Original Pronouncement | Statement on Accounting Standards (SAS) 107. |
Effective Date | The standard is currently effective. |
Applicability | Audits of financial statements in accordance with generally accepted auditing standards (GAAS). (Specific requirements apply to planning audit tests and evaluating the results of audit tests.) |
SAS No. 122, Codification of Auditing Standards and Procedures, is effective for audits of financial statements with periods ending on or after December 15, 2012.
AU-C 320 does not change extant requirements in any significant respect. To bring the requirements more into conformity with International Standards on Auditing (ISA) 320, Materiality in Planning and Performing an Audit, and ISA 450, Evaluation of Misstatements Identified During the Audit, the extant standard AU-312 was divided into two standards, codified as AU-C 320 and AU-C 450. Other changes are:
Audit risk. The risk that the auditor may unknowingly fail to appropriately modify his or her opinion on financial statements that are materially misstated. At the account balance or class of transactions level, it consists of the risk of material misstatement, and detection risk. (It does not include business risk, inappropriate audit reporting decisions unrelated to detection and evaluation of misstatements, or erroneously concluding that the statements are materially misstated.)
Business risk. The risk of loss or injury to an auditor’s professional practice from litigation, adverse publicity, or other event arising in connection with financial statements examined or reported on. (Not included in audit risk. Low business risk does not permit performance of less extensive procedures than would otherwise be appropriate under GAAS.)
Control risk. The risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by the entity’s internal controls. Control risk is one of two components of the risk of material misstatement.
Error. Unintentional misstatements of amounts or disclosures in financial statements.
Fraud. An intentional act by individuals among management, those charged with governance, employees, or third parties that involves the use of deception to obtain an unjust or illegal advantage.
Detection risk. The risk that the auditor will not detect a material misstatement that exists in an assertion. (Inherent risk and control risk exist independently of the audit of financial statements. Detection risk relates to the auditor’s procedures and can be changed at the auditor’s discretion. Detection risk should be varied by the auditor inversely in relation to the assessment of inherent risk and control risk.)
Inherent risk. The susceptibility of an assertion to a material misstatement, assuming that there are no internal controls. (Consists of the relative risk of misstatements of some assertions [for example, cash is more likely to be stolen than an inventory of coal] and to external factors such as technological developments or a declining industry characterized by many business failures.) Inherent risk is one of two components of the risk of material misstatement.
Known misstatement. The amount of misstatements specifically identified by the auditor.
Likely misstatement. The auditor’s best estimate of the total misstatements in the account balances or classes of transactions examined.
Materiality. This key term is not explicitly defined in the section, but, as explained in the next section, the FASB’s definition is quoted. Also, the following observations are made about materiality:
These observations may be combined to specify that an item is material when its nature and amount in relation to the nature and amount of other items in the financial statements are important enough to affect the fair presentation of the financial statements in conformity with GAAP or an other comprehensive basis of accounting (OCBOA).
Misstatement. All errors and fraud, including certain illegal acts.
Risk of material misstatement. The risk that the relevant assertions related to account balances, classes of transactions, or disclosures are misstated. The risk of material misstatement consists of inherent and control risk, which are the entity’s risks, existing independently of the audit of the financial statements.
Performance materiality. The amount or amounts set by the auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole. If applicable, performance materiality also refers to the amount or amounts set by the auditor at less than the materiality level or levels for particular classes of transactions, account balances, or disclosures. Performance materiality is to be distinguished from tolerable misstatement.
Misstatement. A difference between the amount, classification, presentation, or disclosure of a reported financial statement item and the amount, classification, presentation, or disclosure required for the item to be presented fairly in accordance with the applicable financial reporting framework. Misstatements can arise from fraud or error.
Misstatements also include those adjustments of amounts, classifications, presentations, or disclosures that, in the auditor’s professional judgment, are necessary for the financial statements to be presented fairly, in all material respects.
Uncorrected misstatements. Misstatements that the auditor has accumulated during the audit and that have not been corrected.
Section 312 provides a framework for considering audit risk and materiality in planning audit procedures and evaluating the results of those procedures. It establishes how consideration of materiality and audit risk should affect planning audit procedures and evaluating audit findings.
It also includes explicit consideration of the risk of fraud within the audit risk model and to incorporate guidance on errors.
Section 312 also includes the requirement that an auditor document the nature and effect of aggregated misstatements, as well as his or her conclusion as to whether the aggregated misstatements cause the financial statements to be materially misstated.
AU-C Section 320 states that the objective of the auditor is to apply the concept of materiality appropriately in planning and performing the audit.
AU-C Section 450 states that the objective of the auditor is to evaluate the effect of:
Audit risk is the risk that the financial statements are materially misstated and the auditor fails to detect such a misstatement. The auditor must perform the audit to reduce audit risk to a low level. Audit risk is a function of two components:
To reduce audit risk to a low level requires the auditor to:
The concept of materiality recognizes that some matters are more important for the fair presentation of the financial statements than others. In performing your audit, you are concerned with matters that, individually or in the aggregate, could be material to the financial statements. Your responsibility is to plan and perform the audit to obtain reasonable assurance that you detect all material misstatements, whether caused by error or fraud.
The accounting standards define materiality as “the magnitude of an omission or misstatement of accounting information that, in light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed by the omission or misstatement.” Thus, materiality is influenced by your perception of the needs of financial statement users who will rely on the financial statements to make judgments about your client.
A misstatement may consist of:
Key provisions of Section 312 include the following:
The auditor should determine a materiality level for the financial statements taken as a whole for the purpose of:
In considering audit risk at the overall financial statement level, the auditor should consider risks of material misstatement that relate pervasively to the financial statements taken as a whole and often potentially relate to the many assertions. Risks of this nature often relate to the control environment and require an overall audit response, such as selecting engagement team members with an appropriate level of experience.
The auditor should consider the extent of procedures to be performed at selected locations. Factors that could influence selection include:
In planning auditing procedures, the auditor should consider the nature, cause (if known), and amount of misstatements of which the auditor is aware from the audit of the prior period’s financial statements.
In determining the nature, timing, and extent of audit procedures to be applied to a specific account balance, class of transactions, or disclosure, the auditor should:
The model AR = Risk of material misstatement (RMM) × Detection risk (DR) expresses the general relationship of audit risk and the risks associated with the auditor’s assessment risk of material misstatement (inherent control risks) and detection risk.
The auditor should determine a materiality level for the financial statements taken as a whole when establishing the overall audit strategy. This planning materiality helps guide the auditor’s judgments in:
Determining planning materiality is a matter of professional judgment. Typically, auditors apply a percentage to an appropriate basis (e.g., total revenues, total assets, etc.) as a starting point for determining materiality. When identifying an appropriate benchmark, the auditor may consider
If a preliminary judgment about materiality is made before the financial statements to be audited are prepared, or if significant accounting adjustments can reasonably be expected, it is helpful for the auditor to make the preliminary judgment based on:
Tolerable misstatement is the maximum error in a population that the auditor is willing to accept. The auditor should determine one or more levels of tolerable misstatement in order to allow for the possibility that some misstatements of lesser amounts than materiality for the financial statements taken as a whole could, in the aggregate, result in a material misstatement.
The auditor should not assume that a misstatement is an isolated occurrence. If the nature of the identified misstatements and the circumstances of their occurrence indicate that other misstatements may exist that could be material, the auditor should consider whether the overall audit strategy and audit plan need to be revised.
The auditor must accumulate all known and likely misstatements (except those that are “trivial”) and communicate them to the appropriate level of management on a timely basis.
Known misstatements. The auditor should request management to record the adjustments needed to correct all known misstatements.
Likely misstatements. The auditor should request management to examine the class of transactions, account balance, or disclosure in order to identify and correct misstatements therein. If the likely misstatement involves difference in an estimate, the auditor should request management to review the assumptions and methods used in developing the estimate. After management has responded to the auditor’s request, the auditor should reevaluate the amount of likely misstatement and, if necessary perform further audit procedures.
The auditor should consider the effects, both individually and in the aggregate, of uncorrected misstatements.
Closest reasonable estimate. When determining the amount of the likely misstatements to be aggregated, the auditor evaluates the closest reasonable estimate. This estimate can be either a range of acceptable amounts or a point estimate. If the auditor uses a range and management’s recorded estimate is not in that range, the amount of the likely misstatement would be the difference between the recorded amount and the amount at the closest end of the range. If the auditor uses a point estimate, the likely misstatement would be the difference between the point estimate and the amount recorded by the client.
The auditor should be alert to the possibility that a cluster of management’s recorded estimates at either end of the auditor’s range of acceptable amounts may indicate a bias on the part of management. In this case, the auditor should reconsider whether other estimates reflect a similar bias and perform additional audit procedures as necessary. The auditor should also be alert to the possibility that recorded estimates may be clustered at one end of the acceptable range in a preceding year, and the other end of the range in the current year. This may indicate that management is using swings in accounting estimates to manage earnings, in which case the auditor should consider whether this needs to be communicated to the audit committee.
The qualitative characteristics of misstatements. The auditor should also consider qualitative factors when evaluating misstatements, since misstatements of relatively small amounts may have a material effect on the financial statement. This interpretation lists a number of qualitative factors that the auditor may want to consider, including:
If the auditor determines that the effect of likely misstatements, individually or aggregated, causes the financial statements to be materially misstated, the auditor ordinarily should ask management to eliminate the misstatement. If the material misstatement is not eliminated, the auditor should issue a qualified or adverse opinion.
If the auditor concludes that the effects of likely misstatement, individually or aggregated, do not cause the financial statements to be materially misstated, the auditor should recognize that they could still be materially misstated due to further undetected misstatement.
The auditor should document the following:
There are no interpretations for this section.
This practice alert advises auditors to consider the following issues when evaluating audit differences and deciding whether to communicate them to audit committees:
The auditor should remember that audit committees and outsiders who find out about waived audit differences may ask why those differences were not recorded. The practice alert advises auditors to encourage management to record material and immaterial audit differences because it sends a clear message about management’s responsibilities. If the client still does not record audit differences, the auditor should try to agree on a plan for recording differences in the following year.
In applying Section 312, the auditor is faced with the following questions:
To make a preliminary judgment about the amount to be considered material to the financial statements, the auditor should first recognize the nature of this amount. It is an allowance or “cushion” for undetected or uncorrected misstatement remaining in the financial statements after all audit procedures have been applied. The auditor’s goal is to plan audit procedures so that if misstatements exceed this amount, there is a relatively low risk of failing to detect them.
Section 312 does not require quantification of the preliminary judgment about materiality. However, it is usually more efficient and effective to estimate a single dollar amount to be used in planning the audit. Since the amount is to be used as an aid in planning the scope of auditing procedures, use of a general rule of thumb is both practical and acceptable. For example, many auditors use 5 to 10% of before-tax income or .5 to 1% of the larger of total assets or total revenue. Adoption of a rule of thumb requires consideration of the appropriate base and the percentage of that base to be used to make the calculation.
If the current financial statements are available, amounts from these statements may be used, or interim financial statements may be annualized. However, if significant audit adjustments are expected, an average from prior financial statements may be used. When historical data is used, the auditor should adjust the data for unusual items that affected prior years and for any known changes that can be expected to affect the current period.
Usually a single base is necessary because the auditor expresses an opinion on the financial statements taken as a whole rather than on individual financial statements. The most common bases for materiality judgments are:
Some common approaches to using these bases include, but are not limited to the following:
The choice of approach is influenced by judgments about the importance of stability of the base versus flexibility in using judgment in the circumstances.
Several matters should be recognized in using a rule of thumb to estimate an amount to be used for planning materiality. First, the amount expresses the auditor’s judgment about the total acceptable amount of undetected misstatement and detected but uncorrected misstatement. Thus, this amount in some circumstances may be larger than some auditors have considered to be material.
Second, because the amount includes an allowance for undetected misstatements and includes the combined effect of misstatements, it is not suitable as a threshold for evaluating the materiality of individual misstatements. Also, in evaluation the auditor should consider qualitative matters and additional information obtained during the audit.
Finally, although this approach is called a rule of thumb, it is in no sense a rule. It is simply a guide to making a planning decision. If the rule of thumb produces an amount that an auditor believes is unreasonable, the auditor’s considered judgment should prevail over arbitrary adherence to the rule of thumb.
The auditor needs to plan audit procedures for a specific account balance or class of transactions so that misstatements in that balance or class when combined with misstatement in other balances or classes will not exceed the preliminary judgment about materiality. This may be done explicitly or judgmentally. A quantitative allocation of the preliminary judgment is not required.
The first step in relating the preliminary judgment to individual balances and classes is to reduce the preliminary judgment for the amount of misstatement that is expected to be uncorrected when the audit report is issued. Naturally, known uncorrected misstatement reduces the allowance or cushion for undetected misstatement. In the following discussion, for convenience, uncorrected misstatements are assumed to be negligible, and the amount estimated in making the preliminary judgment is used in planning procedures.
In the application of audit procedures that do not involve audit sampling (see Section 350), the relation of the preliminary judgment to balances or classes depends on the approach to examining the account.
Some accounts are examined 100% because the account is affected by very few transactions and all of them are expected to be material. For example, stockholders’ equity and long-term debt usually fall in this category, and property and equipment may be in this category. For these accounts, no relation to the preliminary judgment is relevant. The preliminary judgment is an allowance for undetected misstatement, and the normal audit approach would detect all misstatements.
For some accounts, no substantive tests are applied. The total of these accounts should be clearly immaterial. A common rule of thumb is that the total amount of these accounts should not exceed 1/3 of the preliminary judgment.
Some accounts are examined by selecting all items above a specified “material” amount. A common rule of thumb is that this amount should be between 1/6 and 1/3 of the preliminary judgment. All items larger than 1/3 of the preliminary judgment would be examined if little or no misstatement was expected or if the procedure applied to the items was one of several directed toward the same audit objective. All items larger than 1/6 of the preliminary judgment would be examined if many misstatements were expected or if the procedure applied to the items was extremely important to the auditor’s conclusion. An amount between 1/3 and 1/6 could be used for circumstances between these extremes.
The auditor’s goal is to plan the audit to restrict audit risk to a relatively low level. Audit risk cannot be objectively measured for the financial statements taken as a whole, and the requirements of Section 312 are easier to understand and apply if one focuses on relationships at the account balance and class of transactions level. At that level, audit risk has the following three components:
The basic idea is that the auditor assesses the existing inherent risk and existing control risk and then plans audit procedures with a suitably low detection risk to reduce the overall risk (audit risk) to an acceptably low level. Inherent risk and control risk exist independently, and all the auditor can do is assess them. Detection risk is a function of the effectiveness of audit procedures; the more effective the audit procedures, the lower the detection risk. At the balance or class level, audit risk is the risk that the auditor will fail to detect an amount of misstatement that would be material when combined with misstatement in other balances or classes.
The auditor is obligated to assess the risk of misstatement due to fraud even if inherent or control risk is assessed at the maximum. Furthermore, as discussed in Section 316, as long as the auditor assesses the two types of fraud risk (misstatements arising from fraudulent financial reporting and misstatements arising from misappropriation of assets) and the various categories of risk factors under each, he or she may combine the fraud risk, inherent risk, and control risk assessments.
This risk is the susceptibility of an account balance or class of transactions to misstatement that could be material. Inherent risk is influenced by the nature of the account balance or class of transactions and by other factors that may affect several or all of the balances or classes.
Assessment of inherent risk is usually based on the auditor’s knowledge of the nature of the client’s business, its organization, and its operating characteristics. The need for the auditor to obtain knowledge of such matters and the factors that affect them are explained in Section 311. Some auditors have formalized the approach to obtaining this knowledge through the use of questionnaires or checklists. (See Section 318 for an illustration of such a questionnaire.) Other auditors gather this information less formally but nevertheless explicitly consider it in planning procedures for specific balances or classes.
Section 312 gives the following examples of how the nature of an account balance could influence inherent risk:
This aspect of inherent risk has been recognized in the auditing literature for several decades under the term relative risk.
Section 312 gives the following examples of other factors that influence inherent risk:
The relation of inherent risk assessment to planning is considered further in the following discussions of control risk and detection risk.
This is the risk that material misstatement may occur in an assertion and not be prevented or detected on a timely basis by the entity’s internal controls. Section 312 states that the auditor may make a separate assessment of control risk or a combined assessment of inherent and control risk. However, some auditors believe that at the balance or class level, the assessment is necessarily combined from either a theoretical or practical perspective.
These auditors point out that a conceptually logical approach to evaluation of accounting control is the direct focus on the purpose of preventing or detecting material errors or fraud in financial statements by applying the following steps:
The first two steps are usually performed through the development of generalized materials such as checklists and questionnaires. The third step is accomplished by analysis of the information obtained through the use of generalized materials and tests of controls.
Other auditors believe that a separate assessment of inherent risk may be made by considering factors such as the relative complexity of transaction processing, the susceptibility of the item to misstatement without regard to controls, the relative size of individual items, and the relative stability of operations. The important aspect of the assessment is that it must be made independently of control procedures. For example, the likelihood of understatement errors in payroll may be considered low no matter what control procedures exist, but overstatement caused by errors or fraud may be influenced significantly by controls.
The assessment of inherent risk created by factors that affect several or all balances or classes is often responded to in a general way rather than by specific modification of auditing procedures. For example, the auditor may assign more experienced personnel to the engagement, increase the level and extent of supervision, and generally conduct the audit with a heightened degree of professional skepticism. In this area, the auditor’s focus is really on whether the risk level is above the ordinary for the entire audit.
At the account balance or class of transactions level, some of the factors that affect all balances or classes may influence the planned auditing procedures for a specific balance or class. Substantive tests may be applied at year-end rather than at interim dates, and unusual rather than normal procedures may be selected. Some auditors have formalized the assessment of inherent risk at the balance or class level by requiring documentation of an explicit qualitative judgment of whether the risk of material misstatement is high, moderate, or low when the audit program is prepared. Although Section 312 states that the auditor must have an “appropriate basis” whenever inherent risk is assessed at less than the maximum, Section 312 stops short of requiring this degree of formalization in audit program planning.
The assessment of inherent risk and control risk and the resultant effect on detection risk can have a dramatic effect on the sample sizes necessary to hold audit risk to an acceptably low level. The way the detection risk is considered is determined by whether the planned audit sample is statistical or nonstatistical and whether the nonstatistical plan is a formal plan (usually a PPS approximation) or an informal one.
If the sampling plan is an informal, nonstatistical one, there is no point in quantifying the assessment of inherent or control risk. As inherent and control risk increase, sample sizes should increase because the auditor must achieve a low detection risk to reduce audit risk to an acceptable level. However, about the only generalization that can be made is this relationship between risk level and sample size.
In a formal nonstatistical plan, the auditor usually has to identify one of three or four qualitative levels of assessment of inherent and control risk, and one of three or four levels of reliance on audit procedures other than the one applied using sampling (an assessment of detection risk for all relevant nonsampling procedures). For example, the auditor will select from among maximum, moderate, and low assessment of control risk and inherent risk, and this selection will have a predetermined effect on the sample size required. The following relationships may be used:
Control risk | Effect on sample size | Implicit detection risk in sample |
Low | 1 | 20% |
Moderate | 1.33 | 10% |
Maximum | 2 | 5% |
This means that assuming that the only audit procedure applied to achieve a particular audit objective uses sampling, a qualitative assessment of control risk of “low” results in a sample size that is one half the sample size required with an assessment at the maximum level.
If a statistical plan is used, it is necessary to assess inherent risk, control risk, and detection risk applicable to nonsampling procedures, such as analytical procedures, as specific percentages and to use these percentages in a formula to determine the acceptable detection risk for the sample. The formula is explained in the appendix to Section 350. The only time it is necessary to reduce the risk assessment to specific percentages is when a statistical sampling plan is used. In all other cases, use of specific percentages and the Section 350 formula are unnecessary. The Section 350 formula assumes that inherent risk is at the maximum and no separate assessment is made.
Usually the only practical way to consider whether financial statements are materially misstated at the conclusion of the audit is to use a worksheet that determines the combined effect of uncorrected misstatement on important totals or subtotals in the financial statements, for example, current assets, current liabilities, income before taxes, income taxes, net income, total assets, total liabilities, and stockholders’ equity. Use of such worksheets is fairly common in auditing practice. However, it is important to recognize that the auditor may use a different amount in evaluating whether the financial statements are materially misstated than was used in planning the audit. Qualitative considerations may cause the auditor to consider smaller detected misstatements to be material. Also, for misstatements that have an effect only on the balance sheet or that affect only classification within a financial statement, an amount may have to be larger to be considered material.
In explaining the misstatements that should be combined to consider whether the financial statements are materially misstated, Section 312 refers to known misstatement and likely misstatement. Known misstatement is the amount of misstatement actually detected in applying audit procedures. Likely misstatement is essentially the same as projected misstatement in sampling applications. (See Section 350 and, in particular, “Substantive Tests” under Techniques for Application.) In addition to considering the combined effect of uncorrected known and likely misstatement, the auditor should consider the risk of further misstatement remaining undetected. For example, the amount estimated for planning materiality usually includes an allowance for undetected misstatement.
Section 312 requires that prior period misstatements be considered, but permits either the rollover or iron curtain approach. Under the iron curtain approach, the effects of all cumulative uncorrected misstatements are deemed to affect the current period’s income statement as well as the balance sheet. Under the rollover approach, the cumulative uncorrected misstatements, net of the uncorrected misstatements carried over from the prior year, are deemed to affect the current period’s income statement. If, for example, warranties payable were understated by $150 in the prior period and $200 in the current period, the rollover approach would compare only $50 to the current income to evaluate quantitative materiality while the iron curtain approach would compare the full $200. The auditor should be alert to the fact that neither the iron curtain nor the rollover approach can be applied mechanically. The two approaches are clear alternatives only in complex situations in which a misstatement accumulates in the balance sheet. In fact, the mechanical application of the iron curtain approach in a more complex situation may have the opposite of the intended effects. For example, if warranties payable were overstated in the prior period by $300 and understated in the current period by $200, the aggregate effect on the current period income statement would be a $500 overstatement of income before tax. The uncorrected prior period misstatement would have a $300 carryover effect in the current period income statement. Therefore, careful consideration of the impact of prior period adjustments is needed, and individual facts and circumstances must be considered.
1 The section is affected by the Public Company Accounting Oversight Board’s (PCAOB) Standard, Conforming Amendments to PCAOB Interim Standards Resulting from the Adoption of PCAOB Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of Financial Statements.
3.15.181.124