ACCA F8 考试:ANSWERING AUDIT RISK QUESTIONS (Part 1)
Candidates studying Paper F8, Audit and Assurance, are required under the syllabus to: ‘Explain the components of audit risk and explain the risks of material misstatement in the financial statements’.
This element of the syllabus has been examined in the last three sessions of Paper F8 – in June 2010, December 2010 and June 2011. However, the performance of candidates has on the whole been unsatisfactory. This article aims to identify the most common mistakes made by candidates as well as clarifying how audit risk questions should be tackled in order to maximise marks.
An example question requirement relating to audit risks is as follows:
Describe the audit risks and explain the auditor’s response to each risk in planning the audit of XYZ Co.
Previously examined risk questions have carried a mark allocation of 10 marks. However, a significant majority of candidates have not passed this part of the question. Common mistakes made include:
? providing definitions of the audit risk model, even though this was not part of the question requirement
? a lack of understanding of what audit risk is and providing business risks instead
? not providing an adequate response to the risk. This needs to be from the perspective of the auditor and not from management’s perspective
? a limited range of risks identified, often just focusing on one area such as going concern.
AUDIT RISK DEFINITIONS
Audit risk is defined as ‘the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk’. Hence, audit risk is made up of two components – risks of material misstatement and detection risk.
Risk of material misstatement is defined as ‘the risk that the financial statements are materially misstated prior to audit. This consists of two components... inherent risk ... control risk.’
Inherent risk is ‘the susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.’
Control risk is ‘the risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control.’
Detection risk is defined as ‘the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.’
Audit risk questions require candidates to identify risks of material misstatements, which include inherent and control risks as well as detection risks.
AUDIT RISK MODEL
In all three sessions a number of candidates have wasted valuable time by describing the audit risk model along with definitions of audit risk, inherent risk, control and detection risk. Unless the question requirement specifically asks for the ‘components of audit risk’ or ‘a description of the audit risk model’, candidates should not provide definitions of audit risk, inherent risk, control risk or detection risk as no marks are available.
AUDIT RISK VERSUS BUSINESS RISK
The main area where candidates continue to lose marks is that they do not actually understand what audit risk relates to. Hence, they frequently provide answers that consider the risks the business would face or ‘business risks’, which are outside the scope of the syllabus. There are no marks available for business risks.
Business risks are defined as ‘a risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies’.
Risks must be related to the risk arising in the audit of the financial statements and should include the financial statement assertion impacted. Therefore, audit risks should be related back to relevant assertions.
ISA 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment identifies the following assertions:
? Assertions about classes of transactions and events for the period under audit – occurrence completeness, accuracy, cut off and classification.
? Assertions about account balances at the period end – existence, rights and obligations completeness, and valuation and allocation.
? Assertions about presentation and disclosure – occurrence and rights and obligations, completeness, classification and understandability, and accuracy and valuation.