San Francisco

Peer Review Focus on Audit Risk Assessment

By Tom Parry, Navolio & Tallman LLP

The Risk Assessment Standards were issued in 2006. However, based on recent peer review data, it appears that many auditors continue to struggle with implementation.

The four most common riskassessment violations that have been identified are failure to gain an understanding of internal control; incomplete or non-existent risk assessment; not linking risk assessment to their response; and assessing control risk as less than high without appropriate tests of controls. Here is a brief review of what is required in each of these areas to be in compliance with the Standards.

Internal Control

Auditors are expected to consider what could go wrong as the client prepares its financial statement, identify the controls intended to mitigate those financial reporting risks and evaluate the likelihood that the controls are capable of effectively preventing, or detecting and correcting, material misstatements.

Insufficient risk assessment

Regardless of the nature and extent of substantive procedures, auditors are expected to identify the client’s risks of material misstatement (RMM) by gaining an understanding of the client and its internal control, assessing the risks at the relevant assertion level and financial statement level, and designing or selecting procedures that respond to those risks.

No linkage

Audit procedures should be responsive and unique to each client’s financial statement and relevant assertion-level risks for significant classes of transactions, account balances or disclosures, as no two entities have the same risks. The linkage is at the assertion (not account) level.

Improper control risk

Auditors can only reduce control risk below maximum when they have tested controls and are relying on their operating effectiveness.

To access free resources to help you assess and respond to risk appropriately, visit the AICPA risk assessment toolkit at resources.html.

Tom Parry

Tom Parry

Navolio & Tallman LLP, San Francisco (CA), USA
T: +1 415 956 1750
E: This email address is being protected from spambots. You need JavaScript enabled to view it.; W:

Navolio & Tallman LLP is a boutique CPA firm located in San Francisco. Their holistic approach to working with clients, their relationships based on trust, and their advanced accounting and tax expertise are the perfect combination to help clients meet and exceed their goals.

Tom Parry is in charge of quality control at Navolio & Tallman. He is the current chair of the AICPA Peer Review Board and member of the Quality Control task force of the Auditing Standards Board. He also provides peer review and quality control services at the firm and engagement level for other firms.

Published: Auditing, Reporting  & Compliance, No. 01, Spring 2019 l Photo: Oleg Podzorov -


Ggi Logo 150x109px

GGI Global Alliance AG

Sihlbruggstrasse 140
6340 Baar


T: +41 41 7252500
F: +41 41 7252501
This email address is being protected from spambots. You need JavaScript enabled to view it.