Improving Your Audit Process, Part 7: Combining Risk With Materialityby
Years ago, I was taught that the most efficient way to approach the majority of audits was to default to a high risk assessment for all account classifications, carry forward sketchy internal control documentation, and then substantively test the daylights out of account balances.
The above approach, in fact, was actually permitted under the auditing standards until 2007; “balance sheet auditors” is what we called ourselves.
Contemplating Risk Assessment
Here are a few assumptions about audits of smaller entities that arose decades ago:
- Smaller entities don’t, or can’t, hire qualified personnel.
- Accounting records are always a mess.
- There is no segregation of incompatible duties; therefore, there is no internal control system.
- Auditors will always have to propose numerous adjustments.
- Auditors always have to draft financial statements and footnotes.
To be honest, some auditors still approach most audits with these assumptions as the foundation for their audit strategies. I’ll admit that in the case of some smaller audits, the assumptions are valid and detailed tests of balances may comprise the most effective and efficient audit strategies. The facts are, however, there are significant opportunities to save time on even the smallest audits by performing thorough risk assessment for all relevant assertions in material account classifications.
Risk assessment procedures include all engagement activities, from the planning phase up to the development of the audit plan (detailed audit program). Here is an outline of common risk assessment procedures:
1. Making and documenting client acceptance or continuance decisions.
2. Reviewing prior-year working papers, considering findings and conclusions, adjusting journal entries, uncorrected audit differences, and assessing their impact on the current year’s risk assessment.
3. Scanning the current year’s general ledger activity and documenting parameters and findings.
4. Performing and documenting other preliminary analytical procedures (at least comparing the current year’s unadjusted account balances with prior-year adjusted balances).
5. Preparing flowcharts or memos documenting the client’s financial reporting and internal control systems, and performing systems walk-through procedures for major transactions cycles.
6. Calculating tolerable misstatement/performance materiality by financial statement classification based on assessed levels of risk of material misstatement.
7. Completing applicable practice aids and other documentation in accordance with a firm’s engagement performance quality control policies and procedures.
8. Preparing a linking working paper considering risk of misstatements due to error and fraud to determine the level of risk of material misstatement for relevant assertions in material financial statement classifications.
9. Designing a detailed audit plan (program) that links significant risks with appropriate procedures (risk assessment procedures, analytical procedures, and/or detailed tests of balances).
The following requirements are excerpted from AU-C Section 320, Materiality in Planning and Performing an Audit (the complete Section can be obtained from the AICPA and should be obtained and read for a thorough understanding of materiality concepts):
10. When establishing the overall audit strategy, the auditor should determine materiality for the financial statements as a whole. If, in the specific circumstances of the entity, one or more particular classes of transactions, account balances, or disclosures exist for which misstatements of lesser amounts than materiality for the financial statements as a whole could reasonably be expected to influence the economic decisions of users, then, taken on the basis of the financial statements, the auditor also should determine the materiality level or levels to be applied to those particular classes of transactions, account balances, or disclosures. (Ref: par. .A3–.A13)
11. The auditor should determine performance materiality for purposes of assessing the risks of material misstatement and determining the nature, timing, and extent of further audit procedures. (Ref: par. .A14)
Previously used terms, such as “planning materiality” and “tolerable misstatement,” have been modified by AU-C Section 320 to be “materiality” and “performance materiality,” respectively. Performance materiality applied to sampling applications is still called tolerable misstatement. While the Section indicates a distinction between performance materiality and tolerable misstatement, practically it will be rare when there is an identifiable difference.
The concepts of materiality included in AU-C Section 320 provide a framework for audit quality. They also provide opportunities for improving the audit process and saving time! Here are some of the time-savings opportunities:
- Tolerable misstatement by financial statement classification or relevant assertions will affect sample sizes determined statistically or nonstatistically. Using a higher level of tolerable misstatement when risk at the assertion level is low or moderate results in fewer individually significant items, smaller sample sizes, and less audit work to achieve the desired level of assurance.
- Using a factor of up to 100 percent of tolerable misstatement at the financial statement or assertion levels to determine the lower limit for individually significant items when risk is increasingly less than high at the financial statement or assertions levels allows auditors to eliminate work by auditing fewer individually significant items. Account balances on the trial balance, individual accounts receivable balances, or outstanding checks on bank reconciliations that are less than the respective lower limits are examples of details that can be excluded from testing.
- Potential adjustments less than the lower limit can be recorded on an Error Analysis Form (called Audit Difference Evaluation Form by some publishers) for quantitative and qualitative error analysis by the in-charge accountant and engagement leader. This also may limit the number of proposed adjustments to the trial balance.
- Immaterial paper-passed adjustments below a judgmental limit set by the engagement leader require no further consideration or documentation.
Taking the Risks
Here’s the rub: Most auditors want to increase audit efficiency and improve the audit process. Many auditors talk about doing so until faced with the reality of collecting lesser amounts of evidence on an engagement.
Opportunities for gathering lesser amounts of evidence are necessary when lower assessed levels of risk of material misstatements result in higher materiality levels and fewer individually significant items. Gathering lesser amounts of evidence and creating engagement efficiencies may appear as risk-taking to some auditors. Actually, it is simply doing what the professional standards require!