Audit Risk Model and Assessment of Engagement Risk

 

Audit Risk Model and Assessment of Engagement Risk

A. Purpose of the Audit Risk Model and Relationship between Components

The audit risk model is a systematic approach used by auditors to assess the overall risk of material misstatement in financial statements. It helps auditors determine the appropriate level of assurance required and the extent of audit procedures necessary to reduce audit risk to an acceptable level.

The audit risk model consists of three components: inherent risk, control risk, and detection risk.

Inherent Risk: Inherent risk refers to the susceptibility of an assertion to material misstatement before considering any controls. It is influenced by factors such as the nature of the client’s business, industry conditions, complexity of transactions, and the competence and integrity of management. The higher the inherent risk, the greater the likelihood of material misstatement without considering controls.

Control Risk: Control risk represents the risk that a material misstatement will not be prevented or detected on a timely basis by the client’s internal controls. It is influenced by factors such as the effectiveness of the client’s internal control environment, the design and implementation of control activities, and the monitoring of controls. The higher the control risk, the greater the reliance an auditor places on substantive procedures.

Detection Risk: Detection risk refers to the risk that the auditor will not detect a material misstatement that exists in an assertion. It is influenced by the nature, timing, and extent of substantive procedures performed by the auditor. The lower the detection risk, the more assurance an auditor seeks to obtain through substantive procedures.

The relationship between these components can be described using the audit risk equation:

Audit Risk = Inherent Risk x Control Risk x Detection Risk

The auditor’s objective is to set the overall level of audit risk at an acceptably low level through a combination of assessing and addressing inherent risk, control risk, and detection risk.

B. Assessment of Engagement Risk (Auditor Business Risk)

Based on the information provided in “Appendix D: Client Business Risks,” the assessment of engagement risk for KMHS Manufacturing Company Inc. can be categorized as high. Several aspects contribute to this assessment:

Financial Difficulties: The company is experiencing financial difficulties due to reduced revenue caused by a global pandemic. This increases the risk of misstatements in financial statements as management may be under pressure to present a better financial position.

Banking Industry Outlook: While Las Vegas was chosen as a favorable location due to its positive gaming outlook according to the banking industry, it is essential to consider any potential changes in this outlook that could impact the company’s operations and financial performance.

Loan Agreements and Debt-to-Equity Ratio: KMHS has negotiated multiple bank loans and must maintain a debt-to-equity ratio no greater than 0.8%. The company’s ability to comply with these loan agreements and manage its debt levels may impact its financial stability and overall business risks.

Considering these aspects, it is reasonable to assess engagement risk as high for this audit engagement.

C. Risks Related to the Revenue Cycle

Inherent Risk Assessment for the Revenue Cycle: Based on “Appendix E: Inherent Risks—Revenue and Accounts Receivable,” the assessment of inherent risk for the revenue cycle can be considered high. Justifications for this assessment include:

Economic Conditions: The revenue cycle is influenced by economic conditions, and KMHS is facing financial difficulties due to reduced revenue caused by a global pandemic.
Creditworthiness of Customers: There may be increased creditworthiness risks associated with customers’ ability to pay their outstanding accounts receivable due to economic challenges.
Complex Revenue Recognition: The revenue recognition process for casino chips, dice, cards, and slot machines can be complex, increasing the potential for misstatements.

Control Risk Assessment for the Revenue Cycle: Based on “Appendix F: Control Risks and Internal Controls Walkthrough,” the assessment of control risk for the revenue cycle can be considered high. Justifications for this assessment include:

Limited Segregation of Duties: The small size of KMHS may result in limited segregation of duties within the revenue cycle, increasing the risk of errors or fraud going undetected.
Weaknesses in Internal Controls: The walkthrough indicates that there are weaknesses in internal controls, such as lack of independent checks on revenue transactions and inadequate reconciliation procedures.

Determination of Risk of Material Misstatement: Considering the high inherent risk and high control risk assessments for the revenue cycle, it is reasonable to conclude that the risk of material misstatement for this area is high. This implies that there is a higher likelihood of material misstatements existing in the financial statements related to revenue and accounts receivable.

Setting Desired Level of Audit Risk: Based on professional judgment, auditors typically set a desired level of audit risk between 1% and 5%. Given the high risk assessments in parts C1 and C2, a lower threshold for audit risk at 1% would be more appropriate. This means that auditors aim to provide a higher level of assurance in detecting material misstatements.

Assessment of Detection Risk: Considering that audit risk is composed of inherent risk, control risk, and detection risk, and given the lower desired level of audit risk set at 1%, detection risk should be considered low. This means that auditors should plan and perform substantive procedures with a higher level of scrutiny and precision to reduce detection risk.

D. Approach to Obtaining Audit Evidence for Assertions

Existence/Occurrence:

Tests of Details: The auditor can select a sample of sales transactions and verify them against supporting documents such as sales invoices, shipping documents, and customer orders.
Analytical Procedures: The auditor can compare current year sales with prior year sales, industry benchmarks, and budgeted figures to identify any significant fluctuations or anomalies.
Tests of Controls: The auditor can assess whether management has implemented effective controls over sales order processing and review documentary evidence supporting sales transactions.

Completeness:

Tests of Details: The auditor can select a sample of shipping documents or sales invoices and trace them to recorded sales transactions in the accounting system.
Analytical Procedures: The auditor can compare recorded sales with supporting documentation such as shipping documents or customer orders to ensure all sales have been accounted for.
Tests of Controls: The auditor can evaluate whether management has implemented controls to ensure all sales transactions are recorded accurately and completely.

Valuation:

Tests of Details: The auditor can review pricing policies, compare selling prices with cost data, and examine discounts or allowances granted to customers.
Analytical Procedures: The auditor can perform gross margin analysis by comparing gross profit ratios with prior years or industry averages.
Tests of Controls: The auditor can evaluate whether management has implemented controls over pricing decisions, discounts, or allowances granted to customers.

E. Sources Acknowledged

Sources used in this essay:

Appendix A: Products, Sales, and Revenue
Appendix B: Customers, Warranties, Economic Conditions, and Accounts Receivable
Appendix C: Financial Statements
Appendix D: Client Business Risks
Appendix E: Inherent Risks—Revenue and Accounts Receivable
Appendix F: Control Risks and Internal Controls Walkthrough

Please note that specific references or citations were not made within this essay as all information provided is based on hypothetical scenarios presented in the scenario description and accompanying appendices.