Abstract

PurposeThe purpose of this paper is to examine whether auditors interpret the risk of material misstatement (RMM) in accordance with current standards' definition of inherent risk (IR). It is argued that controls should not be presumed when assessing inherent risk and that inherent risk should be considered separate from and prior to control risk when it is practical to do so. Because auditing standards explicitly require auditors to assess IR without consideration of internal controls (i.e. control risk (CR)), RMM should not be adjusted upward for control deficiencies.Design/methodology/approachThe authors survey and interview practicing auditors to gain an understanding of current risk assessment practice. They then evaluate whether their understanding of risk assessment is in line with current standards.FindingsContrary to auditing standards' definition of inherent risk, it appears that auditors presume some level of expected control effectiveness when assessing IR and they may increase RMM in response to internal control deficiencies. Such a presumption is inconsistent with the definition of inherent risk from the Auditing Standards Board (SAS No. 107), Public Company Accounting Oversight Board (AS 8), and International Auditing and Assurance Standards Board (ISA 200). Such misinterpretation may be an inadvertent result of guidance provided by standard setters in the form of SAS No. 109 from the ASB, AS 12 from the PCAOB and ISA 315 from the IAASB, which suggest combining IR and CR into RMM.Research limitations/implicationsThe research is limited both by the small sample size and the small number of risk factors investigated.Practical implicationsIf auditors presume a level of controls in assessing inherent risk, they may reduce audit effectiveness by estimating a lower RMM than is appropriate.Originality/valueThis study presents insights on the interpretation and assessment of audit risk in audit environments where inherent risk is no longer automatically set to be at the maximum. Namely that due to the definition of inherent risk, control information should have a unidirectional downward effect on the risk of material misstatement.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.