Chapter 4 Risks and Materiality

LEARNING OBJECTIVES

1. Understand the concept of materiality to the audit process.

2. Explain the components of audit risk.
3. Describe the relationship of materiality and audit risk.

R is k s
and
M a t e r ia lit y

M a te r ia lity A u d it R is k s B u s in e s s
R is k

D e f in itio n Types W hy F a c to rs In h e re n t C o n tro l D e t e c t io n

Im p o rta n t? A ffe c t R is k R is k R is k
A u d i t o r 's
Ju d gem en t

B y S iz e B y N a tu re
D e f in it io n F a c to rs
A ffe c t
t h e R is k s

N4-1
1. Materiality (重要性原則)
(Pilot, Jun 11, Dec 12)

1.1 Definition

The Framework for the Preparation and Presentation of Financial Statements

specifies that information is material if its omission or misstatement could
influence the economic decisions of users taken on the basis of the financial
statements. (HKSA 320 Audit Materiality)

1.2 What really is materiality?

(a) Material by size – a big amount of money.
(b) Material by nature
(i) indicates future developments or other significant events;
(ii) whose disclosure is compulsory.
1.3 Examples of items which are material by nature include:
(a) The transaction which means the client makes a loss rather than a profit.
(b) A noteworthy threshold (開始) - $1 billion profit.
(c) Transactions with directors, e.g. salary and benefits, personal use of assets,
etc.
(d) An accounting treatment which might be glossed over because the amount
is small, but which, once the numbers get bigger, could be very serious
indeed – during the Enron scandal, a technique which led to the omission of
$21 billion of debt from the balance sheet, began with a desire to preserve
the value of an immaterial investment.
1.4 Why is materiality important?
(a) If financial statements contain a material misstatement they cannot show a
true and fair view.
(b) Auditors therefore must design their audit procedures to reduce the risk of
material misstatement to an acceptable level.
(c) This means that auditors must decide on what they mean by material before
they design their procedures.
1.5 Factors affecting auditors’ judgement on materiality:
(a) Materiality is a relative rather than absolute term.
(b) Bases for measuring materiality may include pre-tax profit, total assets,
total equity, total revenue, etc.
(c) Potential fraud and illegal act, for example, breach of contractual
obligation.
(d) Misleading to users of financial information, for example, change of

N4-2
 earning trend, mistakes in forecasted revenue and earnings, etc.

Question 1
(a) What is ‘materiality’ in the context of the financial statements as a whole?
(2 marks)
(b) List three factors affecting auditor’s judgement on materiality. (3 marks)

Question 2
Many investors believe that audits should provide absolute assurance that there are no
material misstatements or fraud in the financial statements.

An extract from the audit report of XYZ Limited is given below:

“We conducted our audit in accordance with Hong Kong Standards on Auditing issued by
the Hong Kong Institute of Certified Public Accountants. Those standards require that we
comply with ethical requirements and plan and perform the audit to obtain reasonable
assurance as to whether the accounts are free from material misstatement.”

Required:

(a) Explain the concept of reasonable assurance. Explain why an auditor cannot obtain
absolute assurance. (6 marks)
(b) The concept of materiality is fundamental to the work of auditors.
(i) Explain the concept of materiality in the context of auditing. (4 marks)
(ii) The auditors of XYZ Limited found that the amount of inventory of XYZ
Limited is overstated by $400,000. In addition, some of the goods with a cost
of $1,000,000 were sold to a shareholder for $2,000, this transaction is not
disclosed in the financial statements. The total assets of the company and the
income before tax of the company are $100,000,000 and $1,000,000
respectively. The audit trainee believes that no adjustment to the financial
statement is necessary as the misstatement of the inventory only accounted
for 0.4% of the total assets and the invoice amount of the related party
transaction is immaterial too. Comment. (8 marks)
(iii) The auditor may, in planning the audit work, intentionally set an acceptable
materiality level at a lower level than is intended to be used to evaluate the
results of the audit. What is the rationale for this? (2 marks)
(HKIAAT PBE Paper III Auditing and Information System Pilot Paper Q2)

N4-3
2. Audit Risks (審計風險)
(Jun 15)

2.1 Definition

Audit risk (Assurance engagement risk) is defined as the risk of that the auditor
expresses an inappropriate audit opinion when the financial statements are
materially misstated. (Typically, stating that the financial statements are true and
fair, when in fact they are not.)
(是指會計報表存在重大錯誤或漏報,而審計人員審計後發表不恰當審計意見的
可能性。)

2.2 Audit risk has three components: inherent risk, control risk and detection risk.

Audit risk (AR) = Inherent risk (IR) × Control risk (CR) × Detection risk (DR)

2.3 Inherent risk

(Jun 11, Jun 12, Dec 12, Dec 13, Jun 15)

2.3.1 Definition

Inherent risk (固有風險) is the susceptibility of an assertion to a misstatement that

could be material, either individually or when aggregated with other misstatements,
assuming that there are no related controls. (HKSA 200)
(假設有關被審專案的內部控制制度完全不存在的情況下，該專案發生差錯(例
如會計人員在記錄資料時少寫了一個零)的可能性。)

2.3.2 Examples of clients with an increased level of inherent risk might be:
(a) A client with poor trading results and in danger of breaching its borrowing
facilities.
(b) A client in a volatile industry, e.g.:
(i) a fashion house;
(ii) a computer game designer.
(c) A client in a specialized industry, e.g.:
(i) a hedge fund;
(ii) an insurance company.
(d) A client subject to specific regulation, e.g.:
(i) a listed company

N4-4
 (ii) a charity
(iii) a financial service provider.
2.3.3 At the account balance and assertion level – as well as considering the entity as a
whole, the auditor needs to assess whether individual headings in the financial
statements or assertions about those items, carry increased levels of inherent risk.
2.3.4 Examples might be:
(a) Items where there is a high degree of judgement or estimation involved,
e.g.:
(i) development expenditure carried forward in the balance sheet
(ii) provisions for future warranty claims.
(b) Inventory at a jewellery store or a coin dealers might be considered to be
more inherently risky than the cement and bricks at a builders merchants,
because they are more valuable and portable.
(c) The completeness of payables might be considered to carry higher inherent
risk than their existence, because management might wish to conceal a
company’s liabilities so that its balance sheet appears to be stronger than it
really is.

Question 3
The directors of Wizzin have asked your firm to quote for the appointment as the
company’s new auditors. The next financial statements due for audit will be those for the
year ending 31 March 2011 and from discussions with the directors your firm’s audit
engagement partner has ascertained the following information:

1. Wizzin is a long established, limited liability company, trading as builders’

merchants. Owing to a large influx of competitors into the market place, the
company has had declining profits in recent years, although the directors appear not
to be unduly concerned about the company’s ongoing trading.
2. The company operates from 14 sites around the country. All sites comprise a shop
and a yard with the largest site also accommodating the company’s head office. In
order to attract new customers all of the shops have recently undergone major repair
and refurbishment programmes. The costs of these programmes were substantial
and have been financed by bank borrowing.
3. Each site sells a wide range of products including timber and consumable materials,
decorating and general building products. Ranges of tools and equipment are also
available both for sale and for short-term hire, whilst very large stockpiles of sand
and gravel are kept in each yard to meet customer demand.

N4-5
 4. A cash sales policy applies to most customers, but where credit terms are granted,
customers may either collect goods directly or take advantage of the company’s
delivery service.
5. Wizzin owns a large volume of mobile plant and machinery to service its yard and
delivery operations. These include mechanical shovels, dumper trucks, lorries and
vans.
6. Each site is open throughout the year, closing only for public holidays.
Consequently 18 full-time shop and yard staff are employed at each site together
with varying numbers of part-time and temporary employees.

Required:

State with reasons FIVE factors that would affect the initial assessment of inherent risk
associated with the audit of the financial statements of Wizzin.

2.4 Control risk (控制風險)

(Jun 09, Jun 12, Dec 13, Jun 14, Jun 15)

2.4.1 Definition

Control risk is the risk of errors or misstatements because the company’s

internal controls are not strong enough to prevent, detect and correct them.
(某專案在發生差錯的情況下，未被相關內部控制制度發現(例如已有的錯誤記
錄沒有被復核人員所發現)的可能性。)

2.4.2 Control risk increases due to the lack of suitable procedures implemented by the
client. The implementation of such procedures will have a cost, e.g.:
(a) the installation of new equipment
(b) the employment of extra staff
(c) the time taken by additional administrative procedures.
2.4.3 Possible examples of increased control risks are:
(a) Lack of physical controls:
(i) valuable assets not kept in safes or under lock and key
(ii) no security system for access to sensitive areas
(iii) no CCTV or other security measures for access to premises.
(b) Lack of authorization controls:
(i) anyone can order goods and services on behalf of the company
without going through an approval and authorization process.

N4-6
 (ii) high value sales can be made to new customers without checking
their credit status, or to existing customers who are over their credit
limits.
(c) Lack of segregation of duties:
(i) no double signature on high value cheques.
(ii) the warehouse manager is able to write off inventory under his or
her control.
(iii) the person who has access to receipts from receivables is also able to
write off bad debts.

2.5 Detection risk (偵察風險)

(Jun 15)

2.5.1 Definition

Detection risk is the risk that the auditor fails to discover material misstatements
when carrying out the audit procedures.
(差錯在未被內部控制制度發現並予以糾正的情況下，又未被審計人員檢查發
現的可能性。)

2.5.2 Detection risk includes sampling risk, which is defined as:

The risk which arises from the possibility that the auditor’s conclusion, based on a
sample may be different from the conclusion reached if the entire population were
subjected to the same audit procedure.

2.6 The audit risk model

(Jun 15)
2.6.1 The audit risk model, which serves as a framework for assessing audit risk and uses
for deciding how much evidence to accumulate during the audit process, is defined
as follows:

Acceptable Audit Risk (AAR)

Planned Detection Risk (PDR) =
Inherent Risk (IR) x Control Risk (CR)

2.6.2 The planned detection risk determines the amount of substantive evidence to be
accumulated. Detection risk has an inverse relationship with the inherent risk
and control risk.
2.6.3 If the client has a high inherent risk and control risk, then the auditor has to

N4-7
 minimize the detection risk in order to maintain the required level of audit risk.
2.6.4 There is an inverse relationship between levels of audit risks and materiality.
That is, the higher the audit risk, the lower the materiality level required and vice
versa.
2.6.5 If the auditor determines that the acceptable materiality level is lower at the
planning stage, then the audit risk is increased. As a result, the auditor would
reduce the level of audit risk by taking the following actions:
(a) to reduce the assessed risk of material misstatement by carrying out
extended or additional tests of controls; or
(b) to reduce detection risk by modifying the nature, timing and extent of
planned substantive procedures.

Question 4
(a) Define audit risk and its three components. (7 marks)
(b) What are the relationship among the three audit risk components and what is the
impact on auditors? (3 marks)
(c) What is the relationship between materiality and audit risk? (1 mark)
(d) What is the aggregate of uncorrected misstatements comprised of? (2 marks)
(e) What should auditors do if they conclude that the misstatements may be material?
(2 marks)

Question 5
The following are the risk assessment figures for two clients of your firm. In both cases,
the partner in charge of the audit has set an overall level of audit risk for each client of 5%.

BOB’S MARKET STALLS LTD

Inherent risk (IR) 90%
Control risk (CR) 80%

BILL’S BANK PLC

Inherent risk (IR) 70%
Control risk (CR) 60%

Required:

(a) Calculate the level of detection risk applicable to each client.

(b) Briefly explain the implications of this calculation for the level of audit testing

N4-8
 appropriate to the audit of each client.

2.7 Audit risk assessment

2.7.1 At an acceptable level of audit risk, an auditor expresses an opinion on the financial
statements taken as a whole. The auditor’s process of assessing business risks and
risks of material misstatements is as follows:
(a) obtain an understanding of the client and its environment;
(b) identify business risks that may result in material misstatements in the
financial statements;
(c) understand client’s risk assessment system and evaluate how the client
responses to those business risks; and
(d) assess the risk of material misstatements at the assertion level and factors
affecting inherent risk and control risk.

A. Inherent risk

2.7.2 To assess inherent risk at the financial statement level, the auditors use
professional judgement to evaluate numerous factors, examples of which are set out
below:
(a) The integrity of management.
(b) Management experience and knowledge and changes in management during
the period, for example, the inexperience of management may affect the
preparation of the financial statements of the entity.
(c) Unusual pressures on management, for example, circumstances that might
predispose ( 使 偏 向 于 ) management to misstate the financial statements,
such as the industry experience a large number of business failure or an
entity that lacks sufficient capital to continue operations.
(d) the nature of the entity’s business, for example, the potential for
technological obsolescence of its products and services, the complexity of
its capital structure, the significance of related parties and the number of
locations and geographical spread of its production facilities.
(e) Factors affecting the industry in which the entity operates, for example,
economic and competitive conditions as identified by financial trends and
ratios, and changes in technology, consumer demand and accounting

N4-9
 practices common to the industry.
2.7.3 To assess inherent risk at the account balance and class of transaction level, the
auditors use professional judgement to evaluate numerous factors, examples are:
(a) Financial statement accounts likely to be susceptible to misstatement, for
example, accounts which require adjustment in the prior period or which
involve a high degree of estimation.
(b) The complexity of underlying transactions and other events which might
require using the work of an expert.
(c) The degree of judgement involved in determining account balances.
(d) Susceptibility of assets to loss or misappropriation, for example, assets
which are highly desirable and movable such as cash.
(e) The completion of unusual and complex transactions, particularly at or near
period end.
(f) Transactions not subjected to ordinary processing.

B. Control risk

2.7.4 This refers to whether the accounting and internal control systems are effective.

C. Detection risk

2.7.5 To assess detection risk, examples are:

(a) the accessed levels of inherent and control risks.
(b) the nature, timing and extent of substantive procedures.

Question 6
(a) What is inherent risk? (3 marks)
(b) List three factors which the auditors might evaluate in assessing inherent risk at the
financial statement level. (3 marks)
(c) List three factors which the auditors might evaluate in assessing inherent risk at the
account balance and class of transaction level. (3 marks)

N4-10
3. Assessment of Client Business Risks
(Jun 15)

3.1 Business risk

Business risk – A risk resulting from significant conditions, events, circumstances,

actions or inactions that could adversely affect an entity’s ability to achieve its
objectives and execute its strategies, or from the setting of inappropriate objectives
and strategies.

3.2 It is necessary for the auditors to assess client business risks during the
performance of the audit because they will increase the risks of material
misstatements there are
(a) certain transactions that is not easy to identify their substance; for example,
(i) the business transactions involving the related parties and under
unusually complex terms
(ii) the use of complex financial instruments for financing the business
and for investment purpose
(b) economic events and circumstances that will make the market and business
environment dramatically change; for example,
(i) European debt crisis will increase counter-party risk
(ii) the downturn in economic condition will increase default risk
3.3 After evaluating client business risk, the auditor can assess the risks of material
misstatements in the financial statements and then apply the audit risk model to
determine the appropriate extent of audit evidence.

N4-11