Đang tải... (xem toàn văn)
Luận văn kiểm toán xác lập mức trọng yếu và xác định rủi ro kiểm toán do công ty Kiểm toán và Kế toán AAC thực hiện. Luận văn này được viết bằng Tiếng Anh do sinh viên trường Đại học Kinh tế Đà Nẵng viết. Bài viết này bao gồm đầy đủ các phần: lời mở đầu, lý thuyết, thực tế công ty, giải pháp và phần kết luận. Các bạn hoàn toàn có thể dựa vào bài viết này để viết thành bài viết hoàn thiện của các bạn.
Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Contents List of tables B List of charts B List of Appendices B Introduction Chapter Literature review on assessing materiality and audit risk in planning stage of the financial statements audit 1.1 Audit risk 1.1.1 Definition and components of audit risk 1.1.2 Assessing acceptable audit risk and audit risk components 1.2 Materiality assessment 10 1.2.1 Definition and characteristics of materiality 10 1.2.2 Process of assessing materiality 14 1.2.3 Relationship between materiality and audit risk 18 Chapter Assessing audit risk and materiality at planning stage of the financial statements audit conducted by Auditing and Accounting Limited Liability Company 19 2.1 Overview about Auditing and Accounting Limited Liability Company 19 2.1.1 Historical development of Auditing and Accounting Limited Liability Company 19 2.1.2 AAC Missions of Auditing and Accounting Limited Liability Company 19 2.1.3 Types of services provided by Auditing and Accounting Limited Liability Company 20 2.1.4 Management organization structure and human resources in AAC Auditing and Accounting Limited Liability Company 23 2.1.5 Overview of the process of the financial statement audit conducted by Auditing and Accounting Limited Liability Company 25 2.2 Preliminary assessment audit risk and materiality conducted by AAC Auditing and Accounting Limited Liability Company 27 2.2.1 Assessing the audit risk 28 2.2.2 Assessing materiality 40 Chapter Comments and solutions to improve the assessment of audit risk and materiality performed by Auditing and Accounting Limited Liability Company 43 3.1 Comments on the assessment of audit risk and materiality performed by AAC 43 3.1.1 Positive points 43 3.1.2 Limitations 44 3.2 Some solutions for improving the assessment of audit risk and materiality conducted by AAC 45 3.2.1 Solutions for the audit risk assessment 45 3.2.2 Solutions for the materiality assessment 51 Student: Huynh Thi Bich Ha A Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Conclusion 53 References 54 List of tables Table 1: The matrix to assessing detection risk Table 2: The guideline of VACPA for determine materiality: 15 Table 3: Example for using multiple benchmarks 15 Table 4: The ratio of engagement risk 16 Table 5: Balance Sheet accounts with significant changes 32 Table 6: Income Statement accounts with significant changes 33 Table 7: Conclusion about internal control system of client 37 Table 8: Conclusion of the auditor about control risk on cycle 39 Table 9: Risk matrix 39 Table 10: Setting the materiality of ABC 42 Table 11: Questionnaire to assess the inherent risk on the whole financial statements 45 Table 12: Conclusion inherent risk at ABC 46 Table 13: Questionnaire to assess inherent risk at account level 47 Table 14: The scorecard for the risk assessment of each internal control components 48 Table 15: Conclusion about co risk on the whole financial statements 48 Table 16: Assessing control risk of revenue following each assertion 50 Table 17: Planned detection risk on each assertions for revenue 51 Table 18: The ratio to assess the performance materiality 51 List of charts Chart 1: Steps in applying materiality 14 Chart 2: The structure of AAC 24 List of Appendices Appendix 1: Understanding client and operating environment Appendix 2: Preliminary analysis of financial statements Appendix 3: Risk assessment of preliminary analysis procedures Appendix 4: Assessment of the internal control system of the client Appendix 5: Purchase, payable and payment cycle Appendix 6: Sales, receivables and collection cycle Student: Huynh Thi Bich Ha B Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Introduction In the trend of integration with the world economy and the continuous development of the market economy, business activities and financial situation of enterprises are the concern of state agencies, investors, employees and especially business owners So the need for transparency of financial information becomes more and more important In the face of that trend, auditing firms further demonstrated their roles In auditing, the financial statement audit is the traditional service and accounts for a large proportion of the revenue of the audit firms In order to improve the quality of the financial statement audits, audit firms are now paying attention to the work carried out in an audit Assessing a materiality and audit risk in the planning stage is an extremely important step to help auditing firms develop an audit plan that contributes to quality improvement as well as the effectiveness of the audit However, in practice, the assessment of the materiality and audit risk in the planning stage of the companies still have many incomplete points Understanding the important of assessing the materiality and audit risk and during my internship at AAC Auditing and Accounting Limited Liability Company, I have the opportunity to learn and compare between theory and practice Therefore, I chose the topic: "Assessing audit risk and materiality in the audit planning stage performed by AAC Auditing and Accounting Company" to as the topic for my graduation thesis Research content of the project consists of main parts: Chapter 1: Literature review on assessing materiality and audit risk in planning stage of the financial statement audit Chapter 2: Preliminarily assessing materiality and audit risk conducted by AAC Auditing and Accounting Limited Liability Company Chapter 3: Comments and solutions to improve the assessment of materiality and audit risk conducted by Auditing and Accounting Limited Liability Company Student: Huynh Thi Bich Ha Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Chapter Literature review on assessing materiality and audit risk in planning stage of the financial statements audit 1.1 Audit risk 1.1.1 Definition and components of audit risk 1.1.1.1 Definition of audit risk According to Vietnam Standards of Auditing No 400 – Assessing risk and internal control, the audit risk is defined: “Audit risk is the risk that the auditor and auditing company make inappropriate opinion when the audited financial statements have material misstatements.” Audit risk includes three parts: inherent risk, control risk and detection risk In fact, the audit risk usually occurs in the direction: the financial statements have material misstatements but the auditor make unqualified opinion with financial statements as a whole In this case, this opinion is inappropriate about the financial statements It means that the auditor agrees with material misstatements With such an argument, audit risk is defined as the probability of occurrence of material misstatements on the financial statements that the auditor does not detect Audit risk always exists due to factors such as the auditor’s ability and capability, limited time and cost of auditing, sampling techniques in audit and fraud detection more difficult than errors The users of information of course only accept low risk, which requires the auditor to work in the effort to achieve an acceptable level of audit risk Acceptable audit risk is a measure of how willing the auditor accepts that the financial statements may be materially misstated after the audit is completed and an unqualified opinion has been issued When the auditor decides on a lower acceptable audit risk, it means that the auditor wants to be more certain that financial statements are not materially misstated (Arens, 2012) The level of audit risk is high or low that determines the amount of audit work required to be carried out Therefore, it is necessary to analyses insight into the components of the audit risk and consider the impact of these components to the amount of audit work as well as the appropriate procedures In this relationship, the audit risk and the auditing costs have a negative relationship 1.1.1.2 Components of audit risk In order to learn and assess the factors effect to the audit risk, they divide into three components, include inherent risk, control risk and detection risk 1.1.1.2.1 Inherent risk According Arens (2012), inherent risk measures the auditor’s assessment of the likelihood that there are material misstatements due to error or fraud in a segment before considering the effectiveness of internal control Student: Huynh Thi Bich Ha Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Thus, inherent risk is the probability of the existence material misstatements on the financial statements due to the potential problems in business, in business environment or in the nature of accounts This is an objective factor, belonging to the nature of an entity, the control activities Inherent risk is generally considered to be higher where a high degree of judgment and estimation is involved or where transactions of the entity are highly complexity In addition to increasing audit evidence for a higher inherent risk in a given audit area, the auditor commonly assign more experienced staff to that area and review the completed audit test more thoroughly (Arens, 2012) 1.1.1.2.2 Control risk According to VSA No 400, the control risk is defined: Control risk is the risk that material misstatements will occur in a particular transactions, accounts on financial statements when separately or aggregated, the accounting system and internal control system are not able to prevent or detect and repair timely As control risk is the probability of occurrence of material misstatements on the financial statements that the internal control system does not detect and prevent timely, control risk always exists due to inherent constraints of internal control system: - The scope of the internal control system is limited by the issue of costs Because the managers always require for the cost of the test to be effective, it means that the cost must be less than the loss due to misstatement and fraud - Most of inspection measures focus on the commonly misstatements, so difficultly detect the unusual misstatements - Operations and examination may be disabled due to collusion with staff or outside parties - Control procedures may no longer be appropriate because the actual conditions have changed In summary, the effective internal control system will minimize misstatement and fraud but cannot completely eliminate the potential violations The auditor only bases on the internal control to reduce the workload but cannot completely base on this system Therefore, the auditor also conduct the test while the internal control system is very effective 1.1.1.2.3 Detection risk According to VSA No 400, “The detection risk is the risk that material misstatements will occur in each transaction or account on the financial statements when it is calculated separately or in aggregate that the auditing process, auditor and audit firm fail to detect.” In other words, planned detection risk is the risk that audit evidence for a segment will fail to detect misstatements exceeding tolerable misstatement Student: Huynh Thi Bich Ha Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Planned detection risk determines the amount of substantive evidence that the auditor plans to accumulate If the planned detection risk is reduced, the auditor needs to accumulate more evidence to achieve the reduced planned risk (Arens, 2012) 1.1.2 Assessing acceptable audit risk and audit risk components 1.1.2.1 Assessing acceptable audit risk According to Arens (2012), as you know, a reasonably low acceptable audit risk is always desirable, but in some circumstances an even lower risk is needed because of engagement risk factors Research points to several factors affecting acceptable audit risk as follows: - The degree to which external users rely on the statements: when external users place heavy reliance on the financial statements, it is appropriate to decrease acceptable audit risk Several factors are good indicators of the degree to which statements are relied on by external users such as client’s size, distribution of ownership and nature & amount of liabilities - The likelihood that a client will have financial difficulties after the audited financial statements is issued: If the client is forced to file for bankruptcy or suffered a significant loss after completion of the audit, the auditor faces a greater chance of being required to defend the quality of the audit than if the client were under no financial strain In this situations in which the auditor believes the chance of financial failure or loss is high and a corresponding increase, acceptable audit risk should be reduced - The auditor’s evaluation of management’s integrity: if a client has questionable integrity, the auditor is likely to assess a lower acceptable audit risk To assess acceptable audit risk, the auditor must assess each of the factors affecting acceptable audit risk Then, the auditor assess the acceptable audit risk at high, medium or low 1.1.2.2 Assessing audit risk components 1.1.2.2.1 Assessing inherent risk According to Arens (2012), the auditor must assess the factors that make up the risk and modify audit evidence to take them into consideration The auditor should consider several major factors when assessing inherent risk: - Nature of the client’s business: Business characteristics of client such as technology process, capital structure, dependent entity, geographic scope Seasonal operation, etc., affect the level of inherent risk of the client For example, some enterprises have backward technology processes, the ability to present the cost of inventories as finished products may not be in accordance with prudent principles Moreover, an enterprise with many dependent units or operating on wide area is capable of updating and synthesizing data with many errors Student: Huynh Thi Bich Ha Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D - Results of previous audits: The risk assessment on each account balance or type of transaction may be based on the results of previous audits If the account balance in the previous year has many differences, in this year inherent risk of this account will be assessed very high Because some misstatements of the previous year cannot be overcome - Related parties: Transactions between parent and subsidiary companies, and those between management and the corporate entity, are examples of relatedparty transactions actions as defined by accounting standards Because these transactions not occur between two independent parties a greater likelihood exists that they might be misstated, causing an increase in inherent risk - Non-routine transactions: Transactions that are unusual for a client are more likely to be incorrect recorded than routine transactions because the client often lacks experience recording them - Judgment required to correctly record account balances and transactions: Account balances and transactions which related to accounting estimation such as provision, depreciation of fixed assets, allocating, expense accruals, etc usually conduct on the basic of subjective judgment of the manager and the operator, so it is more likely to contain inherent risk on these accounts Therefore, the auditor should assess the high level of inherent risk for this accounts to enhance misstatements detection - Factors related to misappropriation of assets: some assets sensitive to fraud such as cash, gold, gemstone, the compact assets and easy to transport and great value are easy to steal Therefore, the auditor should determine the high level of inherent risk for the balance of these accounts - Personnel characteristics of Board of Directors: The auditor should consider the integrity, qualifications and experience of the Board of Directors as well as changing in the composition of the management board in the accounting period In this, the auditor should pay attention to the role and characteristics of the highest leader, because this is a person who has the power to make the majority of the company’s policies and has a major impact on the most of the company’s operations If the company is led by a person who is dishonest and fraudulent; or if the company regularly changes personnel in the Board of Directors, the auditor must assess the inherent risk at high level - Personnel characteristics of accounting department: The qualifications and experiences of the chief accountants and main accounting staffs is directly related to the process of gathering, the processing and providing information on the financial statements - The pressure of the Board of Directors and the chief accountant: The auditor should consider and assess that the Board of Directors and the chief accountant have been pressured to disclose the false financial statements For example, the enterprise, which has suffered loss continuously and is unable to pay its debt, is Student: Huynh Thi Bich Ha Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D not allowed to continue lending to traditional banks Therefore, it is expected to issue bonds to raise capital With this pressure, the enterprise may disclose the false financial statements about revenue, expense, profit or loss and solvency of debt - Outside factors: Economic fluctuations, competition, changes in the buying and selling markets also affect the inherent risk of the enterprise A company operating in a fierce competitive environment, losing market share, the auditor must assess the very high level of inherent risk to set up reasonable audit procedures The auditor must evaluate the information affecting inherent risk and decide on an appropriate inherent risk level for each cycle, account, and many items, for each audit objectives The auditor does not create nor control the inherent risk, but only assesses them based on a number of sources such as the audited result of previous years, customer economic policies, etc… Inherent risk assessment is usually initiated by considering what the auditor knows about the business and the nature of the client company If the auditor does not explain the assessment about the nature of the client company, they may not identify and determine the important risk area Based on that, the auditor usually uses the following procedures to assess the inherent risk of the client: - Interview: Conducting interviews on the basic of well-formed questions for the management and staff involved to collect the necessary information for the assessing the inherent risk Questions are set to collect the information about the characteristics of business, the personnel of the Board of Directors and accounting department, the unusual pressure of Board of Directors and chief accountant, the accounting policies and changing of policies and so on - Observation: The observation of the actual situation, process and business will help the auditor have the necessary knowledge in assessing inherent risk - Preliminary analysis the financial statements and review other related document: The auditor analyzes preliminary the financial statements in combination with the business plan indicators to gain an overview of the financial situation and business trends of the client company At the same time, the auditor also considers other relevant documents such as internal financial regulations, meeting minutes, tax inspection, etc to forecast the inherent risk of the client company The auditor begin their assessments of inherent risk during the planning phase and update the assessments throughout the audit 1.1.2.2.2 Assessing control risk Because control risk arises from the internal control system, the components of the internal control system are also the factors affect the control risk Therefore, Student: Huynh Thi Bich Ha Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D to assess the control risk the auditor must base on the knowledge about the internal control system According Arens (2012), the factors affect the control risk: - Control environment: The control environment consist of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity - Risk assessment for financial statements is management’s identification and analysis of risk relevant to the preparation of financial statements in conformity with appropriate accounting standards Management’s risk assessment differs from but is closely related to the auditor’s risk assessment While management assesses risks as a part of designing and operating internal controls to minimize errors and fraud, auditor assess risks to decide the evidence needed in the audit - Control activities: Control activities are policies and procedures, in addition to those included in the other four control components that help ensure that necessary actions are taken to address risks to the achievement the entity’s objectives There are potential many such control activities in any entity, including both manual and automated controls - Information and communication: the purpose of an entity’s accounting information and communication system is to initiate, record, process, and report the entity’s transactions and to maintain accountability for the related assets An accounting information and communication system has several subcomponents, typically made up of classes of transactions such as sales, sales return, cash receipt, acquisitions, and so on To understand the design of the accounting information system, the auditor should determine the major classes of transactions of the entity, how those transactions are initiated and recorded, what accounting records exist and their nature, how the system captures other events that are significant to the financial statements, and the nature and details of the financial statements process followed, including procedures to enter transactions and adjustments in the general ledger - Monitoring: Monitoring activities deal with ongoing or periodic assessment of the quality of internal control by management to determine that controls are operating as intended and that they modified as appropriate for changes in conditions The auditor does not create and also control the control risk, the auditor only may assess internal control system strong or weak and determine the level of control risk (low, medium or high) Based on that, the auditor usually uses the following procedures to assess the control risk of the client: - Control environment: The auditor interviews the management and staff to understand the factors of control environment such as the integrity and ethical values of the organization; competence commitment; the Student: Huynh Thi Bich Ha Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D organizational structure and assignment of authority and responsibilities; and so on In addition, the auditor also associates with the observation and examination of documents - Risk assessment: The auditor needs to interview the management to understand the content and the results of risk assessment process Understanding the client’s risk assessment can help the auditor to assess the risk of material misstatement The auditor must use professional judgment to determine whether the client's risk assessment process is appropriate or not - Control activities: The auditor interviews the management and staff about the control activities applied Then, the auditor must observe and examine the documents to determine whether these activities have been effectively implemented - Information and communication: By conducting interviews accountants in combination with examining documents, the auditor will gain an understanding of the information system relating to the preparation and presentation of financial statements - Monitoring: Interviewing management to find out how the board conducts an assessment of the effectiveness of the internal control activities The auditor may assess the high level of control risk in the following case: - The internal control system is not sufficient and effective - The auditor does not have sufficient basic to assess the appropriateness, completeness and efficiency of internal control system The auditor may assess the low level of control risk in the following case: - The auditor is qualified and has plans to carry out tests of control to confirm the risk assessment - The auditor has sufficient evidence and basic to conclude the effective internal control system That system has ability to prevent, detect and handle in time the fraud, errors in the enterprise This assessment on control risk will affect the timing, content and scope of the audit methodology 1.1.2.2.3 Assessing planned detection risk The detection risk is usually affected by the following factors: - Sampling risk: The auditor make the sample which does not represent the audited entity so the auditor’s conclusions are based on sample results different from the overall actual results Student: Huynh Thi Bich Ha Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D The auditor assesses the detection risk at a low level to maintain an acceptable level of audit risk The purpose of determining the planned detection risk is to establish the level of performance of substantive tests If the planned detection risk is at the lowest level, the auditor will perform the substantive tests at the highest level to achieve the desired audit risk The work in this phase is done in the form [A910] 2.2.2 Assessing materiality PM is a measure of the amount of materiality for the whole financial statements and it will be used in the design of audit procedures to ensure that the risk of undetected material misstatements had been reduced to acceptable levels Establishing the materiality is very significant, establishing the materiality that is not appropriate will directly affect the detection of audit risks as well as the cost of carrying out audits Therefore, to guide the auditor to evaluate the materiality, reduce the arbitrariness of the auditor in the process of judging the materiality, AAC establishes a policy that establishes the initial materiality for the overall financial statement The basic contents of this policy include the indicators for the original and proportional brackets corresponding to each indicator The definition of the above indicators and proportional brackets is completely considered the professional segment of each auditing company At AAC, the auditor performs the following tasks: Step 1: Determining benchmark to assess materiality The most commonly used benchmarks are: - Profit before tax - Revenue - Total equity - Total assets Determining the benchmark depends on the information needs of the majority of users use financial information and characteristics of each type of company AAC has provided specific guidelines for each type of company as follows: - Non-profit organization: The auditor usually chooses total assets to assess the materiality - Company newly come into operation or likely to go bankrupt: The auditor usually chooses total assets or total equity - The enterprise is self-managed by the owner: The auditor usually chooses profit before tax but appropriate adjustment because the profit before tax is include the salary corresponding to the salary of owners - The company is listed on the Stock Exchange: The auditor usually chooses profit before tax because this is an indicator which is interested by a lot of people, especially shareholders of the company Student: Huynh Thi Bich Ha 40 Graduation thesis - - Academic Advisor: Pham Hoai Huong, Ph.D The company is not listed on the Stock Exchange: The auditor usually selects total equity or revenue because profit before tax does not reflect the size of the company Branches of transnational companies: Materiality is determined on the basis of revenue and is 2% higher than unlisted companies on the Stock Exchange Step 2: Select the appropriate ratio to determine the overall materiality: AAC uses benchmark ratios similar to the Vietnamese Auditing Standards: - Profit before tax: 5% - 10% Revenue: 0.5% - 3% Total equity: 1% - 5% Total assets: 1% - 2% Step 3: Assessing the overall materiality (PM) PM = Value criteria selected x the ratio used to estimate materiality Step 4: Assessing the performance materiality (MP) Performance materiality is a value determined by the auditor to reduce the likelihood of errors to a reasonable low level to synthesize the effects of unregulated and undefined errors not to exceed the materiality for the overall financial statements At AAC, the auditor determines the performance materiality MP = (50% 70%) x PM This is the materiality used for the whole financial statements to ensure that all errors are detected by the auditor and that errors not detected by the auditor not exceed the overall materiality (PM) determined Step 5: Determining the tolerable misstatements The maximum level is 4% of the performance materiality This is the level prescribed by Vietnamese Auditing Standard The difference less than this error threshold does not need to be re-aggregated For ABC, the materiality determination is as follows: For the ABC, the auditor determines total equity as the indicator chosen to determine the materiality Because as a joint stock company, the target of being sensitive and gaining top priority is profit However, in recent years, the profit of the company is low On the other hand, the auditor assess the risk in the company at low, so the auditor should choose criteria equity to determine the materiality, this indicator is the least volatile over the years Materiality is calculated as following table: Student: Huynh Thi Bich Ha 41 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Table 10: Setting the materiality of ABC 12,958,532,172 VND Total equity The ratio used to assess materiality 2.0% 259,170,643 VND Overall materiality (PM) The ratio used to assess performance materiality is (50% 60% 75%) 155,502,386 VND Performance materiality (MP) The ratio used to calculate the threshold for individual 4% misstatement (0% - 4%) Threshold for individual 6,220,095 VND misstatement ABC is a joint stock company Their target is profitability However, recent years the client's profitability is low Therefore, the auditor selects the total equity to calculate the materiality as this indicator is the least volatile over the years The auditor assesses the client's internal control system fairly well Therefore, the auditor choose the average ratio of 2% to evaluate the overall materiality Student: Huynh Thi Bich Ha 42 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Chapter Comments and solutions to improve the assessment of audit risk and materiality performed by Auditing and Accounting Limited Liability Company 3.1 Comments on the assessment of audit risk and materiality performed by AAC 3.1.1 Positive points For assessing the audit risk, AAC has developed a specific audit risk assessment process that is in line with Vietnam Auditing Standards and is highly practical Audit risk assessment is conducted for each component of the audit risk: inherent risk, control risk and detection risk For each type of risk, AAC also regulates the sequence of workflows from information gathering and processing, thus providing a basis for assessing each type of risk Questionnaires used for the audit risk assessment process are clearly designed to facilitate the audit risk assessment On the other hand, at AAC, the working papers that serve the customer's audit risk assessment are clearly presented and understandable in accordance with VACPA guidelines, which are carefully stored in the company records for the times audit later The audit risk assessment has served effectively the audit planning for the whole financial statements and specific accounts Audit risk assessment at AAC is always done by experienced and qualified personnel As a result, the reliability of the results is quite high For assessing the materiality, AAC has formulated the "Establishing Materiality Policy for Auditing Financial Statements", which contains full and specific guidance on the establishment of materiality for the financial statements auditing, special in the planning stage From estimating overall materiality for financial statements to allocating materiality for each accounts method These steps fully meet VSA’s general condition for determining the materiality level in the financial statements audit The choice of indicators to determine the overall materiality (PM) is appropriate: Assessing overall materiality (PM) bases on indicators: Total assets, Total revenue, Profit before tax, Total equity In four indicators, three indicators are presented on the Balance Sheet, an indicator are presented on Income Statement, show the professional caution of the AAC’s auditor, because: o Total assets, total equity are used for new company, total revenue and profit not yet available or not stable o Revenue is used when the business has a stable revenue and revenue is one of the important factors to evaluate the performance Student: Huynh Thi Bich Ha 43 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D o Profit before tax is often used for companies listed on the stock exchange because it is a target for a large number of users of financial statements Percentage of indicators that AAC is applying is consistent with VSA's conditions and is consistent with the main customer characteristics of the company Performance materiality chosen by the AAC is low (50% - 70%) to ensure prudence principles 3.1.2 Limitations For assessing the audit risk, the process of understanding clients to assess contract acceptance risk as well as the audit plan of AAC has encountered some limitations Due to time pressure, AAC auditors obtain the understanding of clients mostly through reviewing the previous years’ documents Sometimes this information does not reflect changes in clients’ nature The inherent risk assessment at the overall financial statement level and account level usually only conducts in large client As for medium and small enterprises, in order to ensure the prudence principle as well as to save time for the audit, the auditor often selects the inherent risk level on the overall financial statements is high, at the same time, based on their experience, the auditor determines the inherent risk for each account Risk assessment tables are also generally applicable to all AAC clients, not designed to each type of business, so it is only appropriate for some types of businesses For clients with internal control system, the questionnaire about internal control system is only interview some questions which the auditor considers important, the others is assessed through observation and the experiences of the auditor in the audit process rather than conducting interviews The internal control system study is based on a questionnaire that does not use flow charts and reporting tables Often, the flowchart is highly regarded for its easy-to-follow and systematic approach, while the reporting tables will work for relatively small clients which accounting systems and document flows are simple The control risk assessment for each account, each cycle only carries out for large size clients For small size clients, the auditor often ignores this step, the auditor usually assesses high level control risk and goes straight to performing substantive tests AAC has not focused on assessing the internal control system of clients in the information environment Today, science and technology increasingly developed, enterprises often use computer systems in management and accounting Therefore, the auditors need to have knowledge of computer problems, understand the advantages and disadvantages of the current accounting software to detect possible frauds and errors Student: Huynh Thi Bich Ha 44 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D For assessing the materiality, the determination of benchmark for assessing materiality as well as the corresponding rate is very subjective of the auditor The auditor bases the professional experience to choose the ratio which used to assess performance materiality If the auditor determines high materiality, it will make the high audit risk If the auditor determines low materiality, it will affect the effectiveness of audit AAC does not evaluated materiality for each account Therefore, it is difficult to determine the scope of audit for each account, as well as to gather sufficient evidence of each account Using performance materiality of whole financial statements for individual accounts results in small sample size determined with CMA sampling method Establishment of the materiality in the planning stage at AAC is only done for large clients or listed companies For clients with small scale, the auditors often skip this step because the audit time is quite tight 3.2 Some solutions for improving the assessment of audit risk and materiality conducted by AAC 3.2.1 Solutions for the audit risk assessment 3.2.1.1 Improving the inherent risk assessment 3.2.1.1.1 Improving the inherent risk assessment on the whole financial statements The inherent risk assessment at AAC is determined primarily by the information contained in the working paper [A310] and [A510] But there are no specific questionnaire I provide an assessment questionnaire which designed based on the groups of factors affecting the overall financial statements such as operating environment, characteristics of client’s business, Board of Directors, management, other factors Below is the inherent risk assessment for the whole financial statements and applied to ABC: Table 11: Questionnaire to assess the inherent risk on the whole financial statements Question YES NO Operating environment Is the level of competition high? X Is the current local economic situation bad? X Is the client affected by economic fluctuations (such as sudden X changes in interest rates, exchange rates)? Is the client affected by the change in science and technology? X Characteristics and business operation of the client The product and service of the client is likely obsolete? X The product and service of the client is seasonal? X Student: Huynh Thi Bich Ha 45 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Are there many regular businesses using cash on hand? X Does the client's business involve illegal activities? X Does the client depend heavily on the debt? X Do events and activities abroad affect the business of the client? X Are there complex and important operations with related parties? X Is the client under pressure to meet the expectations of X shareholders, creditors? Board of Directors and Management Do senior managers lack the necessary skills such as marketing, X finance, technology? Are intermediary managers not qualified enough? X Does the management change the bank, legal consultant and X auditor? Is there difficulty in the personal life of the management X members? Is lack of independence from management? X Is the relationship between managers and employees bad? X Does the client change its regular key staff and management? X Do chief accountants and staff have not enough professional X experience? Management pressure Is the client's operations declining rapidly? X Is the client’s capital development limited? X Are the requirements of the shareholders too great for the client's X financial ability? Does the Chief Accountant have a lot of pressure from the Board? X Does the client have unpaid overdue debts? X Does the client have difficulty in cash flow? X Is the client likely to lose the key customers? X Other factors Is this the first year audit? Is there reason about changing the X auditor predecessor? Does the management provide insufficient information on X activities for the auditor? Evaluation method: The assessment is based on the percentage of responses If the ratio of number of "NO" answers / total questions is: • 60%: Inherent risk is low Table 12: Conclusion inherent risk at ABC Student: Huynh Thi Bich Ha 46 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Accuracy Completeness Factors to consider Occurrence The number of Total question Percentage Inherent risk “No” answer assessment 30 34 88% Low 3.2.1.1.2 Improving the inherent risk assessment at account level To assess inherent risk for each account, AAC's auditors only perform a preliminary analysis of the financial statements to detect accounts that have changed significantly over the previous year But in order to make the right conclusion about the inherent risk of each account on each assertion, AAC needs to develop a questionnaire for each account Evaluation method: The assessment is based on the percentage of responses If the ratio of the number of "NO" answers / total questions is: • 60%: Inherent risk for assertion is high The following is an illustration of the revenue account and applies to the ABC: Table 13: Questionnaire to assess inherent risk at account level Revenue Due to the pressure of sales target, it is possible to Yes overstate revenue Businesses evade taxes so revenue is likely to be No hidden Handling large workloads can lead to data errors or No inaccurate revenue recognition Compare the goods issue document with invoices to Yes ensure that they not record the same transaction The price on the invoice is checked against the price Yes list and added before transfer to the customer 0% 100% 50% Percentage Low High Medium Inherent risk assessment 3.2.1.2 Improving the control risk assessment 3.2.1.2.1 Improving the control risk assessment on the whole financial statements At present, the questionnaire used to assess the overall of the client’s internal control system is appropriate but the way of assessing internal control system is not clear enough The questionnaire about internal control system includes Student: Huynh Thi Bich Ha 47 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D components: control environment, risk assessment process and monitoring control activities In the questionnaire, the answer "No" is considered to be risky Based on the answers, the auditor assesses the effectiveness of each component in three levels: good, medium, weak The evaluation is based on the following criteria: If the ratio of the number of "NO" answers / total questions is: • 60%: This component of internal control system is weak After assessing each component of the internal control system, the auditor conducts a general assessment of the internal control system of the client as follows: Table 14: The scorecard for the risk assessment of each internal control components Assessing Components of internal control system Weak Medium Good Control environment Risk assessment process Monitoring control activities Based on the total score of the three components, the effectiveness of the internal control system is evaluated in three levels: weak, average and good based on the following criteria: Score from to 5: Control risk is high Score from to 7: Control risk is medium Score from to 9: Control risk is low The following is an example for the ABC Based on the questionnaire about internal control system in Appendix 4, we have the following table: Table 15: Conclusion about co risk on the whole financial statements Assessing Score follow level Control environment 30% Good Risk assessment process 100% Weak Monitoring control activities 50% Medium Total Conclusion: The total score of the three components of the internal control system is in the range of to 7: Control risk is "medium” Components of internal control system Percentage 3.2.1.2.2 Improve the control risk assessment on each account or transaction cycle Currently, the risk assessment method for each account or transaction cycle of AAC is not detailed enough AAC only provides some guidance when the auditor conducts risk assessments On the other hand, when assessing the control risk of each account, the auditor does not pay attention to the risks that can be attributed to specific assertions Student: Huynh Thi Bich Ha 48 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Evaluate the effectiveness of control procedures The auditor will evaluate whether the control procedures applied in the process are effective in preventing and detecting errors The auditor collects information for the purpose of assessing the effectiveness of the control procedure - If the client applies the control procedures, the answer is “Yes” - If the client does not apply the control procedure, the answer is “No” Risk assessment for each account After assessing the applying of control procedures, based on the answers, the auditor calculates the number of “No” answers on total question for each assertions The auditor assesses the control risk for each account on each assertions according to the following criteria: • 60%: Control risk for assertion is high To illustrate the proposal, I would like to present an example of a risk assessment process in the "Sales, receivables and collection cycle" cycle in terms of items at the ABC: Student: Huynh Thi Bich Ha 49 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Presentation and disclosures Cut-off Classification Accuracy Valuation Completeness Revenue Occurrence Table 16: Assessing control risk of revenue following each assertion Is the record of revenue based on Yes sales invoices, shipping documents and contracts? Is the customer's signature in the Yes shipping documents and invoice? Is a record of shipments Yes maintained? Is there independent comparison Yes of the quantity on the shipping documents to the sales invoices? Are monthly statements sent to Yes customers? Is there independent comparison Yes of recorded sales to the chart of accounts? Is there independent comparison Yes of dates on shipping documents to dates recorded? Are sales discounts, sales rebates, Yes Yes Yes and return value approved by director or chief accountant? Have tracked the goods sent for No No sale? Do client track each type of No revenue? 25% 0% 0% 0% 0% 0% 67% Percentage Low Low Low Low Low Low High Control risk assessment 3.2.1.3 Improving the planned detection risk assessment 3.2.1.3.1 Improving the planned detection risk assessment on the whole financial statements After assessing inherent risk and control risk for the whole financial statements, the auditor conducts a planned detection risk assessment for the whole financial statements based on the risk matrix Student: Huynh Thi Bich Ha 50 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D For ABC, the auditor assesses as following: Inherent risk: Low Control risk: Medium Following the risk matrix, the auditor assesses planned detection risk at High 3.2.1.3.2 Improving the planned detection risk assessment at account level After assessing inherent risk and control risk on each account for each assertions The auditor assesses the planned detection risk on each account for each assertions The auditor uses the risk matrix to assess the planned detection risk For ABC, the auditor assesses for revenue on each assertions following: Table 17: Planned detection risk on each assertions for revenue Revenue Inherent risk Control risk Detection risk Occurrence Low Low Max Completeness High Low Medium Valuation Low Low Max Accuracy Medium Low High Classification Low Low Max Cut-off Low Low Max Presentation and disclosure Low High Low 3.2.2 Solutions for the materiality assessment 3.2.2.1 Improving the performance materiality When the auditor has identified the benchmark to be used as the basis for estimation, he/she will select a percentage to assess the materiality The auditor may choose a rate to estimate the performance materiality based on the detection risk However, at AAC, the auditor usually chooses the highest, lowest, or average based on their judgment Therefore, the introduction of a scoring guide to estimate the materiality is necessary In addition, the auditor must rely on the characteristics and initial assessment of inherent risk and control risk such as: private firms tend to report understated revenue and overstated expenses to evade taxes; listed companies on the stock exchange show the financial situation and business operations are always good to attract investors, the rate will be reduced to the lowest level The auditor choose the revenue to assess the materiality: Table 18: The ratio to assess the performance materiality Planned detection Min Low Medium High Max risk Revenue Ratio 2.5 0.5 (%) For ABC, the planned detection risk for the whole financial statements is assessed at high So the ratio uses to assess the performance materiality at 1% Student: Huynh Thi Bich Ha 51 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D 3.2.2.2 Evaluating the tolerable misstatement for each account (TM) Assessing the tolerable misstatement for each account is important in the audit planning stage, so that the auditor is able to determine the time and audit scope of each account The company may refer to the steps for evaluating materiality for each account as follows: Step 1: Temporarily allocating follows the value of accounts The materiality will allocate for accounts corresponding to the proportion of the value of such accounts on financial statements to the following formula: 𝑇𝐸 𝑎𝑙𝑙𝑜𝑐𝑎𝑡𝑒 𝑓𝑜𝑟 𝑎𝑛 𝑎𝑐𝑐𝑜𝑢𝑛𝑡 = 𝑀𝑃 𝑥 𝑉𝑎𝑙𝑢𝑒 𝑜𝑓 𝑎𝑛 𝑎𝑐𝑐𝑜𝑢𝑛𝑡 𝑇𝑜𝑡𝑎𝑙 𝑣𝑎𝑙𝑢𝑒 𝑜𝑓 𝑎𝑐𝑐𝑜𝑢𝑛𝑡𝑠 Step 2: Allocate materiality for each accounts In this step, the auditor will base on detection risk of each account to adjust materiality: If the detection risk is low, decreasing the materiality for this account If the detection risk is high, increasing the materiality for this account If the detection risk is medium, not adjust the materiality Moreover, the auditor need to consider the ability and cost of collecting evidence of this account to adjust the materiality Student: Huynh Thi Bich Ha 52 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D Conclusion In the process of forming and developing AAC Auditing and Accounting Co., Ltd, always tries and strives to improve the quality of auditing for clients in order to create prestige and brand name in the market As such, the company has achieved great success and become a reputable and quality auditing company Through my internship, I learned that the company has a method of assessing audit risk and materiality that is in line with Vietnamese auditing standards as well as international auditing standards This method is a general guideline for the auditors to conduct audit risk and materiality assessment in client audit Not only that, but I found out some limitations in the method of the company, thus offering some solutions to overcome these limitations During the thesis writing, I have tried a lot, but due to knowledge and time constraints, the thesis is difficult to avoid defects and errors I look forward to receiving the contribution from the teachers Finally, I sincerely thank Pham Hoai Huong and his colleagues in the corporate auditing department of AAC Auditing and Accounting Limited Company for their enthusiastic guidance in helping me complete this dissertation Student: Huynh Thi Bich Ha 53 Graduation thesis Academic Advisor: Pham Hoai Huong, Ph.D References AICPA (2017) Materiality in Planning and Performing an Audit AICPA Alvin A Arens, R J (2012) Auditing and assurance services: an integrated approach Pearson Education, Inc International Accounting, Auditing & Ethics (IAAE) (2012) Materiality in the audit of financial statements ICAEW Procedures, R A (2009) Identifying assessing the risks of material misstatement through unerstanding the entity and its environment Auditing, 262-312 Steer, Hill Rogers & Spencer (2015) Materiality Guide NSW: NSW ICAC EXHIBIT Ministry of Finance (2012), Vietnam Standards of Auditing No 320 – Materiality in auditing, Circulars No 214/2012/TT-BTC Student: Huynh Thi Bich Ha 54 ... involving fraud are usually considered more important than unintentional errors of equal amounts because fraud reflects on the honesty and reliability of the management or other personnel involved... enterprise may disclose the false financial statements about revenue, expense, profit or loss and solvency of debt - Outside factors: Economic fluctuations, competition, changes in the buying and... Interview: Conducting interviews on the basic of well-formed questions for the management and staff involved to collect the necessary information for the assessing the inherent risk Questions are set