THE RISK OF MATERIAL MISSTATEMENT (RMM) AUDIT PROCEDURES RESPONSE TO RISKS & EVALUATING THE AUDIT VERIFICATION OBTAINED.
SUMMARY:
Audit procedures responsive to risks of material misstatement at the relevant assertion level. This part provides guidance to the auditor in designing and performing further audit procedures, including tests of the operating effectiveness of controls, where relevant or necessary, and substantive procedures, whose nature, timing, and extent are responsive to the assessed risks of material misstatement at the relevant assertion level. a lot the auditor may determine that a combined approach using both t ests of the operating effectiveness of controls and substantive procedures is an effective approach. Irrespective of the approach selected, under the Auditing Standard.
The auditor’s assessment of the identified risks at the assertion level provides a basis for consid consideri ering ng the approp appropria riate te audit audit approa approach ch for design designing ing and perfor performin ming g furthe furtherr audit audit procedures. In some cases, the auditor may determine that only by performing tests of contro controls ls may the audito auditorr achiev achievee an effect effective ive respon response se to the assessed assessed risk risk of materi material al misstatement for a particular assertion. MEANING THE RMM
Auditors must consider audit risk and must determine a materiality level for the financial statements taken as a whole." Auditors also "must obtain a sufficient understanding of the entity entity and its enviro environm nment ent,, includ including ing its intern internal al contro control, l, to assess assess the risk risk of materia materiall misstat misstateme ement nt the risk risk of materi material al misstat misstateme ement nt has been been assessed assessed for major major accoun accounts, ts, transaction streams and disclosures, the auditor must develop an audit plan in which he or she documents the audit procedures that, when performed, are expected to reduce audit risk to an acceptably low level
In additional : The auditor is required to assess the risk of material misstatement (RMM) according to Audit Risk and Materiality in Conducting an Audit. RMM is the auditor’s combined assessment of inherent risk and control risk. Auditors are also required to perform audit procedures to respond to assessed RMM. The auditor should obtain an understanding of the entity and its environment, including its internal control, sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures
In my article have tried to clearly discuss how the auditor responds to the the risk of material misstatement (RMM) in designing and performing audit procedures.
OVERALL RESPONSES :
The auditor's overall responses to address the assessed risks of material misstatement at the financial statement level may include emphasizing to the audit team the need to maintain professional skepticism in gathering and evaluating audit evidence, assigning more experi experienc enced ed staff staff or those those with special specialize ized d skills skills or using using specia specialist lists, s, provid providing ing more more supervision, or incorporating additional elements of unpredictability in the selection of further audit procedures to be performed. Additionally, the auditor may make general changes to the
nature, timing, or extent of further audit procedures as an overall response, for example, performing substantive procedures at period end instead of at an interim date.
The auditor’s overall responses to the assessed RMM include 1. Maintaining professional skepticism in gathering and evaluating audit evidence. 2. Assigning more experienced staff. 3. Using specialists. 4. Greater supervision of staff. 5. Element of unpredictability in selection of further audit procedures. 6. Changes in nature, timing, ti ming, and extent of further audit procedures. 7. Increase the number of locations to be included in the audit scope. The effectiveness of the control environment has a significant bearing on whether the auditor will employ a primarily substantive approach or a combined approach that uses tests of controls as well as substantive procedures.
AUDIT PROCEDURES RESPONSIVE TO RISKS OF MATERIAL MISSTATEMENT
The auditor should design auditing procedures to achieve the objective of a high level of assuran assurance ce that that the financ financial ial statem statement entss are free free of mater material ial misstat misstateme ement. nt. Those Those further further auditing procedures consist of either tests of controls or substantive procedures. In designing further audit procedures, the auditor should consider such matters as: The significance of the risk • The likelihood that a material misstatement will occur • The characteristics of the class of transactions, account balance, or discl osure involved • The nature of the specific controls used by the entity, in particular, whether they are manual or automated • Whether the auditor expects to obtain audit evidence to determine if the entity's controls are effective in preventing or detecting material misstatements. The nature of the audit procedures is of most importance in responding to the assessed risks.
Ther Theree should should be a clea clearr link linkag agee betw betwee een n audi auditt proc proced edur ures es and and the the risk risk of mater materia iall misstatement at the relevant assertion level for each class of transactions, account balance, and disclosure. The higher the auditor’s assessment of risk, the more reliable and relevant the Evidence must be to satisfy the auditor’s objectives. The higher the RMM, the more likely it is that the auditor will perform the procedures at the end of period or at unpredictable or unannounced times. Certain procedures may only be performed at or after the period end date.
The extent or quantity of audit procedures is determined by the auditor’s judgment. The auditor should consider the assessed risk of material misstate ment, the tolerable misstatement, And the degree of assurance desired. Generally, sampling is used to achieve audit objectives. Tests of controls should be performed if controls are expected to be effective in preventing or detecting detecting a material material misstatemen misstatementt in a relevant relevant assertion the auditor auditor should obtain evidence abou aboutt how how cont contro rols ls were were appl applied ied at relev relevan antt time timess duri during ng the the peri period od unde underr audi audit. t. If substantially substantially different different controls controls were used at various various times, the auditor auditor should should consider consider each time period separately.
Tests of controls may be designed to be performed concurrently with test of details. When performing these dual-purpose tests, the auditor should consider how the outcome of the test of controls may affect the extent of substantive procedures to be performed.
A material misstatement that is detected by the auditors, but not identified by the entity, should be considered as at least a significant deficiency. It may also be a strong indicator of a material weakness in internal controls that should be communicated to management. When evidence evidence about about the operating effectiveness effectiveness of controls controls is obtained obtained during an interim interim period, period, consideration should be given to what further evidence is needed for the remaining period. If the auditor plans to use audit evidence about the effectiveness of controls that was obtained in a prior period, The auditor should also increase the extent of testing of controls as the rate of expected deviation increases. In some instances the expected rate of deviation may be too high to obtain evidence that will sufficiently reduce the control risk. Tests of controls would then be inappropriate. Once the auditor auditor determines determines that automated controls controls are working effectively, effectively, the auditor auditor should perform tests to determine that the controls continue to work as intended, especially if changes are made to the program.
Considering the Nature, Timing, and Extent of Further Audit Procedures NATURE:
The nature of further audit procedures refers to their purpose (tests of controls or substantive procedures) and their type, that is, inspection, observation, inquiry, confirmation, recalculatio recalculation, n, reperform reperformance, ance, or analytical analytical procedures procedures.. The auditor auditor should obtain audit evidenc evidencee about about the accuracy accuracy and comple completen teness ess of inform informatio ation n produ produced ced by the entity entity's 's inform informatio ation n system system when when that that Inform Informatio ation n is used used in perfor performin ming g audit audit proced procedure ures. s. For example, if the auditor uses non-financial information or budget data produced by the entity's information system in performing audit procedures, such as substantive analytical procedures or tests tests of contro controls, ls, the auditor auditor should should obtain obtain audit audit eviden evidence ce about about the accura accuracy cy and completeness of such information TIMING:
Timing refers to when audit procedures are performed or the period or date to which the audit evidence applies. The higher the risk of material misstatement, the more likely it is that the auditor may decide it is more effective to perform substantive procedures nearer to, or to perform audit procedures unannounced or at unpredictable times. Certain audit procedures can be performed only at or after period end, for example, agreeing the financial statements to the accounting records, or examining adjustments made during the course of preparing the financial Statements. If there is a risk that the entity may have entered into improper sales contracts or that transactions may not have been finalized at period end, the auditor should perform procedures to respond to that specific risk.
EXTE EX TEN NT:
Extent Extent refers refers to the quantity quantity of a specific audit procedure to be performed performed,, for example, the extent of an audit procedure is determined by the judgment of the auditor after considering the tolera tolerable ble misstat misstateme ement, nt, the assesse assessed d risk of materia materiall missta misstatem tement ent,, and the degree degree of assurance the auditor plans to obtain. An auditor may use techniques such as computerassisted audit techniques to enable him or her to extensively test electronic transactions and account files. Such techniques can be used to select sample transactions from key electronic files, to identify transactions with specific characteristics, or to test an entire population instea instead d of a sampl sample. e. This This Statem Statemen entt rega regard rdss the the use use of diff differ eren entt audi auditt proc proced edur ures es in combination as an aspect of the nature of testing as discussed above. However, the auditor should consider whether the extent of testing is appropriate when performing different audit procedures in combination. CONTROLS:
The timing of tests of controls depends on the auditor's objective and the period of reliance on those controls. When the auditor tests controls at a particular time, the auditor may obtain audit evidence that the controls operated effectively only at that time. The auditor should test controls for the particular time, or throughout the period, for which the auditor intends to rely on those controls. Audit evidence pertaining only to a point in time may be sufficient for the auditor's purpose,
CONCLUSION:
The auditor's assessment of the identified risks at the relevant assertion level level provid provides es a basis basis for consid consideri ering ng the approp appropria riate te audit audit approa approach ch for design designing ing and performing further audit procedures. In some cases, the auditor may determine that performing only substantive procedures is appropriate for specific relevant assertions and risks. In those circumstances, the auditor may exclude the effect of controls from the relevant risk assessment