The planning phases of an audit are: accept client and perform initial planning, understand the client’s business and industry, assess client business risk, perform preliminary analytical procedures, set materiality and assess acceptable audit risk and inherent risk, understand internal control and assess control risk, gather information to assess fraud risk, and develop overall audit plan and audit program. Evaluation of materiality is part of phase five. Risk assessment is part of phase three (client business risk), phase five (acceptable audit risk and inherent risk), phase six (control risk), and phase seven (fraud risk).
"Obtain reasonable assurance," as used in the audit report, means that the auditor does not guarantee or insure the fair presentation of the financial statements. There is some risk that the financial statements contain a material misstatement.
Materiality is defined as: the magnitude of an omission or misstatement of accounting information that, in light of the surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement. Materiality is important because if financial statements are materially misstated, users' decisions may be affected, and thereby cause financial loss to them. It is difficult to apply because there are often many different users of the financial statements. The auditor must therefore make an assessment of the likely users and the decisions they will make. Materiality is also difficult to apply because it is a relative concept. The professional auditing standards offer little specific guidance regarding the application of materiality. The auditor must, therefore, exercise considerable professional judgment in the application of materiality.
A preliminary judgment about materiality is set for the financial statements as a whole. Tolerable misstatement is the maximum amount of misstatement that would be considered material for an individual account balance. The amount of tolerable misstatement for any given account is dependent upon the preliminary judgment about materiality. Ordinarily, tolerable misstatement for any given account would have to be lower than the preliminary judgment about materiality. In many cases, it will be considerably lower because of the possibility of misstatements in different accounts that, in total, cannot exceed the preliminary judgment about materiality.
The preliminary judgment about materiality is the maximum amount by which the auditor believes the financial statements could be misstated and still not affect the decisions of reasonable users. Several factors affect the preliminary judgment about materiality and are as follows:
1. Materiality is a relative rather than an absolute concept.
2. Bases are needed for evaluating materiality.
3. Qualitative factors affect materiality decisions.
4. Expected distribution of the financial statements will affect the preliminary judgment of materiality. If the financial statements are widely distributed to users, the preliminary judgment of materiality will probably be set lower than if the financial statements are not expected to be widely distributed.
5. The level of acceptable audit risk will also affect the preliminary judgment of materiality.
Because materiality is relative rather than absolute, it is necessary to have bases for establishing whether misstatements are material. For example, in the audit of a manufacturing company, the auditor might use as bases: net income before taxes, total assets, current assets, and working capital. For a governmental unit, such as a school district, there is no net income before taxes, and therefore that would be an unavailable base. Instead, the primary bases would likely be fund balances, total assets, and perhaps total revenue.
If an audit is being performed on a medium-sized company that is part of a conglomerate, the auditor must make a materiality judgment based upon the conglomerate. Materiality may be larger for a company that is part of a conglomerate because even though the financial statements of the medium-sized company may be misstated, the financial statements of the large conglomerate might still be fairly stated. If, however, the auditor is giving a separate opinion on the medium-sized company, the materiality would be lower than for the audit of a conglomerate.
The following qualitative factors are likely to be considered in evaluating materiality:
a. Amounts involving fraud are usually considered more important than unintentional errors of equal dollar amounts.
b. Misstatements that are otherwise minor may be material if there are possible consequences arising from contractual obligations.
c. Misstatements that are otherwise immaterial may be material if they affect a trend in earnings.
Estimate of misstatement
An estimate of the total misstatement in a segment is the estimate of the total misstatements based upon the sample results. If only a sample of the population is selected and audited, the auditor must project the total sample misstatements to a total estimate. This is done audit area by audit area. The misstatements in each audit area must be totaled to make an estimate of the total misstatements in the overall financial statements. It is important to make these estimates so the auditor can evaluate whether the financial statements, taken as a whole, may be materially misstated. The estimate for each segment is compared to tolerable misstatement for that segment and the estimate of the overall misstatement on the financial statements is compared to the preliminary judgment about materiality.
The audit risk model is as follows:
IR x CR
Where PDR = Planned detection risk
IR = Inherent risk
CR = Control risk
Planned detection risk A measure of the risk that audit evidence for a segment will fail to detect misstatements exceeding a tolerable amount, should such misstatements exist.
Acceptable audit risk A measure of how willing the auditor is to accept that the financial statements may be materially misstated after the audit is completed and an unqualified opinion has been issued.
Inherent risk A measure of the auditor's assessment of the likelihood that there are material misstatements in a segment before considering the effectiveness of internal control.
Control risk A measure of the auditor's assessment of the likelihood that misstatements exceeding a tolerable amount in a segment will not be prevented or detected by the client's internal controls.
SAS 107 (AU 312) notes that the combination of inherent risk and control risk reflect the risk of material misstatement.
Elaboration on Elements of Risk
Elaboration on Elements of Risk
Planned detection risk is a measure of the risk that the audit evidence for a segment will fail to detect misstatements exceeding a tolerable amount, should such misstatements exist. When planned detection risk is increased from medium to high, the amount of evidence the auditor must accumulate is reduced.
An increase in planned detection risk may be caused by an increase in acceptable audit risk or a decrease in either control risk or inherent risk. A decrease in planned detection risk is caused by the opposite: a decrease in acceptable audit risk or an increase in control risk or inherent risk.
Inherent risk is a measure of the auditor's assessment of the likelihood that there are material misstatements in a segment before considering the effectiveness of internal control.
Factors affecting assessment of inherent risk include:
< Nature of the client's business
< Results of previous audits
< Initial vs. repeat engagement
< Related parties
< Nonroutine transactions
< Judgment required to correctly record transactions and
< Makeup of the population
< Factors related to fraudulent financial reporting
< Factors related to misappropriation of assets
Inherent risk is set for segments rather than for the overall audit because misstatements occur in segments. By identifying expectations of misstatements in segments, the auditor is thereby able to modify audit evidence by searching for misstatements in those segments. When inherent risk is increased from medium to high, the auditor should increase the audit evidence accumulated to determine whether the expected misstatement actually occurs.
Extensive misstatements in the prior year's audit would cause inherent risk to be set at a high level (maybe even 100%). An increase in inherent risk would lead to a decrease in planned detection risk, which would require that the auditor increase the level of planned audit evidence.
When the auditor is in a situation where he or she believes that there is a high exposure to legal liability, the acceptable audit risk would be set lower than when there is little exposure to liability. Even when the auditor believes that there is little exposure to legal liability, there is still a minimum acceptable audit risk that should be met.
Factors determining acceptable audit risk
The first category of factors that determine acceptable audit risk is the degree to which users rely on the financial statements. The following factors are indicators of this:
< Client's size
< Distribution of ownership
< Nature and amount of liabilities
The second category of factors is the likelihood that a client will have financial difficulties after the audit report is issued. Factors affecting this are:
< Liquidity position
< Profits (losses) in previous years
< Method of financing growth
< Nature of the client's operations
< Competence of management
The third category of factors is the auditor's evaluation of management's integrity. Factors that may affect this are:
< Relationship with current or previous auditors
< Frequency of turnover of key financial or internal audit personnel
< Relationship with employees and labor unions
Exact quantification of all components of the audit risk model is not required to use the model in a meaningful way. An understanding of the relationships among model components and the effect that changes in the components have on the amount of evidence needed will allow practitioners to use the audit risk model in a meaningful way. The auditor should revise the components of the audit risk model when the evidence accumulated during the audit indicates that the auditor's original assessments of inherent risk or control risk are too low or too high or the original assessment of acceptable audit risk is too low or too high. The auditor should exercise care in determining the additional amount of evidence that will be required. This should be done without the use of the audit risk model. If the audit risk model is used to determine a revised planned detection risk, there is a danger of not increasing the evidence sufficiently.