Step 5 Evaluate Audit Evidence v Discrepancies in

Step 5: Evaluate Audit Evidence v Discrepancies in the accounting records. v Conflicting or missing evidential matter. v Problematic or unusual relationships between the auditor and management. v Results from substantive of final review stage analytical procedures. v Vague, implausible or inconsistent responses to inquiries. Auditors should learn to mark the evidence, writing an identification of the location, condition, date, time, and circumstances as soon as it appears to be a signal of fraud. The marking should be on a separate tag or page; the original document should be put in a protective plastic envelope for preservation and locked away for protection, and audit work should proceed with copies of documents rather than originals. Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

Step 6: Communicate Fraud Matters v. Minor frauds involving misappropriation of assets by lower level employees should be reported to management at least one level above those involved. v. Frauds involving senior managers are never inconsequential and should be reported along with any frauds that result in material misstatement directly to the audit committee. Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

Step 7: Document v Discussion of engagement personnel. v Procedures to identify and assess risk. v Specific risks identified and auditor response. v If revenue recognition not a risk—explain why. v Results of procedures regarding management override. v Other conditions causing auditors to believe additional procedures are required. v Communication to management, audit committee, etc. Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

III. The Audit Risk Model A. Audit Risk B. The Components of Audit Risk C. Risk Relationships D. Inherent Risk E. Other Factors Affecting Overall Inherent Risk F. Control Risk G. Detection Risk H. Detection Risk and the Nature, Timing, and Extent of Audit Procedures Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

A. AUDIT RISK Audit Risk v Audit risk (AR) is the risk (likelihood) that the auditor may unknowingly fail to modify the opinion on financial statements that are materially misstated (e. g. , an unqualified opinion on misstated financial statements. ) v The AUDIT RISK MODEL decomposes overall audit risk into three components: inherent risk (IR), control risk (CR), and detection risk (DR): AR = IR x CR x DR Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

B. The Components of Audit Risk Internal Controls Events, Transactions INHERENT RISK The likelihood that, in the absence of internal controls, an error or fraud will enter the accounting information system Mc. Graw-Hill/Irwin Accounting Information System CONTROL RISK The likelihood that an error or fraud will not get caught by the client’s internal controls. Substantive Procedures DETECTION RISK The likelihood that an error or fraud will not be caught by the auditor’s procedures. Financial Statements AUDIT RISK The likelihood that an error or fraud will occur, and not get caught by either the internal controls or auditor’s procedures. © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

C. Risk Relationships v The auditor cannot affect inherent risk or control risk. The auditor can only ASSESS them. v The auditor can only affect detection risk— generally by examining more evidence. v Detection risk is inversely related to control risk and inherent risk. v Detection risk is inversely related to competence and reliability of evidence. Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

D. Inherent Risk v Inherent Risk (IR) is the likelihood that, in the absence of internal controls, a material misstatement could occur. In other words, it is a measure of the susceptibility of an account to misstatement. v Factors affecting account inherent risk include: ØDollar size of the account ØLiquidity ØVolume of transactions ØComplexity of the transactions ØNew accounting pronouncements ØSubjective estimates Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

E. Other Factors Affecting Overall Inherent Risk v. Competition v. Economy v. Nature of Industry v. Management Style v. Leverage Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

F. Control Risk v Control Risk (CR) is the likelihood that a material misstatement would not be caught by the client’s internal controls. v Factors affecting control risk include: ØThe environment in which the company operates (its “control environment”). ØThe existence (or lack thereof) and effectiveness of control procedures. ØMonitoring activities (audit committee, internal audit function, etc. ). Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

G. Detection Risk v. Detection risk (DR) is the risk that a material misstatement would not be caught by audit procedures. v. Factors affecting detection risk include: ØSampling risk Risk of choosing an unrepresentative sample. ØNonsampling risk Risk that the auditor may reach inappropriate conclusions based upon available evidence. Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

H. Detection Risk and the Nature, Timing, and Extent of Audit Procedures Nature Timing Extent Lower Detection Risk Higher Detection Risk More effective tests. Less effective tests. Testing can be performed at year performed at Interim. -end. More tests. Mc. Graw-Hill/Irwin Fewer tests. © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

IV. Audit Programs and Procedures A. Audit Programs B. General Audit Procedures C. Vouching/Tracing D. Materiality Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

A. Audit Programs v List of audit procedures to be performed. v Each audit program is based, in part, on the output of Audit Risk Model. v Generally one for each major cycle or account v Signed off as procedures are performed. Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

B. General Audit Procedures v Inspection of records and documents ØVouching ØTracing ØScanning v Physical examination of tangible assets v Observation v Inquiry v Confirmation v Recalculation v Reperformance v Analytical Procedures Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

C. Vouching/Tracing Q: Did all recorded sales actually occur? Summary Listing [Sales Journal] Tracing Vouching (Completeness) (Existence or Occurrence) Source Documents [Shipping documents] Mc. Graw-Hill/Irwin Q: Were all sales recorded? © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

D. Materiality v. Materiality refers to an amount (or transaction) that would influence the decisions of users (i. e. , an amount (or event) that would make a difference). • Materiality Criteria: Quantitative Criteria: – Absolute size – Relative size – Cumulative effects Qualitative Criteria – Debt covenant – Loss to profit v. Ultimately, materiality is a matter of professional judgment. Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.

Fraud can be hidden from sight. Auditors should be extremely cautious in deciding whether fraud is “clearly inconsequential. ” Mc. Graw-Hill/Irwin © 2007 by the Mc. Graw-Hill Companies, Inc. All rights reserved.