CHAPTER THREE

AUDIT RISK AND MATERIALITY

Chapter Objectives
• After studying this chapter, you should be able to:
➢Apply the concept of materiality to the audit.
➢Make a preliminary judgment about what amounts to consider
material.
➢Determine performance materiality during planning.
➢Define risk in auditing.
➢Describe the audit risk model and its components.
➢Consider the impact of engagement risk on acceptable audit
risk.
➢Consider the impact of several factors on the assessment of
inherent risk.
➢Discuss the relationship of risks to audit evidence.
➢Discuss how materiality and risk are related and integrated into
the audit process.
Apply the concept of materiality to the audit.
➢ Is Major consideration in determining the
appropriate audit report
➢ Referenced in auditor’s responsibility
section of the audit report
➢ Audit report reference is “free of material
misstatement”
➢ What is meant by the term “material”?
• Materiality is the magnitude of an omission or
misstatement of accounting information that, in the
light of surrounding circumstances, makes it probable
that the judgment of a reasonable person relying on
the information would have been changed or
influenced by the omission or misstatement.
• An information is said to be Material, its omission or
misstatement could influence the economic decision
of users taken on the basis of financial statements.
Materiality

➢The auditor is responsible to ensure

whether the financial statements present
fairly and are free from material
misstatements.
➢The auditor should focus on identifying
material misstatements due to error or
fraud, so that management can make
corrections.
Materiality

➢Materiality can be stated as:

1. Materiality in size (quantity): Monetary size of
misstatements.
2. Materiality in nature (quality): qualitative
characteristics of misstatements.
E.g. No disclosure for a contingent liability due to
an ongoing litigation case.
Materiality

•There are three main reasons why the auditor

should properly plan engagements:
✓to enable the auditor to obtain sufficient
appropriate evidence for the circumstances,
✓to help keep audit costs reasonable, and
✓to avoid misunderstandings with the client.
Make a preliminary judgment about what
amounts to consider material.
Set Preliminary Judgment About Materiality
• Auditors set materiality thresholds early in the engagement.
Thresholds/Materiality level represent the maximum
amount that statements could be misstated and still not
affect users’ decisions.

Determining materiality is performed during the planning

phase of the audit.
Determining materiality is purely judgmental: it solely
depends on the auditors professional judgement.
Set Preliminary Judgment About Materiality
It is better to set the materiality level in terms of
percentage than absolute terms.
e.g. 1% of sales
The auditor must determine materiality level for:
1. Individual misstatements: for individual account
balances, transactions and disclosures
2. Aggregate Misstatements: for financial statements as a
whole. This is to be aware of that the aggregate of
immaterial misstatements could make up a material
misstatement for financial statement taken as a whole.
Case 1
• Assume the auditor sets materiality level at 2% of net income.
1. In a 2021 financial statements of X company, a Br 10,000
maintenance expense was incorrectly capitalized to the
equipment. As a result the total assets in the balance sheet
should have been Br 3,920,000 instead of Br 3,930,000 and
the net income would have been Br 510,000 instead of Br
520,000. Can we say that financial statements are fairly
presented? Why?
Factors that affect Materiality Judgment
• Materiality is a relative concept not an absolute one.
• Benchmarks are needed for setting and evaluating materiality
• 1% of sales
• Qualitative factors that can affect auditor’s judgement
of materiality level include:
• Control environment
• Quality of information systems
• Existence of an internal audit function
Qualitative Factors
• Considerations for misstatements immaterial in
size but material in nature include
misstatements:
➢That affect compliance with regulatory framework
➢That affect compliance with loan Covenants
➢That affect changing trends
➢Management compensation
➢Conceals an illegal act
➢Related party transactions
Determine performance materiality
during planning
Performance Materiality
• The auditor is also required to determine performance
materiality.
• Performance materiality is 'the amount or amounts set by the
auditor at less than materiality for the financial statements as a
whole to reduce to an appropriately low level the probability
that the aggregate of uncorrected and undetected
misstatements exceeds materiality for the financial statements
as a whole'.
• Performance materiality also refers to 'the amount or amounts
set by the auditor at less than the materiality level or levels for
particular classes of transactions, account balances or
disclosures'
Performance Materiality
• Performance materiality helps to reduce the risk
that the auditor will fail to identify misstatements
material when aggregated.
• Performance materiality is determined by the
auditor’s professional judgement.
E.g. 50% - 75% of materiality
• PM = Materiality – aggregate of undetected and
uncorrected misstatements.
Define Risk in Auditing
Audit risk
• Audit risk is the risk that the auditor expresses an inappropriate
audit opinion when the financial statements are materially
misstated.
• Audit risk is a function of two risks:
1. The risk of material misstatement (ROMM): the risk that the draft
financial statements actually contain a material misstatement.
• ROMM has two components
• Inherent risk:
• Control risk: the risk that the client’s own procedures don’t pick up and correct that
error..
2. Detection risk: The risk that audit procedures fail to detect it, so that
the financial statements are published with the misstatement still
present.
Audit risk
• For an inappropriate opinion to have been expressed:
Audit risk Model
• The audit risk model is an equation which expresses the
relationship between components of risk.
Audit Risk Model for Planning
Acceptable audit risk
• is a measure of how willing the auditor is to
accept that the financial statements may be
materially misstated after the audit is completed
and an unqualified opinion has been issued.
❑ The degree to which external users rely on the
statements
❑ The likelihood that a client will have financial difficulties
after the audit report is issued
❑ The auditor’s evaluation of management’s integrity:
• This is where the auditor will place reliance on prior
experience with this client and
• management’s attitude toward controls and
governance, accounting standards and the audit
relationship.
9-24
Inherent Risk
• is the risk that there is a misstatement that could be
material, if there were no related internal controls
which could identify and trap that misstatement.
• Inherent risks can be increased by:
• complex transactions which are difficult to understand,
• inexperienced staff,
• a pressure to perform (which may mean that some staff
members who have optimistic view of sales and costs),
and
• short reporting deadlines.
 Nature of Client’s Audit Experience
Business
➢ Prior audit results
➢ Initial vs. repeat engagement
➢ Industry practices
➢ Audit judgment required to
➢ Non-routine transactions
correctly record balances and
➢ Makeup of the population
transactions

Culture
➢ Related parties
➢ Factors related to fraudulent
financial reporting
➢ Factors related to
misappropriation of assets
9-26
Control Risk
• is the risk that the material misstatement, having
occurred, will not be prevented or detected and
corrected by the system of internal control.
• The main factors which affect control risk are:
• the control environment (i.e. the foundation for the other
components of the system of internal control),
• the design of the system of internal control itself, and
• finally how well and consistently the system of internal
control operates.
Planned Detection Risk
• is the failure of the auditor to detect the material misstatement in
the financial statements.
• It is the risk that audit evidence for a segment will fail to detect
misstatements exceeding tolerable misstatement.
• Planned detection risk is dependent on the other three risks in the
model, such as inherent risk, control risk, and acceptable audit risk.
• This will be increased:
• If the auditor uses lower sample evidence
• if the auditor was relatively inexperienced,
• if it was a new client,
• if there was a lot of time and fee pressure,
• if planning was poor so the entity was poorly understood,
• and if the auditor was straying into an industry where they had little
previous experience or expertise.
Planned Detection Risk
• Detection risk comprises sampling risk and non
sampling risk:
• Sampling risk is the risk that the auditor's conclusion
based on a sample is different from the conclusion that
would be reached if the whole population was tested,
i.e. the sample was not representative of the population
from which it was chosen.
• Non-sampling risk is the risk that the auditor's
conclusion is inappropriate for any other reason, e.g.
the application of inappropriate procedures or the
failure to recognize a misstatement.
 Sales and Acquisition Payroll and
collection and payment personnel
cycle cycle cycle
Inherent
A Medium High Low
risk
Control
B Medium Low Low
risk
Acceptable
C Low Low Low
audit risk
Planned
D Medium Medium High
detection risk
 Inventory and Capital acquisition
warehousing and repayment
cycle cycle
Inherent
A High Low
risk
Control
B High Medium
risk
Acceptable
C Low Low
audit risk
Planned
D Low Medium
detection risk
Consider the impact of engagement risk
on acceptable audit risk.
What is Engagement Risk?
Engagement Risk is the risk that the auditor or audit
firm will suffer harm after the audit is finished. In
other words, it is the risk of lawsuit or unfavorable
publicity resulting from being associated with this client.
Impact of Engagement Risk on Acceptable Audit Risk
Auditors decide engagement risk and use
that risk to modify acceptable audit risk.

Engagement risk closely relates to client

business risk.
Relationship of audit risks and audit evidence
Planned Detection Risk Planned Audit Evidence

Acceptable Audit Risk Direct Indirect

Inherent Risk Indirect Direct

Control Risk Indirect Direct

Planned Detection Risk - Indirect

➢Auditors can change the audit to
respond to risks
➢The engagement may require more
experienced staff
➢The engagement will be reviewed
carefully than usual more
Sources of audit evidence
Sources of audit evidence
Sources of audit evidence
ISA 330: The Auditor’s Response to Assessed Risks
• The auditor is required to design and perform audit procedures
whose nature, timing and extent are based on and are responsive
to the assessed risk of material misstatement.
• Auditors can obtain assurance from:
1. Test of controls: are designed to evaluate the operating
effectiveness of controls in preventing or detecting and
correcting material misstatement.
2. Substantive procedures: are designed to detect material
misstatement at the assertion level.
Sources of audit evidence
❑Substantive procedures: it consist of:
1. Tests of detail: to verify individual transactions and
balances.
2. Substantive analytical procedures: involve analyzing
relationships between information to identify unusual
fluctuations which may indicate possible misstatement
• The auditor is required to carry out the following substantive
procedures:
• Agreeing the financial statements to the underlying accounting records.
• Examination of material journals and other adjustments made in
preparing the financial statements
 One major limitation in the audit risk model is
the difficulty of measuring the components
of the model.
Known Unknown
Preliminary Actual level of
Assessed Level +/- risk achieved
of Risk on the audit

Tests of Details of Balances Evidence Planning

Worksheet
Auditors develop various types of worksheets
to aid in relating the considerations affecting
audit evidence to the appropriate evidence to
Discuss how materiality and risk are related
and integrated into the audit process.
The auditor must revise the original assessment of the appropriate risk.

The auditor should consider the effect of the revision on evidence

requirements, without the use of the audit risk model.

Although the risk assessment is performed during the

planning phase of the audit, the auditor needs to recognize
changes in the client’s business that could impact (change)
the preliminary risk rating.
❖ Acceptable audit risk—a measure of how willing the
auditor is to accept that the financial statements may be
materially misstated after the audit is completed and an
unmodified audit opinion has been issued; see also audit
assurance
❖ Audit assurance—a complement to acceptable audit risk;
an acceptable audit risk of two percent is the same as audit
assurance of 98 percent; also called overall assurance
and level of assurance
❖ Audit risk model—a formal model reflecting the
relationships between acceptable audit risk (AAR), inherent
risk (IR), control risk (CR), and planned detection risk
(PDR); PDR = AAR/(IR × CR)
❖ Control risk—a measure of the auditor’s assessment of
the risk that a material misstatement could occur in an
assertion and not be prevented or detected on a timely
basis by the client’s internal controls
❖ Engagement risk—the risk that the auditor or audit firm
will suffer harm because of a client relationship, even
though the audit report rendered for the client was correct
❖ Inherent risk—a measure of the auditor’s assessment of
the susceptibility of an assertion to material misstatement
before considering the effectiveness of internal control
❖ Nonroutine transaction—a transaction that is unusual,
either due to size or nature, and that is infrequent in
occurrence
❖Planned detection risk—a measure of the
risk that audit evidence for a segment will
fail to detect misstatements that could be
material, should such misstatements exist;
PDR = AAR/(IR × CR)
❖Risk—the acceptance by auditors that there
is some level of uncertainty in per-forming
the audit function
❖Significant risk—an identified and
assessed risk of material misstatement that,
in the auditor’s professional judgment,
requires special audit consideration
 Reading
1. ISAs Covered in this Chapter
• ISA 315: Identifying risk of Material misstatement
• ISA 320: Materiality In Planning And Performing An
Audit
• ISA 330: The Auditor’s Response to Assessed Risks