What Is Risk of Material Misstatement at the Assertion Level?

An audit of financial statements is a methodical review providing assurance that they are presented fairly. A central concept is the risk of material misstatement, the possibility that a company’s financial reports contain significant errors or omissions before an auditor begins their work. This risk exists at two levels: the overall financial statement level, where risks can pervasively impact the entire set of financials, and the more granular assertion level. The risk of material misstatement at the assertion level is the likelihood that any of these specific claims is incorrect.

Defining Financial Statement Assertions

Financial statement assertions are the explicit or implicit claims made by a company’s management regarding the recognition, measurement, presentation, and disclosure of information in the financial statements. These assertions form the basis for the auditor’s work, as they must gather evidence to validate each one for significant accounts and disclosures. Auditing standards group these claims into five categories.

• Existence or Occurrence: This assertion addresses whether assets or liabilities exist at a given date and whether recorded transactions have occurred during the period. For example, management asserts that inventory on the balance sheet is physically present and that a recorded sale represents a genuine transaction.
• Completeness: This asserts that all transactions, accounts, and disclosures that should have been recorded in the financial statements have been included. For instance, all sales for the period have been recorded, and all liabilities are reflected on the balance sheet.
• Valuation or Allocation: This assertion means that asset, liability, equity, revenue, and expense components have been included in the financial statements at appropriate amounts. This includes ensuring that accounts like inventory are valued correctly and that any necessary adjustments, such as for depreciation or obsolescence, are properly recorded.
• Rights and Obligations: This asserts that the company holds or controls the rights to its assets, and that liabilities are the actual obligations of the company. For example, management claims the company has legal title to the equipment it lists, and that a loan on the books is its legal responsibility.
• Presentation and Disclosure: This assertion concerns how information is presented and disclosed. It means that financial information is appropriately classified and described, and disclosures are clear and understandable. For example, long-term debt is properly classified separately from current liabilities, and the details of the debt are clearly disclosed in the notes.

Components of Risk at the Assertion Level

The risk of material misstatement at the assertion level is composed of two distinct components: inherent risk and control risk. These are the client’s risks, meaning they exist within the company’s operations and financial reporting processes entirely separate from the audit itself. The auditor’s job is to assess these two components to determine the overall risk that a specific assertion might be materially misstated.

Inherent Risk

Inherent risk is the susceptibility of a specific assertion to a misstatement that could be material, before considering any related internal controls. It represents the raw risk associated with a particular account balance or class of transactions based on its nature, as certain accounts are more prone to error or manipulation. Several factors can increase inherent risk. Complexity is a major driver, as assertions related to financial instruments with intricate valuation models are inherently riskier than those for simple cash accounts. Subjectivity also elevates risk in accounts that rely heavily on management estimates, while change, such as new regulatory requirements or a volatile economic environment, can introduce new risks.

Control Risk

Control risk is the risk that a material misstatement that could occur in an assertion will not be prevented, or detected and corrected, on a timely basis by the company’s internal controls. This risk is a direct function of the effectiveness of the internal control system. Factors that increase control risk include a poor control environment, such as a lack of management integrity, or inadequate segregation of duties. A history of identified control deficiencies, high employee turnover in key accounting positions, or outdated information technology systems can also signal higher control risk. The auditor assesses control risk to determine the extent to which they can rely on the company’s systems to produce accurate financial data.

The Auditor’s Assessment Process

An auditor’s assessment of the risk of material misstatement is a systematic process that forms the foundation of the audit plan. The primary methods for this evaluation are risk assessment procedures, which include inquiries of management and analytical procedures. Analytical procedures involve evaluating financial information by studying plausible relationships among data, where unexpected fluctuations can indicate a heightened risk.

A part of the process is gaining a deep understanding of the entity and its environment, including its industry, regulatory landscape, and business objectives. For example, understanding that a client is in a rapidly changing technology industry might lead an auditor to assess a higher inherent risk for the valuation of its inventory. The auditor must also obtain an understanding of the company’s internal control system. This involves evaluating the design of controls and determining whether they have been implemented by observing processes or inspecting documents.

Responding to Assessed Risks with Audit Procedures

The auditor’s assessment of risk directly impacts the audit strategy. There is an inverse relationship between the assessed level of risk and the level of detection risk an auditor is willing to accept. Detection risk is the risk that the auditor’s procedures will fail to detect a material misstatement. If the risk of material misstatement is assessed as high, the auditor must perform more persuasive audit procedures to lower detection risk to an acceptable level. This response is formalized by designing further audit procedures, like tests of controls and substantive procedures, to direct audit effort toward the areas with the greatest risk.

For example, if an auditor assesses a high risk of material misstatement for the existence assertion of a company’s inventory, their response would be more rigorous. Instead of relying on observing a cycle count program during an interim period, the auditor would likely insist on observing the company’s full physical inventory count at or very near the balance sheet date. They might also increase the number of test counts they perform and scrutinize the reconciliation between the count and the general ledger more closely.

Similarly, consider a scenario where the assessed risk for the valuation assertion of accounts receivable is high due to economic conditions impacting customer solvency. The auditor’s response would involve more extensive substantive procedures. This could include increasing the sample size for accounts receivable confirmations sent directly to customers, performing more detailed testing of subsequent cash collections from those customers after year-end, and more rigorously challenging the assumptions used by management in calculating the allowance for doubtful accounts.