page 11

ASSESSING THE IDENTIFIED RISKS AFTER CONSIDERING PROGRAMS AND CONTROLS 21. AU 319 requires the auditor to obtain an understanding of internal control sufficient to plan the audit; this understanding allows the auditor to: A. Identify types of potential misstatements. B. Consider factors that affect the risk of material misstatement. C. Design tests of controls when applicable. D. Design substantive tests. 22. As a part of obtaining an understanding of internal control sufficient to plan the audit, the auditor should evaluate whether the client's programs and controls that address the identified risks of material misstatement due to fraud have been suitably designed and placed in operation. 23. After the auditor has evaluated the client's programs and controls in this area, the auditor's assessment of the risk of material misstatement due to fraud should consider these results. RESPONDING TO THE RESULTS OF THE ASSESSMENT-AS RISK INCREASES 24. Overall responses: A. Assign personnel with more experience and exercise more supervision. B. More carefully consider significant accounting policies. C. Make auditing procedures less predictable. 25. Responses that address specifically identified risks: A. General types of responses: (1) Nature-more reliable evidence or additional corroborative information. (2) Timing-perform at or near end of reporting period, but apply substantive procedures to transactions occurring throughout the year. (3) Extent-increase sample sizes, perform more detailed analytical procedures. B. Examples of modifications of the nature, timing, and extent of procedures: (1) Perform procedures on a surprise or unannounced basis (e.g., inventory observation, counting of cash). (2) Request inventory counts at end of reporting period. (3) Make oral inquiries of major customers and suppliers in addition to written confirmations. (4) Perform substantive analytical procedures using disaggregated data. (5) Interview personnel in areas where risk of material misstatement due to fraud has been identified. (6) Discuss the situation with any other auditors involved with audit (e.g., an "other auditor" who audits a subsidiary). C. Additional examples of responses for a high risk of fraudulent financial reporting may result in increased: (1) Analysis of revenue recognition. (2) Consideration of inventory quantities. (3) Consideration of management estimates (e.g., allowance for doubtful accounts). D. Additional responses for a high risk of misappropriation of assets (1) If a particular asset is susceptible to misappropriation, obtain understanding of controls and/or physical inspection may be appropriate. (2) More precise analytical procedures may be used. 6. Responses to further address the risk of management override of controls: A. Examine journal entries recorded in the general ledger and other adjustments (e.g., entries posted directly to financial statement drafts) for evidence of possible material misstatement due to fraud. B. Review accounting estimates for biases, including a retrospective review of previous year estimates so as to provide guidance on management's past performance in this area. C. Evaluate the business rationale for significant unusual transactions