For auditors, material misstatements are the enemy. If they sneak in without detection, we fail. Maybe they enter in by error, other times on purpose: it doesn’t
matter. They often secret themselves in myriad places: receivables, equity, inventory, payables, investments, or a debt disclosure, just to name a few.
Auditors seek reasonable assurance, not perfect assurance (thankfully). Perfect assurance costs too much money and takes too much time. With the time we have, though, we should desire to detect all material misstatements, otherwise the words “present
fairly” in the audit opinion would not be true. If material misstatements are present, you might opine in error.
What You’re After
As you start an audit, you are determined to complete the engagement thoroughly and on time. You roll up your sleeves and ask your client if things are the same as last year. She says yes, and you’re relieved.
You consider doing some walkthroughs, but decide those can wait. After all, you want to get down to “real work.” So, you ask the client for bank reconciliations, and you begin to audit. This feels like auditing, and you rationalize that risk
assessment can wait. Why? Well, you’ve audited the company for years, and you know what needs to be done. Basically, risk assessment feels like a waste of time to you. Nothing ever changes.
Hold it right there! Do not get trapped by the familiar. Remember, material misstatements are the enemy:
- One change in controls can lead to millions stolen.
- One new accounting person can cause material misstatements.
- One new FASB pronouncement can result in key disclosure omissions.
- One change in the supply chain can cause significant sales issues.
- One related-party transaction can mislead users of the financial statements.
- One change in strategy can change the business landscape.
Even if last year’s audit plan was perfect, you need to be aware of current-year changes. That means embarking on a risk assessment.
The purpose of risk assessment is to identify potential material misstatements. Your goal is to issue an appropriate opinion, most often an unmodified opinion. And an opinion that states that the financial statements are fairly stated means they don’t
contain material misstatements.
Hidden Material Misstatements
Even though auditors want to identify material misstatements, sometimes they don’t. There are numerous reasons for why that may happen:
- Risk assessment procedures are not performed.
- Risk assessment procedures are performed poorly.
- The volume of transactions might hide misstatements.
- The complexity of the accounting system makes it difficult to detect errors and fraud.
- Identified risks are not placed on the risk assessment summary form.
- The multitude and complexity of audit forms create confusion.
- Disparate risks are not considered holistically.
The key to mission success is unearthing those hidden misstatements.
Seeing Material Misstatements
Risk assessment tools help you find that which is hidden. Use risk assessment procedures, such as gaining an understanding of controls, performing walk-throughs, creating preliminary analytics, reviewing estimates for bias, asking fraud questions, and
understanding the entity and its environment. These procedures involve asking questions of client personnel, examining sample documents, and observing internal controls. Inquiry alone is not permissible under auditing standards: so ask questions,
but also inspect and observe. Look for internal control weaknesses and financial statement anomalies. Control weaknesses might result in misstatements or unexpected financial statement numbers. (Editor’s Note: For more on risk assessment tools,
make sure to check out AICPA’s Risk Assessment Resources home page, which includes a comprehensive Audit Risk Assessment Tool template, an internal inspection aid, answers to frequently asked questions, and more.)
When you are done, bring the disparate risks of material misstatement together so you can properly assess the risk and plan your audit. Doing so will enable you to issue audit opinions with confidence, and your peer reviewer will be much happier!
Charles B. Hall, CPA, CFE, is the quality control partner for McNair McLemore Middlebrooks & Co. LLC in Macon, Ga. He blogs at CPAHallTalk.com. This article is from his new book, Audit Risk Assessment Made Easy. He can be reached at firstname.lastname@example.org.