Risk of Material Misstatements- Inherent and Control Risk

Risk of material misstatements- Inherent and Control Risk

By Vincent Tung ST, Accountancy Dept,FAM,UTAR

INTRODUCTION

The risks that could possibly cause misstatements in the financial statements are known as inherent risk and control risk .ISA 315 ,The auditor should identify and assess the risks of material misstatement at the financial statement level, and at the assertion level for classes of transactions, account balances, and disclosures. For this purpose, the auditor:

• identifies risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks, and by considering the classes of transactions, account balances, and disclosures in the financial statements
• relates the identified risks to what can go wrong at the assertion level
• considers whether the risks are of a magnitude that could result in a material misstatement of the financial statements
• considers the likelihood that the risks could result in a material misstatement of the financial statements

Inherent risk

ISA 200 Pare A 38‘Inherent risk’ is the susceptibility of an assertion to a misstatement that could be material, either individually or when aggregated with other misstatements, assuming that there are no related controls. The risk of such misstatement is greater for some assertions and related classes of transactions, account balances, and disclosures than for others”.

Inherent risk is the risk of materials misstatement in the financial statements in the absence of internal control,this type of risk arises because of the nature of the business or its trading environment or condition in which the business is operating

Examples:

By nature of the business, A company engaged in long term construction contracts is inherently more risky than a business which delivers office equipment

A business which handles a lot of cash is more risky than one which deals only through the bank. In retailing which business is normally transacted in cash is usually more risky as compared to wholesale

Factor to be taken into account by auditors to determine inherent risk

• Inherent risk is likely to vary from business to business. The nature of client’s business will determine the significant of the inherent risk. Obviously those businesses dealing in cash has higher inherent risk as compared to businesses transacted where payment is made via telegraphic transfer

• Misstatements found in the past year’s audit have a higher probability of recurring.

• Many types of misstatements are systematic in nature, and clients might be slowin making changes to eliminate them.
• Many auditors assess higher level of inherent risk for initial audits than for repeat engagements in which no material misstatements had been found.
• Related party transactions are those between parent and subsidiary companies, and management or owners and the company. These transactions might not be transacted on arm’s length basis
• Transactions that are unusualie non routine, for the client are more likely to be recorded incorrectly.Examples include fire losses, major property acquisitions or disposal of obsolete stocks
• Many account balances require estimates and a great deal of management judgment including:Uncollectible accounts receivable, provision for obsolete inventory,warranty liabilities, provision for doubtful debt and provision for depreciation.
• Other factors influencing inherent risk are

The integrity of managers or directors

Management competence and experience

Pressures on management or directors which might predispose them to misstate financial statements (e.g. profit forecasts)

The complexity of the entity (technology, capital structure, geographical spread)

Competition level in the related industry

Accounts receivable where most accounts are significantly overdue

Disbursements made payable by large amount of cash

Inventory with a slow turnover

Control Risk

ISA 200-Para A39 Control risk is a function of the effectiveness of the design, implementation and maintenanceof internal control by management to address identified risks that threaten the achievementof the entity’s objectives relevant to preparation of the entity’s financial statements. However,internal control, no matter how well designed and operated, can only reduce, but noteliminate, risks of material misstatement in the financial statements, because of the inherentimitations of internal control. These include, for example, the possibility of human errors ormistakes, or of controls being circumvented by collusion or inappropriate managementoverride. Accordingly, some control risk will always exist.

In short, control risk is the risk of material misstatement in the financial statements even a good internal control system could not eliminate, correct or detect this risk on timely basis. However with the appropriate level of good internal control, control risk could be minimised or reduced to certain extent

In assessing the control risk, the auditor will usually ask the following questions:

•Is the risk that a material misstatement could occur in an assertion, either individually or when aggregated with other misstatements, and not be prevented, detected, or corrected on a timely basis by the entity’s internal control structure?

•Is the client’s internal control effectives? Since control risk is a function of the effectiveness of the internal control structure, good controls reduce risk. For example a collusion risk could be minimized by good internal control procedures such proper segregation of duties and job rotation

Conclusion

Both Inherent Risk and control risk are controlled by the client. These risks are also known as auditee’s or client’s risk.Auditor may make separate or combined assessments of inherent and control risk depending on preferred audit techniques or methodologies and practical considerations. The assessment of the risks of material misstatement may be expressed in quantitative terms, such as in percentages, or in non-quantitative terms. In any case, the need for the auditor to make appropriate risk assessments is more important than the different approaches by which they may be made.

References:

• ISA 200 (International Standard on Auditing )

• Arens, A. A., Elder, R. J., Beasley, M. S., Amran, N. A., Fadzil, H. F., Yusof, N. Z. M., Nor, M. N. M., & Shafie, R. (2014). Auditing and assurance services in Malaysia: An integrated approach. (3trded.). Kuala Lumpur: Pearson / Prentice Hall.

• Gul,F.A.,Mahzan,N., (2015). Auditing: Theory and Practice in Malaysia.KualaLumpur(2nd ed.): CCH Asia Pte Limited.

• Messier, W. F., & Boh, M. (2007). Auditing and assurance services in Malaysia. (3rded.). Kuala Lumpur: McGraw-Hill.

• ACCA Technical articles