The pompous concept of the spectrum of inherent risk
IAS 315 [1] introduces the ‘concept of the spectrum of inherent risk’. I wondered what this rather noble, pompous concept could mean.
I first thought that it related to the wide range of risks used in field of risk management. But no, auditors use this concept only in relation to possible misstatements in financial statements. It must therefore remain a simple concept to understand, I thought. But I was wrong again.
Let’s take as a start the definition of an inherent risk. In paragraph 4 of 1SA 315, I found this:
“Inherent risk is described as the susceptibility of an assertion …” [2]
So an inherent risk is not a risk at all. IAS 315 has turned it into ‘the susceptibility of an assertion’ whatever that might be. In the event that you think I am exaggerating and taking it out of context, I have put the whole sentence below. [2] And I had thought that an inherent risk was a risk associated with the company involving a high degree of uncertainty which could lead to material misstatement.
But to be fair to IAS 315, Appendix 2 gives us examples of inherent risk factors which could lead to these misstatements. There are five factors auditors must consider: complexity, subjectivity, change, uncertainty and the susceptibility of management. Very helpful indeed.
Spectrum is defined in several complicated paragraphs. It depends on the auditor’s ‘professional judgment within a range, from lower to higher’. As you can see the word ‘spectrum’ becomes ‘range’ in the explanations to make it all easier to understand, so the word ‘range’ would have been less pompous than spectrum. This is the simple part of the explanation.
Auditors are then required to review a long list of possibilities: nature, size and complexity of the entity, inherent risk factors, the possibility that a misstatement may occur, the qualitative and quantitative aspects of the possible misstatement, and the most important the ‘assessed likelihood and magnitude of the misstatement’. Finally two paragraphs are devoted to the relationship between likelihood and magnitude, with, for instance, this profound example:
“Rather, it is the intersection of the magnitude and likelihood of the material misstatement on the spectrum of inherent risk that will determine whether the assessed inherent risk is higher or lower on the spectrum of inherent risk.”
Finally range is not relevant anyway. Auditors are only interested in the inherent risks ‘close to the upper end of the spectrum of inherent risk’. This what the IAS consider a significant risk: an identified risk which could lead to material misstatement. The others: low and medium risks are irrelevant as they do not lead to material misstatements. So finally it is not the spectrum which is important only the upper range risks or the upper range susceptibilities of an assertion, to use the standard’s wording.
You can imagine my encouragement when I read the remarks of Tom Seidenstein of the International Auditing and Assurance Standards Board:
“The revised standard (IAS 315) introduces new concepts to help auditors in identification and assessment of risk.” [3]
How relieved I became, especially when he added “including more consistent use of language”. Although instead of ‘consistent’ I would have preferred they had tried ‘simple’.
[1] International Standard on Auditing 315, ISA 315, (Revised 2019), Identifying and Assessing the Risks of Material Misstatement.
[2] Inherent risk is described as the susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.
[3] Taken from the Remarks of Tom Seidenstein, Chair, International Auditing and Assurance Standards Board in his speech entitled, ‘The Future of International Standard-Setting’ to the Institute of Chartered Accountants of England and Wales’s Audit Conference “Reflect, Reform, Refocus” in October 2019.