Peer Review Inherent Risk Questions Revised

Separate inherent risk assessments are not required by GAAS; however, changes to peer review checklists (several months ago) were causing “no” answers (which implies a deficiency) when audit firms did not use separate practice aids to assess inherent risk.

These “no” answers were an unintended consequence of the way the peer review inherent risk questions were worded. (I scratched my head the first time I saw them.) The questions are now revised.

Now the peer reviewer will focus on the risk assessments related to the risk of material misstatement (RMM) (which is the result of the control risk and the inherent risk). The revised questions still ask the reviewer to consider if the RMM is impacted by a less-than-high inherent risk assessment.

The intent of the inherent risk questions, I believe, is to cause the reviewer to consider whether the inherent risk assessment is appropriate and not used to falsely reduce the amount of substantive work.

Remember Inherent Risk x Control Risk = RMM, so an auditor could lessen his response to risk (substantive work) by lowering the inherent risk (without a proper basis for doing so).

What does this mean for you? Make sure you can defend your lower inherent risk assessments (provide a logical explanation for the lower IR assessment).

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 thoughts on “Peer Review Inherent Risk Questions Revised

  1. Just glad my peer review was completed before these new standards came out. Do they actually test these things before they are adopted?- Like on real firms?

  2. Charles

    Thank you for bringing this issue to light. As an auditor that does not separately document IR and CR, I have been battling this same same issue. As you state to establish RMM you must have evaluated IR as it is, by definition, a component. The guidance clearly states that separate documentation of the two components is not required.
    I understand that it is the job of peer review to see that practitioners comply with standards, however, I believe in this case the checklists impart a higher threshold than the standards.

    Thank You
    Tom

  3. Tom, I agree.

    I see the same thing (the checklist exceeds standards) in regard to independence documentation. The AICPA standards don’t require a formal documentation of skill, knowledge and experience (unlike the Yellow Book standards which do)–and yet, the checklist asks where this documentation is located in the file.