The risk of material misstatement is a function of inherent risk and control risk. In effect, the risk of material misstatement is the susceptibility of the financial statements, accounts, and assertions to material misstatement, and the risk that the client’s current internal controls would be ineffective in proactively identifying and correcting the misstatements.
Therefore, the risk of material misstatement exists at the financial statement level and assertion level for all transaction classes, account balances, presentation, and disclosure.
The risk of material misstatement is a function of the following parameters — inherent risk and control risk.
Risk can be materially misstated on a financial statement level and an assertion level.
An auditor completes risk assessment procedures to improve their understanding of the business and its internal controls, assist in identifying the risk of material misstatement, and because it helps develop an audit strategy and audit plan.
Risk of Material Misstatement at a Financial Statement Level
The risk of material misstatement on a financial statement level is the risk that certain risks could affect financial statements as a whole and potentially have a major impact on several assertions.
It is vital to consider the risk of material misstatement at a financial statement level because of its potential to seriously hinder the auditor’s ability to disclose an unqualified audit opinion.
Factors that can increase the risk of material misstatement on a financial statement level include:
Poor oversight by the board of directors
Inadequate accounting systems and records
Declining economic conditions
Operation in rapidly changing industry
Risk of Material Misstatement at an Assertion Level
Generally Accepted Auditing Standards (GAAS) require the auditor to assess the risk of material misstatement at the assertion level for all transaction classes, account balances, presentation, and attached disclosures.
The auditor must develop audit objectives for each individual assertion and perform audit procedures to accumulate the required audit evidence to achieve the audit objective.
The risk of material misstatement on an assertion level is composed of an assessment of inherent risk and control risk – inherent risk being the auditor’s statement regarding the client’s susceptibility of an assertion to being materially misstated. This is before the consideration of the client’s internal controls.
For example, the inherent risk could be potentially higher for the valuation assertion of accounts that require in-depth technical calculation or rely on an accountant’s best estimate.
Control risk is the auditor’s assessment of the risk that material misstatement could be the product of an assertion, and not be properly identified and corrected by the client’s internal controls.
For example, control risk would be higher for the valuation assertion of their accounts receivables if the client fails to conduct an independent review and official verification of the calculations and estimates made by the client’s accounting staff.
Risk Assessment Procedures
An auditor attempts to better understand the client and its business environment, including the client’s internal controls. The auditor will perform risk assessment procedures to observe and assess the risk of material misstating the financial statements due to either fraud or error.
Risk assessment procedures include the following:
Inquiries of managers and relevant stakeholders
Observation and investigation
Discussing engagement with the team
Other risk assessment procedures
The risk assessment procedures are designed to enable the auditor to obtain a thorough understanding of the client’s business and its environment — specifically, the internal controls, for the purposes of understanding the risk of material misstatement in the audit planning process.
The procedures do not provide persuasive audit evidence to form an audit opinion on the financial statements.
Types of Risks
In risk assessment, auditors consider the following risks:
1. Fraud risk
The risk of the client intentionally misrepresenting financial information, often through complex and sophisticated schemes orchestrated to conceal the financial crime.
2. Economic, accounting, or other developmental risks
The inherent risk of the auditor’s statement regarding a misstatement at an assertion level, due to economic, accounting risk, or other developmental risks.
3. Complex transactions
Transactions can be complex if they are new transactions to the client, involve interpretation of complex accounting standards, or involve a complex business arrangement with a customer.
4. Significant transactions with related parties
Transactions with related parties are a significant risk, as the client can materially misstate the financial statements through representationally unfaithful or fraudulent transactional accounting between the parties.
5. Degree of subjectivity in measurement
Matters that require significant judgment because of the requirement to develop accounting estimates where significant measurement uncertainty exists.
6. Non-routine transactions
A transaction that is unusual, due to size or nature, and infrequent in occurrence.