Audit risk and initiatives of improvement.

Rotaru, Horatiu

1. INTRODUCTION

The audit risk, as defined by SAS 107 "Audit Risk and Materiality in Conducting an Audit", represents the positive opinion of an auditor of financial statements that are materially misstated, opinion that unknowingly failed to be appropriately modified.

As the title of this work suggests, there is a correlation between audit risk, materiality (that must be considered together) and the result of an audit that will influence the users of the financial statements, the audit opinion.

2. USERS OF FINANCIAL STATEMENTS

In order to establish the audit risk and assess materiality the auditor must take in concern the recommendation of the audit standards (SAS no. 107, 2007), witch refers to user needs. SAS no. 107 specifies that the user must have knowledge of business activities, of limitations of an audit because of estimation and materiality and to be willing to study the financial statements that represent interest to him/her. The auditor shouldn't consider just the needs of specific individuals, according to SAS 107, but the needs of users as a group.

One problem that arises speaking of users, in the audit field, is the possible confusion between audit risk, economic risk and audit failure. If the characteristics of the users specified by SAS no. 107 are accomplished by one user, these should understand that an auditor should be considered guilty only in the case of audit failure, this meaning that the audit report contains an opinion where significant misstatements were not detected and "the judgement of a reasonable person relying on the information would have changed or influenced by the omission or misstatement" (ICAEW, Accounting Recommendation 2.301, 1967). The economic risk shouldn't make an auditor responsible, from the perspective of user that has an "appropriate knowledge of business and economic activities and accounting" as the standards suggest.

3. AUDIT RISK AT THE ACCOUNT BALANCE

The audit risk (AR) consists of inherent (IR) and control risk (CR) and detection risk (DR) (Graham & Messier, 2006).

The inherent risk (IR) represents a misstatement that could be material, individually or aggregated, when there are no related controls. An example is that cash is more likely to be stolen than a building. Another example is represented by the technological developments that make a product more susceptible to overstatement (William & Lizabeth 2005).

The control risk (CR) represents a misstatement that could be material, individually or aggregated, and not be prevented or detected by the entity's internal control.

These risks exist independently of the audit of the financial statements. Inherent risk and control risk may be assessed separately, but if combined they describe the risk of material misstatement (RMM). It is recommended that the auditor assesses RMM throughout tests of controls to prove how effective the internal control is and to obtain audit evidence, although it represents a professional judgement rather that a precise measurement.

The detection risk (DR) represents the misstatement that could be material, individually or aggregate that the auditor will not detect. This is possible because the auditor uses sampling and does not verify 100 percent of a class of transactions, for example. Other factors are the selection of an inappropriate audit procedure or misapplying an appropriate audit procedure. In order to reduce the level of detection risk the author suggests proper assignment of personnel, the use of professional skepticism, supervision of audit stages performed.

The detection risk consists of substantive analytical procedures (AP) and tests of details (TD).

The components of audit risk can be assessed in nonquantative terms (low, medium, high) but the author suggests the use of quantative terms, percentages. In addition to this SAS no. 107 presents an audit model that shows the relation between audit risk components, that isn't meant to be applied as a mathematic formula, but a lot of professionals use it as a mathematic formula. The audit risk model is:

AR = RMM x DR Or AR = IR x CR x TD x AP (1)

The audit risk model can be also represented as:

DR = AR/(IR X CR) (2)

This is how a risk model can be used for detection risk of an account (Rotaru 2008):

1. The asses of detection risk at 5 percents, due to auditor's professional judgement, possible because the audit risk is assessed also at 5 percents;

2. The assessment of inherent risk at 60 percents, due to the auditor's professional judgement; this account is semnificative, the calculation is complex, a significant number of transactions are recorded in this account yearly;

3. The assessment of control risk at 30 percentage because the control structure proved effective in prior years and few misstatements were detected with tests of control.

The detection risk is assessed at:

0.05%/(0.6% x 0.3%) = 0.28% (3)

4. THE ASSESMENT OF MATERIALITY

The assessment of materiality represents the professional judgement of the auditor and often represents a percentage applied to a benchmark; when choosing a benchmark he/she should have in mind one of the following elements:

* Assets, liabilities, equity, income, expenses or financial position, performance and cash flows;

* The nature of the entity;

* The size of the entity, nature of ownership and he sources of financing (gross profit, profit before tax).

The auditor takes in concern, for example, the profit before tax for a profit oriented entity, but this wouldn't be a suitable benchmark for a non-for-profit entity; for an asset based entity the benchmark should be the assets (Graham, L.; Messier, W.).

In the professional literature, Big 4 and non-Big four manual, an example of materiality threshold is represented, in the opinion of multiple authors, by:

The auditor should take in concern not only quantative considerations (Fogarty et al., 2006), but also qualitative materiality considerations, qualitive factors that the auditor may consider relevant include:

a) Potential effect on trends, especially profitably trends;

b) A misstatement that changes a loss into an income, and vice-versa;

c) A misstatement that has as effect the increasing management's compensation (for example the award of bonuses)

d) The circumstances of surrounding effects for misstatements involving fraud, illegal acts, conflicts of interest;

e) The significance of misstatements to reasonable users, for example earnings to investors and equity amounts to creditors;

f) The existence of offsetting effects of individual different misstatements;

g) The possibility that an immaterial misstatement could gain an material effect in the future periods;

h) The cost of making the correction, it may not be beneficial to correct the immaterial misstatements;

i) The risk that possible undetected misstatements would affect the auditor's evaluation.

5. INITIATIVES THAT IMPROVE AUDIT QUALITY

Initiatives proposed by the author considered to be able to help firms improve audit quality, effectiveness and efficiency as they enter the stage of the risk assessment are:

1. Assure that all members of the audit team understand the procedures assigned to them, this is important because of certain audit procedures used;

2. Encourage active participation of partners and managers who have a complete understanding of the risk assessment process, thus there will result a more effective, efficient and higher application of the standards and risk assessment.

3. Tailor the risk assessment process by customizing internal control tools and templates for certain industries, the industry tailoring being a good implementation examples of risk assessment from prior audits;

Tailoring tools and templates:

* Customized audit work area programs

* Planning documents, memos and risk assessment summary forms;

* Internal control templates with control objectives, examples and scenarios, the following should be included:

** Information technology control assessment;

** Entity's level of control assessment;

** Level of control assessment of the activity

4. Collaboration with experienced risk-assessment based auditors in audit engagements, in this way the audit team can be trained as the audit process of an engagement develops, communicating audit results, both positive and negative across the audit firm as the audit process develops;

5. Encourage industry team meetings in order to share ideas, questions and best practices and the result of these meetings to be further communicated to the audit team;

6. Collaboration with internal control an information technology experts in order to develop templates, tools and training which help the implementation of information technology in risk assessment;

7. Enable a internal control evaluation process in such a manner that identifies the controls that prevent and detect material misstatement, this way the audit team should be focused on the true risks of material misstatement;

8. Ensure that the risk assessment standards have been successfully implemented in the audit team in order to provide a more effective risk assessment result; one significant factor is the personnel of the audit firm and also the creativity of the implementation process.

6. CONCLUSION

Audit failure has cost large amounts of money and for many of them meant bankruptcy because of negative advertising. An auditor or audit team should thing twice when assessing the audit risk that it is very important for risk standards (104-111) to be implemented by an audit firm and should take in concern the opinion presented in this article that has as a result the improvement of audit quality, effectiveness and efficiency.

The author considers that the subject treated brings new insights to audit risk mainly by the methods proposed to be used by the auditor and will still be of interest to the public in the future when new ways of improvement are implemented in the field of audit risk.

7. REFERENCES

Fogarty, J.; Graham, L. & Schubert, D. (Jul 2006). Assessing and Responding to Risks in a Financial Statement Audit, Journal of Accountancy, Vol. 202, Iss. 1, p.43, New York;

Graham, L. & Messier, W. (May 2006) Audit Risk and Materiality in Conducting an Audit, Journal of Accountancy, Vol. 201, Iss. 5, p. 116-119, New York;

Rotaru, H. (May 2008) Audit risk model--actual status and possibilities of improvement, The International Economic Conference, University Publishing House, ISBN 978-973739-594-8, Sibiu;

William M. Jr & Lizabeth A. (Fall 2005) Inherent risk and control risk assessments, Auditing, Vol. 19, Iss. 2, US;

SAS no. 107 "Audit Risk and Materiality in Conducting an Audit"

Table 1. Opinion reflected in the professional literature

0.2% to 10% of turnover Plumhoff [1952]; Anderson [1977];
 Towers [1986]; Woolf [1994],
 Turley and Cooper [1991]

0.5% to 5% of gross profit Carmichael [1969]

0.5% to 36% of net profits Bernstein [1967,1970]; Copeland
 and Frederick [1968]; Neumann
 [1968]; Thomas [1978]; Turley and
 Cooper [1991]

0.1% to 5% of total assets Woolf[1994]; Turley and Cooper
 [1991]

10% to 20% of related total Plumhoff [1952]; Mitchell [1972];
 Towers [1986]

0.5% to 5% of gross profit Carmichael [1969]

0.1% to 10% of total assets Mitchell [1972]; Woolf[1994];
 Turley and Cooper [1991]

10% of total liabilities Mitchell [1972]

10% of equity Mitchell [1972]

0.2% to 10% of turnover Woolf [1994]; Turley and Cooper
 [1991]

3.3% to 36% of net profit Turley and Cooper [1991]; Chong
 [1992, 1993]