Activity Based Risk Evaluation Model of Auditing

HOME >> BASIC CONCEPTS >> AUDIT RISK CONCEPTS >> INHERENT RISK >> EVALUATION AT FINANCIAL STATEMENT LEVEL

Evaluation of inherent risk at the financial statement level

Inherent risk at the financial statement level is evaluated in the first and last audit stages. In the client acceptance stage, the evaluation of IR₁ is necessarily based on a preliminary knowledge of the client's business, whereas IR₅ is evaluated when the auditor has a far more detailed knowledge of the client. Inherent risk is evaluated as LOW, MODERATE or HIGH.

Inherent risk factors

Factors indicative of a high inherent risk include:

• lack of management integrity. In making a decision to accept or continue with a client, an auditor considers the integrity of the client's management ^[fn]. Criteria used to evaluate management integrity include:
  • management domination i.e. the domination of management by one person (e.g. an executive chairman) or a small group. (See the Journal of Accountancy article When the Boss Trumps Internal Controls as to the possible consequences of management domination). Management domination may exist when, for example, the Chairman of the Board is also Chief Executive Officer, or when there is a low proportion of independent non-executive directors compared to the total number of directors on the Board.
  • a high frequency of turnover of key accounting/finance personnel. This could indicate the existence of, for example, a long running dispute between management and accounting personnel over reporting standards.
  • the extent of significant and prolonged under staffing of the accounting department. Such understaffing could be indicative of management's lack of interest in quality reporting, or even a positive interest in poor quality reporting.
  • the absence of a significant number of non-executive directors.
  • the extent of related party transactions. If the client has extensive dealings with entities in which management has an interest, the interests of the client's owners may suffer.
  • a high frequency of changes in legal counsel. The existence of an unreasonable attitude with legal counsel may flow on to such an attitude in relation to accounting issues.
  • a continuing failure to correct major weaknesses in internal control where such corrections are practicable. Again, this could indicate anything from disinterest in internal controls to an aversion to such controls.
  • past acts indicating lack of integrity.
  • recently changed auditors, particularly if it involved opinion shopping.
• lack of management competence. Management competence refers to the competence of directors and other senior management personnel. It includes matters such as their:
  • industry experience,
  • knowledge of the entity's business,
  • commercial skills,
  • common sense,
  • knowledge of good corporate governance, and
  • communication and judgement ability.
  Auditors can assess management competence by speaking to directors individually as well as considering such factors as the number of years experience of each director in the industry, the number of years experience with the entity, and the extent of changes to management during the past several years.
• unusual pressures on management. Unusual pressures include pressures that may predispose management to either intentionally or unintentionally misstate the financial statements. For example, the auditor considers whether:
  • the client lacks sufficient capital to continue operations or there is a downward trend in the current ratio.
  • there has been an unexpected loss or downturn in profits.
  • the client is a newcomer to the industry.
  • the potential exists for going concern problems ^[fn].
  • any of the above, combined with the need to comply with debt covenants.
  • there is a need to fulfill public expectations, such as forecast results.
  • there is a need to fulfill internal expectations, such as performance measures, management targets and budgets.
  • the industry is subject to fierce competition or is in decline.
  • the client has unresolved disagreements with the audit firm.
  • the client is contemplating a new equity issue.
  • the equity market has expectations of improved performance by the client.
• the presence of certain factors relating to the nature of the entity's business. The nature of the business of an entity has a bearing on the risk of a material misstatement occurring in the unaudited financial statements. For example, its products and services, capital structure, related parties, locations, and management compensation methods may be such as to increase the risk of a material misstatement in the unaudited financial statements. For example, the presence of the following factors may indicate a high inherent risk:
  • senior levels of management are remunerated based on results ^[fn]. This may motivate such executives to deliberately misstate values of account balances (for example, inventory, accounts receivable, accounts payable), and is one of the most common forms of fraud.
  • the client has an unnecessarily complex corporate or financial structure . The less transparent the entity's corporate or financial structure, the more conducive is the environment for fraud and/or financial manipulation. (See the article in Time magazine "Behind the Enron Scandal".)
  • there is a significant equity holding, or options over equity holdings, by senior management.
  • the client is easily distinguished from the industry. e.g. different return on investment, growth, performance, leverage, accounting policies than others in the same industry.
  • the quality of earnings is debatable.
  • the client faces increased business risk. This will increase inherent risk as there is a risk that losses may be concealed by using incorrect or inappropriate accounting practices. Depending on the circumstances, the adoption of such accounting practices by senior executives may involve fraud, possibly leading to criminal prosecution.
  • illegal acts or misstatements have occurred in past periods, including those that have and have not been recorded.
• the presence of certain specific industry factors. The nature of the industry may be such that it is predisposed to reduced performance or growth, increasing the risk that losses may be concealed with incorrect or inappropriate accounting practices. Thus, where the client is in an industry that is sensitive to economic and competitive conditions, or changes in technology, the assessment of inherent risk would be higher than it would otherwise have been. Other examples include industries that are:
  • cyclical or seasonal.
  • high risk, such as high tech or high fashion industries.
  • experiencing a high rate of failure/decline/depression or otherwise experiencing adverse conditions.
  • subject to speculation in the securities industry.
• the application of information technology (IT)^[fn] to the data processing (DP) environment. In an IT DP environment, there is a concentration of both personnel and of knowledge, compared to a similar entity that operates in a manual DP environment. The significance is that organizational independence is more important (because of the greater concentration of knowledge) but is more difficult to achieve (because there is less personnel). This increases the risk of a material misstatement in the unaudited financial statements. As nearly all businesses today have some level of IT applications, this increased inherent risk applies to most businesses.

  In an IT environment, there is a greater concentration of data compared to a manual environment. For example, in an IT environment, both data and software are more vulnerable to unauthorized access, accidental loss/destruction, or deliberate loss/destruction as the data/software is in a more concentrated (machine readable) form. Other factors that increase inherent risk as a result of an IT DP environment include:

  • the fact that the use of IT may result in systems with an invisible audit trail, absence of input documents, and an absence of visible output.
  • the use of stand-alone computers to process accounting applications and on-line computers located throughout an entity will increase the risk of unauthorized use of the computers.
  • the transmission of data through telecommunication systems will increase the risk of data loss (through broken transmissions) and data and software corruption (through tapping and hacking.
  • the use of data-base systems will, owing to data sharing, increase the risk of unauthorized data corruption.

  Thus, the very existence of an IT DP environment increases inherent risk. Note that inherent risk assumes the absence of internal control procedures: there will be some amelioration of the overall risk of misstatement if control risk at the financial statement level is evaluated as less than high.

Inherent risk for each financial statement item assertion is evaluated as LOW (when few inherent risk factors are present), MODERATE, or HIGH (when a significant number of inherent risk factors are present).

For existing clients, much of the information referred to above will be available from prior year's working papers or from knowledge held by the auditor and his/her staff employed on previous engagements. However, changes in, for example, the management, directors, legal advisers, financial and litigation status, market conditions, products sold, and even operating procedures usually indicate a need to reassess the level of inherent risk compared to the previous year.

Note that auditors who are industry specialists may evaluate inherent risk differently to auditors who are non-industry specialists^[fn].

Copyright, Australian Educational Research Pty Ltd. Any person accessing this site agrees to the Terms of Use.