How Insurance Works

Audit and Assurance exam technique: audit risk

Hello and a very warm welcome wherever you’re watching this presentation from. My name is John Glover and I’m an audit tutor at Kaplan Financial. I specialise in F8 and P7. In a former life I was an auditor at a Big 4 firm so hopefully with my experience and your dedication to the F8 exam we’re going to unravel audit risk. But before we start let’s have a look at
our objectives. It’s always nice to know where we’re
heading towards and we’ve got three objectives here today together. First of all from the exam syllabus itself, from the learning outcomes we need to be able to explain audit risk and its three components. We need to be able to relate that audit risk back to the financial statements and come up with an auditor’s response to each risk. Our second two objectives then are more practical. They rely on looking at how we’re going to
answer exam questions. So first of all, or our second objective I should say is to unravel the difference between audit risk and business risk. What’s the difference? And how are we going to make sure we know the difference in the exam. And then thirdly, having looked at the theory having defined the difference between audit risk and business risk we’re going to look at a past exam paper and apply our knowledge in an exam situation. What have we got to help us? Well we’ve got various tools to help us along this journey. Over on the left hand side we’ve got the financial statements a huge focus for any auditor. On the right hand side we’ve got the ISAs the International Standards on Auditing. So we can delve in there to help us with any definitions. We’ve also got some comments from the examiner, we’ve got some past exam papers we’re going to have a look at, and finally a little tool down at the bottom left we’ve got the audit risk model, the audit risk versus business risk. Right let’s get into the theory then. Audit Risk. Well before we get really down into that theory, we need to just think about what our objectives are as independent auditors. Let’s go into the ISA’s and have a look. ISA 200 sets out the overall objectives of the independent auditor and helps us though some framework in how we’re going to carry out an independent audit of the financial statements. ISA 200 in paragraph [3] talks about the purpose of an audit and it says it’s to enhance the degree of confidence in the intended users of the financial statements. Now remember more often than not the
intended users of the financial statements will be the shareholders for our purposes. What have the auditors got to do? They’ve got to express an opinion on the financial statements. That’s their job their sole purpose. Well what are the financial statements? Well remember they tell the story of the company. Now for this F8 exam you have to have knowledge of the F3 syllabus. You have to feel comfortable with everything in the income statement, and the statement of financial position. Those are our two primary statements for this exam. Remember in the financial statements you may also have the statement of changes in equity, the cash flow statement and the notes to the accounts but we’re going to look at the income statement and the statement of financial position. The income statement tells the performance of the company, how it did during the year. We’ve got our revenues and our expenses. The statement of financial position. Well, it does what it says on the tin. It tells us the position of the company at the reporting date. There we’ve got our assets, our liabilities and our reserves and capital. Who put these financial statements together? Well that’s a director’s job and when the directors are putting these financial statements together, they’re making certain assertions. They’re saying for transactions and events during the year that they’re accurate, that they occurred, that they are complete, that everything has been included, they’ve classified things in the right way and they’ve put them in the right period. Otherwise known as cut-off. For account balances at the year-end well they’re saying that they exist, they’re there, that they’ve got the right for an asset or an obligation for a liability to include them in the financial statements, they’ve valued and allocated them correctly and the same as transaction and events they’ve included everything: they’re complete. So the directors put these financial statements together and we as auditors have to express an opinion on whether they are fairly presented free from material misstatement. OK, let’s jump into the theory. What we’ve got here is an iceberg. At the top of the iceberg we’ve got the audit risk model and below the iceberg, we’re going to delve a little bit deeper into the components of audit risk. You might have seen this before: the Audit Risk Model. Audit risk equals inherent risk times control risk times detection risk. or AR=IR x CR x DR. Wow, we’ve got an equation! We don’t often get to use maths in audit. Unfortunately we won’t be using maths with this model. But we do need to understand it. Now I think with an equation we naturally look to see the product, we naturally want to go to the right hand side of the equation but we need to be really really sure and really really comfortable with what audit risk is. So let’s just concentrate on audit risk for a second. Let’s go into the ISA’s. See what they say about audit risk. Again we’re in ISA 200, the overall objectives and they say that audit risk is the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated. What does that mean? Well realistically what that says is the auditor says the financial statements are free from material misstatement when they are not. That’s a pretty big thing to say. We just saw our overall objective was to express an opinion and if we get that opinion wrong we haven’t done a very good job. Now some of you may remember a company or a firm, I should say called Andersen’s. Some of you may not. But when I was training, there were five big accountancy firms. Of course there’s only four now. Now Arthur Andersen had an audit. They had an audit of this company called Enron. Again some of you may have heard of it, some of you may not. And Andersens were the external auditors. Amongst other things they signed their audit report saying the financial statements of Enron were true and fair when they weren’t. Now there’s no Arthur Andersen. So audit firms take this really really seriously. So audit risk is the risk that we give the wrong opinion. We fail in our whole objective of the financial statements. Well the ISA said that it was made up of two things: the risk of material misstatement and the detection risk. Let’s go back to our model. Our model said that it was made up of three
things: inherent risk, control risk and detection risk. Well detection risk matches with the ISA but what about this risk of material misstatement? All we’re doing here gang is we’re breaking it down into two areas. We’re breaking it down into inherent risk and control risk. Let’s just take a step away from an audit for a second. Let’s have a different situation. Let’s change what we’re thinking about. Let’s think about crossing the road. So if I’m crossing the road, there’s a risk I might get hit by a car. I might get injured or even worse I might die. I could break down those risks into two components. So let’s think about the factors that make up that risk. Well I guess the speed of the cars: how quickly they’re travelling. If they’re travelling at thirty miles an hour against sixty the higher the speed the higher the risk. Maybe what time of day it is: if it’s during the day, there’s sunlight, there’s clear view, cars can see me that reduces the risk than at night time when it’s dark. Maybe where I cross on the road. Do I use a designated crossing place (a
pelican crossing in the UK) or do I cross at the bend where I’m out of sight of the cars which would increase the risk. But when I cross the road, I don’t just cross the road willy nilly, I employ certain controls. What’s the first control I always employ? Well I remember my green cross code I look both ways: I look to the left I look to the right. What else do I do? Well I would cross at a designated place I will use a zebra crossing. What else? Well if I want to be really really safe, I might wear some high-visibility clothing I might wear a fluorescent yellow jacket to make sure cars could see me. You won’t be asked about crossing a road in the exam but those principles of inherent risk and control risk are really really important and how you respond to them as an auditor. Again, let’s just go back into the ISA’s and what ISA 200 said, remember, audit risk was a function of material misstatement and detection risk. Now why do they not say inherent and control risk? They want to make sure you’re focusing on the financial statements so they say the risk of material misstatement. Later on in paragraph [13] they go and break down that risk of material misstatement into two components: inherent risk and let’s just have a look at the definition here the susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material individually or when aggregated with other misstatements, before consideration of any related controls. It’s the risk that’s just out there, the risk that the financial statements are misstated before the directors have done anything
about it. Control risk: the risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure that could be material, either individually or when aggregated with other misstatements will not be prevented, or detected and corrected on a timely basis by the entity’s controls. They don’t look both ways when crossing the road. They don’t use a pelican crossing. All right those definitions are a little bit stuffy. Let’s just go and break it down underneath the iceberg and see how that applies to us. Well, we said inherent risk is just the risk that’s out there. Remember audit risk is the risk that we express the wrong opinion on the financial statements. So these inherent risks have got to trace back to the financial statements. ISA 200 actually gives us a few factors. The first factor we’ve got here is the type of industry. Well imagine I’m in an industry selling fashionable clothes. Probably a risk in itself as I don’t know anything
about fashion as an accountant but I’m selling these clothes to young teenagers and they really really like my clothes because someone famous is wearing them. Then all of a sudden this famous star isn’t wearing these clothes any more. She’s stopped wearing them, she thinks they’re rubbish. What’s the risk? Well clearly the risk that demand will fall. No one will buy our clothes any more. How does that relate to the financial statements? Where do these clothes appear in our financial statements? Well they appear as purchases and at the year-end they appear as inventory. Now going back to our F3 days how do we value inventory? We value at the lower of cost or net realisable value. Net realisable value – what we can sell the goods for less costs to sell. Now if these goods are out of fashion and no one wants to buy them their net realisable value’s going to go right down so potentially it’s less than cost. If they’re including these inventory in their financial statements at cost when it should have been at net realisable value, they’re overstating inventory and therefore the financial statements are misstated. Just one example. The ISA also talks about changes in industry. Sadly in the UK at the moment, we’ve seen a
decline in a store called HMV. Some of you may know it, some of you
may not. For those of you who don’t know it, HMV sells music. Now when I was a lad we all used to go into HMV and buy records. Again some of you may not even know what a
record is maybe you know what a CD is. We’d go in and buy a hard physical copy of our music. I’ve been told that apparently that doesn’t happen any more that you guys don’t buy physical music, that you download from the world wide web maybe using something like iTunes or Amazon. Well HMV didn’t respond to this change in industry. They still kept on stocking CDs, they still kept on stocking physical music and over the last ten years there was a decline in their sales. And eventually this year, they closed down their stores. So what? you say. How does that relate back to the financial statements? Well again we could have a problem with inventory that they valued it too highly but I guess if they’re closing down stores, they may not be using those assets to generate revenue so they may be impaired and also if they’re making their workforce redundant, they may have to have certain provisions in their financial
statements so there may be unrecorded liabilities. Again the financial statements are misstated. Other things: high degree of regulation. Maybe the banking industry if they break the rules they’ll be fined. Have they included those fines, those provisions in the financial statements? New products and services. Well how do I account for the expense of the research and development of those products and services? IAS 38 says research goes to the income statement and development cost goes to the statement of financial position if they meet certain criteria. Have the directors got it right? New locations – lots more information to
include in the financial statements maybe a branch abroad. We’re going to have
to translate sales from one currency back to our reporting
currency increasing the risk of misstatement. Complex transactions so maybe a derivative product we don’t really know how to account for it, we don’t do it on
a day-to-day basis increase the risk of misstatement and finally maybe pending litigation: one of our customers is trying to sue us. If the customer is trying to sue us, do we need to reflect that in the financial statements? Well it depends. If it’s probable and can be measured reliably, yes as a provision. If it’s merely possible, we do need to
reflect it in our financial statements as a disclosure. So if the director’s putting together financial statements, don’t include a provision or a disclosure, a contingent liability, where appropriate, their financial statements may be misstated all increasing the risk of material misstatement in the financial statements. And of course, each client is different, each client faces different risks. OK, that’s inherent risk. Control risk. Well we said that controls don’t prevent or detect misstatement on a timely basis. And really this is deficiencies in the management’s internal control system. Let’s give a really easy example. Imagine I work for a company that don’t authorise any purchases I make. So I say, “I know what this company really needs, it really needs a new iPad.” So I go out and buy a new iPad. No one’s authorised that expenditure, I claim it through expenses because no one’s authorised it, they pay me the money back. I don’t use that iPad in the business, I don’t use it to generate revenue I use it to buy music online for myself at home. Why does that lead to a risk of misstatement in the financial statements? Well of course they’re going to put an asset in there, that iPad that isn’t working for the business. And really you’ve got to look into each individual control system and see where the deficiencies are. Other things which the ISA mentions and do come up in exams lack of personnel with accounting qualifications, so they’re going to make mistakes a change of personnel or a change of IT systems or maybe even new IT systems so there’s a transfer of data issue that leads to the financial statements being materially misstated. Control risk and inherent risk: two components of the risk of material misstatement in the financial statements. OK so we’ve got three of our elements. We’ve got inherent risk and control risk. The final one I want to have a look at is detection risk. Again, popping into the ISA’s in paragraph [13], this time in (e) it says detection risk is the risk that auditors’ procedures will not detect a misstatement. This one’s on us as auditors. Inherent risk, well we can only evaluate it. Control risk, we can only evaluate it. Detection risk, that’s us as auditors that’s us not spotting material misstatements. Again, let’s dig a little deeper detection risk is made up of two parts it’s made up of sampling risk remember, we’re not going to test everything in an audit. We’re going to test samples and there’s a risk that the sample we choose won’t be representative of the whole population. If we choose a different sample we would have come to a different conclusion. So it could be incorrect sampling techniques or sample sizes. On the other side we’ve got non-sampling risk. We could say that’s human error or inadequate planning. Maybe we use inappropriate staff, too junior
staff who don’t understand. Maybe there was complex inventory and we
should have got an expert to help us with the valuation. Maybe we used the wrong procedures or
not enough procedures. And then finally the ISA talks about a failure to apply a professional scepticism. We’re just going to get back into the ISA a
second and look at professional scepticism because it’s an important concept in your exam. And the way that the ISA defines it is an attitude that includes a questioning mind, being alert and a critical assessment of audit evidence. The way I think about it is imagine you ask a child “have you done your homework?” and so you say to the child “Have you done your homework?” The child says “John, yes of course I’ve done my homework.” If I’m applying professional scepticism I think OK he’s said that but there’s a chance that he hasn’t done his homework. So I’m going to get supporting evidence to corroborate what
he says. I might say “brilliant well done for doing your homework. Let me have a
look at it” to see if it’s been done. OK and that’s professional scepticism always questioning always thinking it might not be true what they’ve said, always seeking other evidence. Now, we’ve looked at professional scepticism, we’ve looked at inherent risk we’ve looked at control risk and
we’ve looked at detection risk – the three components. Well what are we going to do with these three components as auditors? Let’s delve into that ISA for the penultimate time. This time we’re in a different ISA, we’re in ISA 315 which really irons out what an auditor’s response is to identifying and assessing risks. And what ISA 315 says is that as auditors, we need to find out about risk in our clients, in an organisation. How are we going to do that? Well we’re going to inquire of management and other people, so the staff, the employees. but we’re going to apply some professional scepticism. We’re not going to just believe what they say, we’re going to observe and inspect some documents to find out about their risk, to find out about their controls and then an important part of the
planning process is analytical procedures. We’re going to look at data, financial and non-financial data to establish plausible relationships. Can we really understand what’s happening in their financial and management accounts? We’re going to evaluate inherent risk, we’re going to evaluate control risk and we said detection risk was down to us as an auditor. So how does this equation work? Some of you love maths, that’s why you became accountants. So I’m going to show you some numbers but
be warned you won’t be tested with numbers in the exam. So just to show you how this fits together, let’s think about two simple equations. My first equation ten times ten times one equals a hundred. I hope you all agree it does equal a hundred. How did I get there? Well two relatively high numbers, ten and ten and I finished it off with a relatively small number, one. But I could have got to a hundred a different way. My second equation I’ve said two times two times twenty five equals a hundred. This time two relatively small numbers to
start off with, a two and a two and then a high number to finish it off, twenty
five. Notice I get to the same result, I get to a hundred two different ways. So how does this apply to our audit risk model? Well, basically audit risk, we’re trying to make the same for every single client. The overall risk that we give the wrong opinion, we want to make the same. We want to get it down to an acceptable level. We’re never going to get rid of it completely but remember the partners, the firms, the
audit firms are so so dependent on their reputation they don’t want to get it wrong. So imagine you’ve got a client and you look at inherent risk and inherent risk is high – fashionable industry, multi-locations complex products maybe they do some hedge accounting, they’ve got some derivatives in their financial statements. You look at their control risk and their control risk is high. They’ve introduced new systems, the financial
controller has left during the year. What’s your response as an auditor? Well you need to make detection risk as low as possible. How do you make detection risk low? Well, more audit procedures, more qualified staff, a lower level of materiality and that will give you higher sample sizes reducing the risk of misstatement. So you evaluate inherent risk and control risk, and you determine detection risk. Let’s have a look at client 2. Client 2 is in a simple business, it makes bricks. Inherent risk: low. The control system has been designed
brilliantly – they’ve got internal auditors checking on a regular basis, management respond to any risks. You’ve evaluated control risk as low. Therefore as an auditor, you can set detection risk a little bit higher, you can use more junior staff, you can have a higher materiality, bigger sample sizes. Notice we get to the same overall audit risk. In the same way that ten times ten times one equals a hundred and two times two times twenty five equals a hundred. We’ve got the same level of audit risk – we’ve got there in two different ways. That’s the auditor’s response to audit risk. Now we’ve understood audit risk it’s time for us to think about what’s the difference between audit risk and business risk and we’ve got this diagram to help us. I’ve got two stags butting into each other because as students, sometimes we get
confused between audit risk and business risk. Let’s delve into the ISAs one last time and think how they define business risk. Again in ISA 315, well really what we are saying business risk is any risk that can adversely affect an entity’s ability to achieve its objectives and strategies. What’s the objective of the company? Well traditionally we’ve said to make profit later theories have said maybe to increase shareholder value or whatever the specific objective of a company is. Maybe it’s to increase revenue. Notice we’re not talking about the financial statements here we’re talking about the company’s objectives. Audit risk: the risk that the auditor gives the wrong opinion. Business risk: the risk that the company doesn’t meet its objectives. Let’s have a look at a few examples from
previous exams. So the first example we’ve got comes from June 2011 and this was part of a scenario question you were given the scenario of your client who was in the airline business and this is what the examiner wrote. The travel agents are given a 90-day credit period to pay Donald &Co – that was the name of the airline. However due to difficult trading conditions, a number of receivables are struggling to pay. Now if you’ve got your business hat on, you might think straight away “right well they’re struggling to pay cash flow problems, liquidity problems” and you’ll be right. So if we were answering this from a business risk element this is what we might put. Just to explain in red is identification of the issue, the orange there is the explanation of
the issue, and the green is the response in this case the response from management. Well the identification of the issue: straight from the scenario the travel agents are struggling to pay. What does this mean?
Well from a business perspective this could result in liquidity issues and Donald may have an unexpected
cash flow problem and might not be able to pay its creditors. What’s the management’s response?
Well, the management response may be employ a credit controller, chase up the debt, maybe employ a debt factoring to be able to help them to recover that money. If this was a business strategy paper, I may give you a mark. But it’s not it’s an audit paper. At what point have we mentioned the financial statements? We haven’t. So to turn it into an audit risk we need to focus back on the financial statements. Let’s just have a look at the scenario again. Is there any clues to help us of how it appears in the financial statements? Well we’ve got this term called receivables and I know receivables are in the financial statements. Where do they appear in the financial
statements? Well remember they’re in the statement of financial position. How do I value receivables in the statement of financial position? A bit of F3 knowledge. Well I’ve put in total receivables less any allowance for receivables. So remember if I’m doubtful of any receivables not being able to pay I’ll make an allowance for them. I think in this case, 90-day credit period, struggling to pay I would definitely make an allowance for them and therefore reduce the amount of receivables on the statement of financial position. How am I going to put that in the exam? Well again, the identification of the issue, exactly the same they’re struggling to pay but this time how am I going to explain it? This could result in irrecoverable debts and receivables being overvalued. Notice, I’ve gone back to the financial
statements. I’ve specifically said receivables could be over-valued. What’s my response? This time not from a management perspective, from an auditor’s perspective. Well I want to find out more about their allowance. So maybe I could look at post year-end cash coming in. Have these receivables actually paid after year-end? Remember as an auditor, I come in after the year-end, so I can see if any of these outstanding balances are paid in January or February or maybe even March and that would give me a good indication of their recoverability. Maybe I could ask management how do they come up with their allowance? I could review the aged analysis, see how outstanding some of these debts were. The response for us as auditors is how we plan to get more information. Let’s have a look at another example this time from June 2010. The scenario here was a paint manufacturer and the examiner said purchase orders for overseas paints are made six months in advance and goods can be in transit for up to two months. Whoa! That seems like a long time – eight months! What if I’ve ordered something and my customer doesn’t want it? I have to wait eight months for it to come in or even worse what if I run out of paint and the customer really really wants it but it’s going to take me eight months to order it. So with my business hat on, this is what I might say. Again identification of the issues: straight from the scenario the six-month wait and I might say as there is a long period of time between delivering there’s a risk of stock-out – we don’t have the paint to supply to our customers, therefore we lose that sale but we may also lose customer goodwill and future sales. My response from management may be okay I really need to look at my stock systems. Maybe a predetermined order level or some
other stock system to make I sure can still supply my customers. Is it an audit risk? Have I mentioned the financial statements? No. We always need to go back to the financial statements. So how does it appear in the financial statements? Well it’s part of inventory at the year-end. So there could be a valuation problem but I want to look at a different risk. Maybe the risk of cut-off. When can I include that paint in my financial statements when the risk and reward is being transferred? and usually that means on delivery of that paint. So there’s a risk that the company may include that inventory when they put the order in, when they purchased it but they can’t actually include the inventory until it’s been delivered – the risk and rewards have been transferred. There’s a risk that inventory is overstated if they’ve included some of this inventory before it’s shipped in. Again, how would I put that? Identification the risk exactly the same. The explanation: only goods that should have been received should be in inventory and there’s a risk that cut-off of purchases and inventory maybe misstated. My response. My response is as an auditor. Well now I know that’s an issue what evidence do I plan to get? The audit team should perform detail cut-off testing on goods prior to the year-end so just before the year-end and just after the year-end go back, do some work on the invoice, on the goods received note make sure they’ve included it in the correct period. I think we’re getting the hang of this now. One last one that I just want us to be aware
of. Again, this goes back to June 2011 and this goes back to this airplane business. In order to fund the expansion Donald
has applied for a loan of $25 million. It is yet to hear from the bank whether or not it will lend them the money. Elsewhere in the question you’re also told
they’ve bought $20 million of planes, they’re committed to it and they’re going to use this loan to fund the
purchase of those planes. Business hat. Identification of the risk: in order to fund the expansion Donald has applied for a loan; it’s yet to hear from the bank – straight from the scenario. Explanation: Well they’ve committed to twenty million worth of planes. If they don’t get that twenty five million loan, those people who they’ve bought the planes from are going to come after them. They’re going to say, “where’s our money?” and if Donald can’t pay them well they may be forced into liquidation
and have to close down. They may no longer be a going concern. What’s the response? Well the response from management: Donald should investigate alternative financing. If that loan doesn’t go through what are they going to do? Have I mentioned the financial statements? No. Not an audit risk. Thinking on the audit risk it’s very very similar. Identification: exactly the same. Explanation: pretty similar although at this point I need to relate it back to the financial statements. There’s a risk that they won’t be a going concern. How does that affect the financial statements? Remember normally I prepare my financial
statements on a going concern basis. If I don’t think that the entity’s a going concern I’ll prepare them on the break-up basis. If i think there is a significant uncertainty that the company might not be a going concern I’ll disclose that in the accounts. So the risk here is that they’ve prepared the financial statements on the wrong basis. If Donald and Co isn’t a going concern well they should have prepared them on the
break up basis and if there’s an uncertainty they should have disclosed it. If they haven’t made that disclosure there’s a material misstatement. Again What’s my response as an auditor? What evidence am I seeking to find? Well I need to do some work around that going concern. I need to do an extended going concern review and I need to inquire of the management, how that loan application has panned out. Very very similar then but I’ve related here back to the financial statements. At this point some students fall into a trap they say brilliant I don’t really need to think about audit risk and business risk, I can just turn any business risk into an audit risk by talking about the going concern. Well you can’t. First of all it’s got to be relevant, it’s really got to lead to going concern problems and secondly you need a variety of risks when answering exam questions. At this point let’s just have a look and see what the examiner says. At the end of each exam she produces an exam commentary and these are gold dust, they’re brilliant! I highly recommend that you go and have a
look at them and it shows what students did well and what students did badly. Now from June 2011 she wrote this. A common mistake is to identify a risk such as going concern and give this answer over and over again. In question 3(b), there was only a maximum of one mark available for the description of the going concern risk.
Only one mark! Don’t overplay it. So with going concern you’ve got one shot
you can use it once and only if it’s relevant. While we’re thinking about the examiner what
else has she got to say? As well as these exam reviews, occasionally she writes some articles and she’s written that absolutely fantastic article about audit risk. And if we look at what she says in that audit risk, amongst other things she talks about common mistakes. Firstly providing definitions of the audit risk model even though it was not part of the requirement. All right students haven’t read the requirement. They’re really happy they understood the theory, they just want to write about it. Remember quite a lot of this exam will be practical. You will be an auditor looking at a specific case and you’re going to have to come up with specific things about that client. Secondly, a lack of understanding of what
audit risk is and providing business risk instead. We’re happy with that now. Audit risk: financial statements, financial
statements, financial statements. Not providing an adequate response to the risk. This needs to be from the perspective of the auditor and not from the management’s perspective. We’ve had a look at that and the difference between audit and business risk. We’ll go on and have a look at some more past exam questions. And finally as we’ve just seen a limited range of risks identified, often just focusing on one area such as going concern. You’ve got to give a range of risks. The examiner spends a lot of time writing these scenarios and there will be far more risks in there than marks available. Make sure you give a spread. Let’s have a look and see how it’s examined. We’ve got some past exam papers here. Let’s just look in the last six, how audit risk was examined. OK, the most recent exam December 2012. Using the information provided describe five audit risks and explain the auditor’s response to each in the planning of Sunflowers – 10 marks. Describe audit risk. Explanation of our response June 2012 Whoa! Nothing there! It was a big shock to us all as tutors. And so we said to the examiner, “well why wasn’t audit risk in June 2012? It’s an important part of the syllabus. It’s an important part of planning.” And she said “Well it’s a big syllaus, F8, I don’t have to test everything at every sitting.” And of course she was absolutely right. In June
2012 no audit risk. But there was audit risk in the previous four exams. December 2011 3 (a) bit of theory. If she aks you for theory, you can write about it, so in part (a) you could. Explain the components of audit risk and for each component, state an example factor. Inherent risk, control risk, detection risk and a factor for each. Part (b) looks very similar to what we’ve seen before. Using the information provided, identify and describe five audit risks and explain the auditor’s response in this case for Abrahams. Again ten marks. June 2011 3 (b) Getting pretty similar. Using the information provided, describe five audit risks and explain the auditor’s response to each risk. December 2010. A little bit different. Part (i) Calculate five ratios for both years, which would assist the audit senior in planning the audit. Well remember we talked about, very briefly, analytical procedures. This is getting you to do some analytical procedures. Some basic ratios on the financial statements. Half a mark for last year, half a mark for this year, so you’ve got something to compare. Part (ii) From a review of the above information and ratios calculated, explain the audit risks and describe the appropriate response. Alright this time you could use your ratios to help you come up with those risk areas but ultimately the same question. Finally June 2010. Identify and explain the audit risks at the planning stage. Alright no auditor’s response required here so you going to have to talk about more risks –
identifying them and explaining them. No auditor’s response needed. I’ve just one thing to say about June 2010, in the five previous examples it was all question three, here it’s question one. So remember although that first big 30 mark question is usually around controls and maybe some substantive testing, the examiner can put
anything from the syllabus in there and in this instance in June, part of it was audit risk. OK, audit risk is important. It comes up in the exam time and time again. Let’s have a look at December 2010 in more detail then. What was the requirement? Well hopefully we’re familiar now. Describe five audit risks and explain the auditor’s response. What do you do in an exam? Read the requirement. Describe five audit risks and explain the response. OK. How would you plan to answer this? Well if I was you, what I would do is I’d get my ruler, I’d draw a great big line down the middle of the page and
across the page and I’d answer it in a tabular format. Why’s a tabluar format so good for the audit exam? Well it makes sure you’re answering both the requirements. The audit risk requirement and the auditor’s response requirement and you’re linking the two together. Now of course you could still get full marks without this approach but you need to talk about both elements. Five different issues. That’s what we’re looking for. OK. Audit risk. What was the word? Describe. Describe is a little bit more than just identification. You need to go on and explain that audit risk. Why is it an audit risk? And how does it relate back to the financial statements? Identification is not enough. Auditor’s response. Well we’re asked to explain. Well we need to link it back to the audit risk we’ve just identified and described and then think about the evidence we plan to
collect as auditors. The examiner has said it’s not quite as extensive as an audit procedure or an audit test but you can’t be too vague. It’s got to relate back to that audit risk. Let’s have a look at the scenario itself. You’re told that Sunflowers operates
twenty five supermarkets; the company’s year end is 31st December and you’ve recently had a meeting with
the audit manager and the FD and you’ve got some planning notes. First thing to always do in a question: just make sure you know the year-end. Here in purple 31st December 2012. OK. Sometimes the examiner may give you a
September year-end. Might be important if you’re thinking about cut-off or events after the reporting date. Any audit risks there jumping up at me? Well twenty five food supermarkets. I guess I’m thinking multi-locations. Lots and lots of information held in different areas. Are they all going to come back and be returned when the financial statements are presented? So I might make a little note. I might highlight it in the exam. Second paragraph just gave you a bit of background information. You’re the audit senior. It’s your first audit and the audit manager’s just asked you to do
some research and then it just repeats the requirement. OK. Identify the relevant audit risks and consider how the team should respond. I’ll be a little bit careful here but the first thing I’m thinking is this is my first year on the audit. Do I have enough knowledge of the business to understand these risks? Well what would I do? Well I’d ask the previous manager. I would ask the audit partner. I would look
back at last year’s audit files. So although I may not have enough knowledge of the business, the audit firm itself should have enough knowledge of the business. So this really isn’t an audit risk. If the audit firm as a whole was new to the client, well then this
lack of audit knowledge, lack of understanding of the business may be an audit risk. Let’s go on. Next paragraph we’re told that $1.6 million has been spent refurbishing the supermarkets, a warehouse that hasn’t been used has been disposed of at a profit and a sum of $1.5 million was borrowed from the bank. Well the $1.6 million in refurbishment, again do I expense it through the income statement or do a capitalise it on the statement of financial position? Well it depends. If it’s just restoring those assets to their previous condition, expense to the income statement. If I’m enhancing those assets, if I’m increasing their economic value then I would capitalise it. A difficult decision to make. A decision a director could get wrong. What evidence would I be looking at? A breakdown of the costs to see what happened. Disposal at a profit. Remember F3 days remember trying to calculate the profit or loss on the sale of a non-current asset. It wasn’t easy. If it’s not easy people are going to make mistakes. Remember we take the sales proceeds less its net book value or its carrying value. Lots of people assume it’s sales price less original cost. Also if they got rid of that asset, is it no longer in the non-current assets? Is it no longer in the non-current asset
register? Not a regular thing selling non-current assets. Could be a mistake. $1.5 million was borrowed. Well I couldn’t use going concern here. There wasn’t enough in the scenario but I guess I could say well that $1.5 million was borrowed. When am I going to have to pay it back? If it’s greater than a year it’s a non-current liability. If it’s less than a year it’s a current liability. So have they classified it correctly in the financial statements? How have they split it? And you could start thinking about the interest in the income statement as well. OK so lots of risks racking up for us here. Next paragraph. The company will be performing a year-end inventory count at head office and at 25 supermarkets leading us back into that multi-location. So for those 25 supermarkets can we as an auditor visit all 25 stores? Probably not. So the controls around those inventory counts are going to be important. Also what stores are we going to select to visit? We’re going to have to think have there been problems in the past? Which of those stores are material to the financial statements? We’re then told inventory is valued at selling price less average profit margin, that’s a little bit weird. It’s not what we’re used to. We’re used to inventory being valued at the
lower of cost or net realisable value. Weird. Actually if we go and inspect IAS 2, IAS 2 says that for retail businesses such as a supermarket where there’s a high turnover of goods they can use selling price less average profit margin as an approximation of cost as long as there is an approximation. So we’re going to have to do some work to say well is that approximation of selling price less average profit margin close to cost? Alright, they’re racking up. Next paragraph that we have there, the
final paragraph. Well we’re told that they’ve transferred some data, we’re told that there’s an increased workload
and we’re told that the financial controller has left. Transfer of data. Transfer data from one system to another there’s a risk it could go wrong. There’s a risk there could be omissions. That’s going to increase the overall risk of
material misstatement. We’re going to have to find out what the process is. We may even think about CAATS: Computer Aided or Assisted Audit Techniques. Put through some dummy data. Increased workload, the financial controller has left. The financial controller has left. Someone’s not
coming in for a month. Does he know about the business? Does he know about Sunflower? Can he account for the business itself? Who are we going to ask questions to as an auditor? So while I’m working through the scenario, I’m
picking out these issues. I’m highlighting them. I might make little notes. Probably just one word in your exam – you
don’t have a huge amount of time. But you know how many issues there are. So we’ve identified nine issues. Multi-location; first year audit for the audit team member, not the audit firm; refurbishment of stores; we sold the warehouse; we’ve borrowed some money inventory valuation weird; there’s going to be year-end inventory valuation at twenty five stores; accounting records are centralised; and the financial controller has left. Nine issues. Am I going to talk about nine? No, I haven’t got time. The examiner asked me to answer five, so I’m going to give five issues. Well first of all first year on the audit, it’s not really an audit risk, it’s just me as a team member. Not going to use it. Multi-location. Well that links quite nicely into the year-end inventory count at twenty five stores. Remember I’m looking for different issues. I
think I would be repeating myself if I put both. I’ll link those together. What else? Well the accounting records are centralised, the financial controller has left. They are different issues but I’m going to deal with them together or pick on one of those issues and so that leaves me with six issues. The amount that I borrowed from the bank probably my weakest issue of what I’ve got left. So the five I’m going to pick: Refurbishment of the stores; Smaller warehouse; inventory valuation; the year-end count; and the extra work-load and the fact that the financial controller has left. OK, I’m now ready to start writing. Nice clear writing. Every time you want to make a point leave yourself some space. Allow the examiner to mark your question. First audit risk Sunflower has spent $1.6 million on refurbishing its twenty five supermarkets. Straight from the scenario. Low skill. I haven’t added anything to it. To add something to it I need to relate it back to the financial statements and as we said before there’s a risk that some expenditure should have been expense that should have been capitalised or vice versa and therefore non-current assets could be misstated or maybe expenditure misstated. You’re probably looking at two sentences: one to identify the risk; one to explain the risk. From that risk, what’s our response as auditors? Again two sentences. Review a breakdown of the costs and agree the invoices to the nature of expenditure. Have a look at what IAS 16 says – make sure
they’re getting it right; go and look at those invoices and then make sure it’s agreed to the non-current asset register if it’s an asset or if it’s expenses, it’s gone through the expense breakdown in the income statement. Lots of white space. Lots of areas for the examiner to give you marks. Leave yourself a couple of lines. Go on to your second issue. Our second issue: the small warehouse that wasn’t really used has been sold at a profit. Explanation: back to the financial statements. They could have got that calculation wrong. So there’s a risk that the calculation was wrong in the income statement and there’s a risk that they’ve left that warehouse in non-current assets – non-current assets are over-stated. Our response. What evidence do we want to collect? Well let’s review that non-current asset; make sure it’s been removed from the register. Re-calculate profit and loss on disposal; make sure we agree. That’s what we plan to do. Third issue then the inventory valuation policy. Therefore it could be misstated if it’s not an approximation to cost. I guess one thing they could have done they could have looked at inventory as a whole rather than on a line by line basis as IAS 2 tells us to relating it back to the financial statements. Response. Well let’s dig a little bit deeper let’s ask management how they calculated average profit margin. Agree it as reasonable. Remember professional scepticism. Don’t take what they say on face value go a little bit further – you do some valuation
testing to compare that cost of inventory to the selling price less average profit against cost on a line by line basis. Fourth issue. Year-end multi stores: could be misstatements because we can’t visit all stores. Lots of information coming back relating it back to the financial statements. Response. Well let’s select a sample of supermarkets to visit. Which supermarkets we visit will depend on how material they are and if there has been any issues in the past. Finally increased workload, financial controller has left. Well as we all know if we’re all working really really hard working all the hours under the sun, there’s an increase that we make mistakes and
those mistakes will be reflected in the financial statements. Also the new financial controller may not have the history of the company itself and therefore can’t deal with some of the transactions. What’s our response? Well it’s perfectly acceptable for us to say be alert, we know it’s an issue let’s look out for these errors particularly around the last few months of the
year. Let’s focus in and maybe increase our testing there when this changeover happened. We need to ask the financial director we can’t speak to the financial controller; is he in a position to answer our questions. And that’s how we might answer the last audit exam. Five issues, five explanations, five auditor’s responses. Let’s go back and see have we met our objectives? Can we explain audit risk, its components and relate it to financial statements? Yes we can! Do we know the difference between audit risk and business risk? Financial statements, financial statements, financial statements in terms of audit risk. Can we approach F8 exam? Again, yes we
can! We know the format and we know how to answer the questions and prioritise our risks. All that remains for me to say is thank you for listening and I wish you all the future success in your exams.

Reader Comments

  1. Not studying for ACCA but I have a final year university exam on audit coming up and Risk is a guaranteed topic! Very helpful!

  2. john is the best teacher for audit .with your great help i managed to score 76 in audit and i am so proud of that. thankyou very much.

  3. Initially the Formula is misstated and far fetched as well as there are no correlations between three components. Of course if your conditioned reflexes are override your mind you will never understand this dirty trick of ACCA couches!

  4. Thank you so much sir.This video is the best illustration of audit risk i have seen so far and has helped me a lot.

  5. HI ACCA students, please visit my channel for more free ACCA past exam questions go through videos and study tips about ACCA. Really helpful for your coming ACCA exams!

  6. Thank you, Sir. It is a great lesson for me to understand clearer on audit risk. His sound and action just like Jamie Oliver demonstrates how to cook a simple dish lol…

  7. Please watch this video free info about ACCA and CA

  8. Good video on audit risk. Here is another ACCA F8 Audit planning session:

  9. I enjoyed my March 2019 F8 exams on the 4th of March 2019 because I used this video as my revision lessons… It was as if the lecture had seen the real exams. This lecture is amazing. He delivers his presentation as if he is speaking in my mother language… Enough respect

  10. This video is great, it's exactly what I was looking for to understand how to tackle those questions. I know understand I was answering them using business risks and not audit risks! It seems so easy now! Thank you!!

Leave a Reply

Your email address will not be published. Required fields are marked *