The goal of the inherent risk assessment is to identify and evaluate the risks of material misstatement at both the financial statement level and the assertion level.
This process helps auditors develop an appropriate testing strategy and allocate resources effectively.
Inherent risk is assessed for each significant account and disclosure using both quantitative and qualitative factors.
Even if an account is below materiality, it could still be significant if there is a high risk of misstatement (e.g., understatement of liabilities, omitted disclosures).
Auditors must document:
Discussions with engagement team members regarding risks.
Procedures performed to identify and assess risk.
Significant decisions made during discussions.
Specific risks identified and the audit team’s response.
Justification for any conclusions regarding fraud risks, including why revenue recognition is not a significant fraud risk, if applicable.
Auditors must presume that revenue recognition is a fraud risk unless they document justification otherwise.
Auditors must assess the risk of management override of controls, as this is a common method for committing fraud.
High-risk areas, such as journal entries, significant estimates, and unusual transactions, must be carefully reviewed.
The engagement team should brainstorm fraud risks and use unpredictable audit procedures (e.g., unannounced inventory counts).
Direct-effect noncompliance: Laws and regulations that directly impact financial statements (e.g., tax laws, SEC regulations). Auditors must design tests to detect material noncompliance.
Indirect-effect noncompliance: Laws that do not directly affect financial statements (e.g., environmental laws, labor laws). Auditors are not required to search for such violations unless there is evidence of noncompliance.
Investigations, fines, or penalties.
Unusual transactions (e.g., excessive commissions, payments to tax havens).
Failure to file tax returns or pay government fees.
By carefully assessing inherent risk, fraud risks, and noncompliance, auditors can develop a well-structured audit plan that effectively responds to potential misstatements.