| Meaning the RMM | | | | a material misstatement in a relevant assertion the |
| | | | | auditor should obtain evidence about how controls |
| Auditors must consider audit risk and must determine | | | | were applied at relevant times during the period |
| a materiality level for the financial statements taken | | | | under audit. If substantially different controls were |
| as a whole." Auditors also "must obtain a sufficient | | | | used at various times, the auditor should consider |
| understanding of the entity and its environment, | | | | each time period separately. |
| including its internal control, to assess the risk of | | | | |
| material misstatement the risk of material | | | | Tests of controls may be designed to be performed |
| misstatement has been assessed for major accounts, | | | | concurrently with test of details. When performing |
| transaction streams and disclosures, the auditor must | | | | these dual-purpose tests, the auditor should consider |
| develop an audit plan in which he or she documents | | | | how the outcome of the test of controls may affect |
| the audit procedures that, when performed, are | | | | the extent of substantive procedures to be |
| expected to reduce audit risk to an acceptably low | | | | performed. |
| level | | | | |
| | | | | |
| | | | | |
| In additional: The auditor is required to assess the risk | | | | |
| of material misstatement (RMM) according to Audit | | | | A material misstatement that is detected by the |
| Risk and Materiality in Conducting an Audit. RMM is | | | | auditors, but not identified by the entity, should be |
| the auditor's combined assessment of inherent risk | | | | considered as at least a significant deficiency. It may |
| and control risk. Auditors are also required to perform | | | | also be a strong indicator of a material weakness in |
| audit procedures to respond to assessed RMM. The | | | | internal controls that should be communicated to |
| auditor should obtain an understanding of the entity | | | | management. When evidence about the operating |
| and its environment, including its internal control, | | | | effectiveness of controls is obtained during an interim |
| sufficient to identify and assess the risks of material | | | | period, consideration should be given to what further |
| misstatement of the financial statements whether | | | | evidence is needed for the remaining period. If the |
| due to fraud or error, and sufficient to design and | | | | auditor plans to use audit evidence about the |
| perform further audit procedures | | | | effectiveness of controls that was obtained in a prior |
| | | | | period, |
| | | | | |
| In my article have tried to clearly discuss how the | | | | The auditor should also increase the extent of testing |
| auditor responds to the risk of material misstatement | | | | of controls as the rate of expected deviation |
| (RMM) in designing and performing audit procedures. | | | | increases. In some instances the expected rate of |
| | | | | deviation may be too high to obtain evidence that will |
| | | | | sufficiently reduce the control risk. Tests of controls |
| | | | | would then be inappropriate. |
| Overall Responses: | | | | |
| | | | | Once the auditor determines that automated controls |
| | | | | are working effectively, the auditor should perform |
| The auditor's overall responses to address the | | | | tests to determine that the controls continue to |
| assessed risks of material misstatement at the | | | | work as intended, especially if changes are made to |
| financial statement level may include emphasizing to | | | | the program. |
| the audit team the need to maintain professional | | | | |
| skepticism in gathering and evaluating audit evidence, | | | | |
| assigning more experienced staff or those with | | | | Considering the Nature, Timing, and Extent of Further |
| specialized skills or using specialists, providing more | | | | Audit Procedures |
| supervision, or incorporating additional elements of | | | | Nature: |
| unpredictability in the selection of further audit | | | | |
| procedures to be performed. Additionally, the auditor | | | | The nature of further audit procedures refers to |
| may make general changes to the nature, timing, or | | | | their purpose (tests of controls or substantive |
| extent of further audit procedures as an overall | | | | procedures) and their type, that is, inspection, |
| response, for example, performing substantive | | | | observation, inquiry, confirmation, recalculation, |
| procedures at period end instead of at an interim | | | | reperformance, or analytical procedures. The auditor |
| date. | | | | should obtain audit evidence about the accuracy and |
| | | | | completeness of information produced by the entity's |
| | | | | information system when that Information is used in |
| The auditor's overall responses to the assessed RMM | | | | performing audit procedures. For example, if the |
| include | | | | auditor uses non-financial information or budget data |
| | | | | produced by the entity's information system in |
| 1. Maintaining professional skepticism in gathering and | | | | performing audit procedures, such as substantive |
| evaluating audit evidence. | | | | analytical procedures or tests of controls, the auditor |
| 2. Assigning more experienced staff. | | | | should obtain audit evidence about the accuracy and |
| 3. Using specialists. | | | | completeness of such information |
| 4. Greater supervision of staff. | | | | |
| 5. Element of unpredictability in selection of further | | | | Timing: |
| audit procedures. | | | | |
| 6. Changes in nature, timing, and extent of further | | | | |
| audit procedures. | | | | Timing refers to when audit procedures are |
| 7. Increase the number of locations to be included in | | | | performed or the period or date to which the audit |
| the audit scope. | | | | evidence applies. The higher the risk of material |
| | | | | misstatement, the more likely it is that the auditor |
| The effectiveness of the control environment has a | | | | may decide it is more effective to perform |
| significant bearing on whether the auditor will employ | | | | substantive procedures nearer to, or to perform |
| a primarily substantive approach or a combined | | | | audit procedures unannounced or at unpredictable |
| approach that uses tests of controls as well as | | | | times. Certain audit procedures can be performed |
| substantive procedures. | | | | only at or after period end, for example, agreeing the |
| AUDIT PROCEDURES RESPONSIVE TO RISKS OF | | | | financial statements to the accounting records, or |
| MATERIAL MISSTATEMENT | | | | examining adjustments made during the course of |
| | | | | preparing the financial Statements. If there is a risk |
| The auditor should design auditing procedures to | | | | that the entity may have entered into improper sales |
| achieve the objective of a high level of assurance | | | | contracts or that transactions may not have been |
| that the financial statements are free of material | | | | finalized at period end, the auditor should perform |
| misstatement. Those further auditing procedures | | | | procedures to respond to that specific risk. |
| consist of either tests of controls or substantive | | | | |
| procedures. In designing further audit procedures, the | | | | |
| auditor should consider such matters as: | | | | ExtenT: |
| | | | | |
| The significance of the risk | | | | Extent refers to the quantity of a specific audit |
| | | | | procedure to be performed, for example, the extent |
| • The likelihood that a material misstatement will | | | | of an audit procedure is determined by the judgment |
| occur | | | | of the auditor after considering the tolerable |
| • The characteristics of the class of transactions, | | | | misstatement, the assessed risk of material |
| account balance, or disclosure involved | | | | misstatement, and the degree of assurance the |
| • The nature of the specific controls used by the | | | | auditor plans to obtain. An auditor may use |
| entity, in particular, whether they are manual or | | | | techniques such as computer-assisted audit |
| automated | | | | techniques to enable him or her to extensively test |
| • Whether the auditor expects to obtain audit | | | | electronic transactions and account files. Such |
| evidence to determine if the entity's controls are | | | | techniques can be used to select sample transactions |
| effective in preventing or detecting material | | | | from key electronic files, to identify transactions with |
| misstatements. | | | | specific characteristics, or to test an entire population |
| | | | | instead of a sample. This Statement regards the use |
| The nature of the audit procedures is of most | | | | of different audit procedures in combination as an |
| importance in responding to the assessed risks. | | | | aspect of the nature of testing as discussed above. |
| | | | | However, the auditor should consider whether the |
| | | | | extent of testing is appropriate when performing |
| There should be a clear linkage between audit | | | | different audit procedures in combination. |
| procedures and the risk of material misstatement at | | | | Controls: |
| the relevant assertion level for each class of | | | | |
| transactions, account balance, and disclosure. The | | | | The timing of tests of controls depends on the |
| higher the auditor's assessment of risk, the more | | | | auditor's objective and the period of reliance on |
| reliable and relevant the | | | | those controls. When the auditor tests controls at a |
| Evidence must be to satisfy the auditor's objectives. | | | | particular time, the auditor may obtain audit evidence |
| The higher the RMM, the more likely it is that the | | | | that the controls operated effectively only at that |
| auditor will perform the procedures at the end of | | | | time. The auditor should test controls for the |
| period or at unpredictable or unannounced times. | | | | particular time, or throughout the period, for which |
| Certain procedures may only be performed at or | | | | the auditor intends to rely on those controls. Audit |
| after the period end date. | | | | evidence pertaining only to a point in time may be |
| | | | | sufficient for the auditor's purpose, |
| | | | | |
| The extent or quantity of audit procedures is | | | | |
| determined by the auditor's judgment. The auditor | | | | Conclusion: The auditor's assessment of the identified |
| should consider the assessed risk of material | | | | risks at the relevant assertion level provides a basis |
| misstatement, the tolerable misstatement, | | | | for considering the appropriate audit approach for |
| And the degree of assurance desired. Generally, | | | | designing and performing further audit procedures. In |
| sampling is used to achieve audit objectives. Tests of | | | | some cases, the auditor may determine that |
| controls should be performed if controls are | | | | performing only substantive procedures is appropriate |
| expected to be effective in preventing or detecting | | | | for specific relevant assertions and risks. |