Client acceptance/retention stage: evidence gathering:
Preliminary knowledge of the client's business
In each stage of the audit, auditors undertake certain
evidence gathering activities. In the client acceptance/ retention stage of an audit engagement, auditors gather evidence based on a
preliminary knowledge of the client's business
to determine whether or not to accept the audit of the financial
statements of a prospective client or to continue with the audit of
the financial statements of an existing client. The knowledge is
preliminary because in many instances, particularly in the case of
prospective clients, a more detailed knowledge of the business may
not be possible as the auditor may not have access to the potential
client's records and staff. Auditors acquire this preliminary knowledge by gathering evidence as to both the acceptable audit risk and the (achievable) level
of audit risk at the financial statement level.
-
Acceptable audit risk AR*1
Auditors evaluate the acceptable
audit risk AR*1 based on the expected reliance by financial statement users
on the financial statements of the entity. The greater the expected reliance, the lower the risk. Thus, auditors gather such evidence as
the entity's size, its distribution of
ownership, the total of its external liabilities and other factors
relevant to the expected reliance by users on the financial
statements of the entity. The larger the size, the greater the distribution of ownership and the greater the external liabilities, then the greater is the expected reliance and the lower the acceptable audit risk.
- Achievable audit risk AR1
Auditors evaluate the (achievable)
audit risk AR*1 at the financial statement level by evaluating the components of this risk. Thus, auditors gather evidence relating to:
- inherent risk IR1, including evidence relating to management's integrity, management's competence, the
extent of unusual pressures on management, the nature of the
entity's business and data processing
environment. For example, lack of management integrity or competence increases inherent risk IR1 which in turn increases the achievable audit risk AR1.
- control risk CR1. Auditors evaluate this risk by considering the extent to which a positive control
environment within the entity is influenced by factors such
as management's philosophy and operating style, organizational
authorization policies, internal audit, information technology, and
human resources policies, and, where appropriate, policies relating
to the audit committee. For example, lack of established organizational and authorization polices increases control risk CR1 which in turn increases the achievable audit risk AR1.
- (achievable) detection risk DR1. This risk can be described as the likelihood of the auditor (or audit firm)
failing to detect a material misstatement in the unaudited financial
statements. Auditors evaluate this risk by reference to both
the independence of the auditor (or audit firm) from the [prospective] client (and its officers and employees) and the auditor's
(or audit firm's) ability to provide an appropriate level of audit
service to the client. For example, either lack of independence or an inability to provide an appropriate level of service increases detection risk DR1 which in turn increases the achievable audit risk AR1.
In order to gather this evidence, auditors perform certain activities (also referred to as audit procedures) including
observation of, for example, a client's
procedures, inspection of, for example, the annual
reports and other public documents lodged with regulators,
inquiries of directors, outgoing
auditors, and other persons with knowledge of the client and/or its
industry, and analytical procedures
such as ratio analysis and
common size analysis .
Once the evidence is gathered, the auditor evaluates the
evidence, and in particular, evaluates the acceptable and
achievable levels of audit risk. Refer to the next activity.
Copyright, Australian Educational Research
Pty Ltd. Any person accessing this site agrees to the
Terms of Use.
