The two important factors that are going to guide this audit are you're not trying to get absolute assurance. You're not trying to get a guarantee, you're trying to get reasonable assurance. And you're trying to not find every misstatement, should misstatements exists, but only those that would be material misstatements. So what are some implications of this? What if it's reasonable assurance, it means that it's not really practical, or needed, to examine every transaction, every internal control over financial reporting, or every financial event. It's not a guarantee that all material misstatements will be detected. Some could slip by. So let me be clear. If you were to perform 100 audits, you would not expect the auditors opinion, if it's a clean opinion, to be correct 100% of the time. How many of those audits could be...have an opinion that says, the financial statements are free of material misstatement. How many of those could actually have misstatements still? Well there's a debate about that, but maybe as many as 5 out of 100 and an auditor would still being doing his or her job. So that would be a 95% of assurance rate, right? And that's pretty high, and that probably does fit with this description of being reasonable, but not absolute. And the standard setters do clarify that reasonable assurance means high assurance. Now materiality is something that's difficult to determine. It's done by professional judgement first of all, you need skill and industry specific knowledge to understand materiality, because it ultimately comes down to what that third line says on the slide here. What would a reasonable user or investor deem to be important? There's not some sort of cookbook recipe that tells you all of the things you look at and if you look at each of those, you will have covered the full range of materiality. It doesn't work that way. It does involve professional judgement, in both quantitative and qualitative considerations. They interact those two types of considerations and it's a matter of professional judgement. That said, there are some norms out there that you will often see. So one common quantitative benchmark that is used as 5% of net income before taxes, is a starting point for what would guide the audit. And if there is a misstatement more than that after an audit is done, it's probably going to be material. Another one would be 1% of total assets. But you should know that there's this trade off, again between quantitative and qualitative considerations. So it could be that in a statement that is only, let's say, 3% of net income before taxes, if its some a statement that takes a company from being in the red, Having a net loss, to in the black from one quarter, that could still easily be material, even though it's smaller than a quantitative benchmark by itself would suggest this material. Okay? So reasonable assurance and materiality. Now we're gonna get into some of the meat and potatoes of the audit planning. You see the auditor wants to plan the audit such that after the audit is complete, that there's an acceptably low audit risk. What I mean by that, is that after the audit, there's an acceptably low risk that the auditor expresses a clean opinion inappropriately. Or an inappropriate opinion when the financial statements are materially misstated. Those two statements are highly synonymous. So the auditor, in order to plan this exercise, to plan to get audit risk to an acceptably low risk level, they divide the audit risk into three different components. Inherent risk, control risk, and detection risk. And let me tell you a couple of things about each of these from the outset. The auditor assesses, but does not exert too much control at all on inherent risk and control risk. The auditor, not only assesses and also has a lot of control over detection risk. Okay? Inherent risk is a risk, it is the risk, that an account balance or an assertion is materially misstated before consideration of the internal controls over financial reporting at that client. Control risk, is the risk that that client's internal controls over financial reporting will fail to detect or prevent the inherent risks from materializing. Those two together, and I'll show you again here in a second. Those two together, inherent risk and control risk are called the risk of material in a statement, okay? The auditor assesses mostly, doesn't control either these very much at all, and they're collectively called inherent and control, the risk material statement. Detection risk is what the auditor, that's the decision variable for the auditor.
