15 Risk Assessment Mistakes CPAs Make
Here are 15 risk assessment mistakes. Have you seen these?
- Assessing control risk at high with no understanding of internal controls and no walkthroughs (in other words, defaulting to high control risk)
- Seeing significant internal control problems, assessing control risk at high, then performing routine audit procedures (and no extended procedures)
- Assessing inherent risk too high (resulting in unnecessary responses–audit procedures)
- Assessing inherent risk too low (resulting in adequate responses–audit procedures)
- Not documenting why inherent risks are assessed as they are
- Seeing risks of material misstatement in the performance of risk assessment procedures (e.g., preliminary analytics), but not documenting those on the summary risk assessment form
- Adding audit procedures for assertions that are not relevant (wasted hours of work)
- Not documenting linkage between the risks of material misstatement by assertion to the planned audit procedures
- Failing to document an understanding of the entity and its industry
- Assessing control risk below high without the support of a test of controls
- Defaulting to a test of details rather than performing a test of controls for effectiveness when the test of details takes more time than the test of controls (not necessarily wrong, just takes more time)
- Not identifying significant risks (and not performing needed extended procedures)
- Not understanding how weak internal controls affect the risk of material misstatement
- Not giving sufficient attention to internal controls because “my controls risk will be assessed at high anyway”
- Doing the same-as-last-year without determining if last year’s approach was correct and without determining if new risks of material misstatement are present
Review one of your audit files and see if any of these risk assessment mistakes are present.
Want to understand risk assessment? Check out my risk assessment book on Amazon.
Learn from my CPA Hall Talk newsletter!
Get my free accounting and auditing digest with the latest content.