
  • The degree of subjectivity in the measurement of financial information related to the risk especially those involving a wide range of measurement uncertainty.
  • Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual.

Question 2 - What type of control procedures were ignored at Daiwa?

The control procedures which Daiwa ignored are;

  • Adequate segregation of duties
  • Proper authorisation of transactions and activities
  • Adequate documents and records
  • Physical control over assets and records
  • Independent checks on performance
  • For each internal control procedure missing, what damages was caused?

Daiwa completely ignored the control procedures due to which they suffered a huge loss. They haven’t got adequate segregation of duties, which lead to the Iguchi’s fraud. There wasn’t any proper authorisation of transactions and activities in addition to any specific controls. Daiwa completely neglect the importance of the adequate documents and records as there wasn’t any proper accounts which caused the huge amount of unauthorised transactions. They ignored the physical control over the assets and records as a result the bond trader was authorised to sales, have custody of the bond assets and to record these transactions. They haven’t got any independent checks on performance which results the serious fraud.

  • What kind of controls could have been instituted that would have prevented the problems at Daiwa?

To prevent the problem at Daiwa, they should use the control activities which are the policies and procedures that help ensure that necessary actions are taken to address risks and achieve management’s objectives. Control activities can be consideration of as:

  • Segregationof duties - the assignment of duties such that no one person is in a position to both perpetrate and conceal errors or irregularities in the normal course of processing information or data. Separate custody, authorization, recordkeeping.
  • Information processing - 1) general controls; 2) application controls to check accuracy, completeness; 3) authorization controls over transactions and 4) document controls.

Documents and records that are adequate to ensure proper recording

  • Pre-numbered
  • multiple copies
  • proper records for detail - control
  • exceptions investigated
  • Performance reviews, such as comparing actual with expected performance.
  • Physical controls, including those designed to 1) restrict access to computerised systems, 2) independent reconciliation of accounting records and the underlying physical assets and 3) safeguard assets.
  • For each of the five internal control procedures discussed above, applying each to a bank trading operation, identify a specific error that is likely to be prevented if the procedure exists and is effective.
  • Adequate segregation of duties By applying this procedure, there wont be any chances to get the wrong amount debited to the account because there will be sudden checks by a number of people.
  • Proper authorisation of transactions and activities By applying this procedure, there wont be any chances for un-authorised transaction as they will been checked.
  • Adequate documents and records There wont be any chances for fake activities as there will be proper records for details.
  • Physical control over assets and records There is no chance that any one has got the full access to anything. For e.g. bond trader will just got the authority to authorised the sale not the custody of the bonds.
  • Independent checks on performance By applying this procedure, employees performance can be evaluated. It can be number of performance check. For e.g. Surveys, Questionnaires.
  • For each of the five internal control procedures, applying each to a bank trading operation, list a specific intentional or unintentional error that might result from the absence of the control.
  • Adequate segregation of duties In the absence of this control, there can be intentional or unintentional error. For e.g. if there is no segregation of duties and only one person is responsible for everything than there are chances for an numeric calculation error or fraud.
  • Proper authorisation of transactions and activities In the absence of this control, there are chances for an un-authorisation transactions or mistake made during the transaction.
  • Adequate documents and record In the absence of this control, the chances for fraud can be far most as anyone can do the illegal activities.
  • Physical control over assets and records In the absence of this control, there are more chance that any one has got the full access to anything. For e.g. bond trader will just got the authority to authorise the sale and also have the custody of the bonds. In this case, there are far more chances for fraud.
  • Independent checks on performance In the absence of this control, there are more changes for an intentional or unintentional errors as there will be no check on performance, employee can be careless for little things and there is a possibilities for a fraud because as there is going to be no performance check anyone can be involved illegal activities.

Bibliography:

Internet reference

Statement on Auditing Standards No. 109

  • http://www.aicpa.org/download/members/div/auditstd/SAS109.PDF [Accessed on 10th April]

2006 Auditing Risk Assessment Standards

  • http://www.aicpa.org/download/members/div/auditstd/riasai/RAS_summary_for_website.pdf [Accessed on 10th April]

International Standards on Auditing

  • http://www.ifac.org/Members/DownLoads/IAASB-RD-ISAS-RedraftedISAs.pdf [Accessed 10th April]

Journals

Is your Internal Audit System Effective

  • http://ria.thomson.com/journals/intaart.pdf

Internal Audit Outsourcing

  • http://www.nysscpa.org/cpajournal/1996/1096/features/Outsourcing.htm

Text book

  • Paper 2.6 Audit and Internal Review (International)
  • Strawser and Strawser, Auditing Theory and Practice, Ninth Edition, Thomson Learning, 2001.
  • Konrath, Auditing: A Risk Analysis Approach,, Fifth Edition, South-Western, 2002.
Thanks Students
Get Your grade Guaranteed

Return to free essays index

Free Accounting Essays