Skip Navigation Links Home   »  About CGA-Canada  »  CGA Magazine  »  2003  »  May-Jun  »  Audit Risk

Audit Risk 

Select the archived issue you wish to view: 

 

Standards

Audit Risk

Revisions to the IAASB audit risk model require auditors to implement more stringent risk assessment procedures.

 

FROM: MAY-JUN 2003 ISSUE | BY STEPHEN SPECTOR

The impact of Enron's collapse continues to resonate in the accounting and auditing community as the International Auditing and Assurance Standards Board (IAASB) seeks feedback on a daring proposal to amend the audit risk model that has underpinned assurance engagements for the past 20 years. Released late last year, the exposure draft, entitled Audit Risk, was the result of a two-year joint project between the AICPA (American Institute of Certified Public Accountants) in the United States and the U.K.'s Auditing Standards Board. Fundamental to the revision of the audit risk model was the notion that the auditor must explicitly work to reduce audit risk to an acceptably low level.

The proposed standards will have the most effect on the auditor's assessment of the risks of material misstatement in the financial statements and the way the auditor provides an effective audit response to the identified risks. They will impact the auditor's work in a number of areas, as discussed below.

However, all the changes focus on a single goal: to enhance the auditor's implementation of the audit risk model and ultimately improve auditor performance. If adopted, the new standards will require the auditor to change the way an audit is done.

Risk Assessment

Currently, the auditor makes risk assessments as part of the audit process. Under the proposed revisions to the standards, the auditor will now be required to obtain a broader and deeper understanding of specified aspects of the entity and its environment, including its internal control. In particular, the auditor must obtain an understanding of business risks relevant to the financial statements. Business risks are those risks resulting from external factors, that is, significant conditions, events, circumstances or actions that could adversely affect the entity's ability to achieve its objectives and execute its strategies. At present, these risks are part of the overall process of determining inherent risk. Now the auditor must consider and document them in deriving audit risk.

This more stringent risk assessment will provide a better basis for identifying risks of material misstatement at the financial statement level and in classes of transactions, account balances and disclosures. The auditor will also be required to perform a more rigorous assessment in relating the identified risks to what can go wrong at the assertion level. By requiring the auditor to make risk assessments in all audits, the auditor can no longer default to a "high" risk assessment.

The auditor must link the nature, timing and extent of the procedures to the assessed risks when designing and performing further audit procedures. The members of the audit team will also have to discuss the susceptibility of the entity's financial statements to fraud or error, as contained in Handbooksection 5135 (see "Fraud and Error," CGA Magazine, November-December 2002). This will allow the audit team to share information and ideas so that the collective wisdom of the team can be brought to bear on the risk identification process. This changes the requirement from one that is expected to one that must be done.

Documenting Details

If accepted, the new proposal will also require auditors to document their risk assessments more specifically. The additional requirements include the following:

  • details of each aspect of the understanding of the entity and its environment (including internal control);
  • the procedures performed to obtain the understanding, including the sources of information;
  • the results of the risk assessments both at the financial statement and assertion levels;
  • the nature, timing and extent of the auditor's procedures; and
  • the linkage with the assessed risks, and the results of the audit procedures.

In addition to providing the more specific documentation, the auditor must now suggest solutions to the identified significant risks. Although there is no change to the current requirement to perform substantive procedures for material classes of transactions and account balances, the requirement has been extended to disclosures, given their increased significance under financial reporting frameworks.

Of course, the quality of any audit risk assessment is paramount. The sufficiency and appropriateness of audit evidence obtained is a matter of professional judgment. The auditor is expected to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the audit opinion. Audit evidence, which is cumulative in nature, includes evidence obtained from audit procedures performed during the course of the audit, and may include evidence obtained from other sources such as previous audits and a firm's quality control procedures for acceptance and retention of clients. Although, previously, the auditor's actions when sufficient appropriate evidence could not be obtained was also a matter of professional judgment, the proposed changes stipulate that, if the auditor is unable to obtain sufficient and appropriate audit evidence, the auditor must express a qualified opinion or even disclaim (or deny) an opinion.

Canadian Changes

When releasing the exposure draft, the IAASB noted that these changes were expected to improve audit quality with better risk assessments and improved design and performance of audit procedures to respond to the risks. In addition, the IAASB suggested that improved linkage of audit procedures and assessed risks would result in a greater concentration of effort on areas where there was a greater risk of misstatements in the financial statement, for instance where assets are easily embezzled. However, it also acknowledged that the changes would probably result in increased work for the audit team, particularly for new engagements or when the changes are first implemented on continuing engagements. Nonetheless, it argued that the benefits far outweigh the costs.

The CICA has already begun the process of amending the HandbookAssurance to converge Canadian and international assurance standards. Amendments to sections 5090and 5135 made last year were the first of many changes to come. The proposed international changes will ultimately work their way into Canadian assurance standards as well.

Following the release of the IAASB exposure draft, the Assurance Standards Board (ASB) released a discussion paper outlining substantive issues related to the proposed International Standards on Auditing (ISAs). The ASB's goal was to use comments received as a basis for preparing its response to the exposure draft. When the international standards are finalized, the ASB intends to issue a Canadian exposure draft that will identify unique Canadian circumstances requiring changes to the ISAs before they are adopted into the CICA Handbook — Assurance . These circumstances may include legal and regulatory requirements, the need for consistency with or support for existing Canadian assurance or accounting standards, or other amendments where there are stronger existing standards in Canada.

The IAASB is expected to finalize the changes in late 2003 or early 2004. Look for updates in a future column, or head to CGA-Canada's PDNetwork (www.cga-pd.net) for breaking developments.

[ TOP ]

Stephen Spector, MA, FCGA, owns Spector and Associates and teaches Financial and Managerial Accounting at Simon Fraser University. He also serves on CGA-BC’s board of governors. E-mail shspector@shaw.ca.

© 2008 CGA-Canada

Please Upgrade Your Browser

This site's design is only visible in a graphical browser that supports web standards, but its content is accessible to any browser or Internet device.