Risk of Material Misstatement for Revenues
Risk of material misstatement for revenues is the risk that material misstatement occurs in revenue account but the internal controls related to revenues cannot prevent or detect such misstatements.
In general, risk of material misstatement is the probability that the material misstatement occurs but the internal controls can’t prevent or detect it. Likewise, it is a combination of inherent risk and control risk.
As auditors, we assess the risk of material misstatement for revenues by identifying both inherent and control risk related revenue account and designed proper audit procedures to respond to the assessed risk.
Likewise, if both inherent and control risk is high which results in a high level of risk of material misstatement, we will need to lower the detection risk as much as we can so that we have an acceptable low level of audit risk.
Inherent Risk for Revenues
Inherent risk is the risk that occurs on the relevant account before considering the controls procedures in place. It is the susceptibility of the account to misstatement. In this case, it is the susceptibility of revenue account to misstatement.
Inherent risk for revenue is directly related to the revenue transactions of the company. The level of risk here depends on the nature and complexity of the revenue transactions.
Some examples of inherent risk for revenue include:
- revenue may be overstated by management to meet certain target due to incentive or pressure
- revenue may be overstated by not recognize the after-sale service or other obligation related to sales
- revenue may be recognized when it is not supposed to do so, e.g. products were placed at distributors’ store to sell, but they can be returned if sales are not made within a certain period.
- allowance for sale return may not be recorded or recorded in less amount, e.g. those company that has sale return policies attached with its sales usually need to recognize the allowance for sale return.
- record sales that did not occur yet, e.g. record sales on the orders that have not been shipped
- record sales in the wrong period, e.g. record sales that occur after year-end in the current year.
Revenue recognition is the most common inherent risk in revenue accounts that can lead to an overstatement of revenues. Hence, when dealing with revenues we usually consider the following questions:
- What does the company’s business sell, a single product or a bundle of products?
- Do the products that are sold include after-sale service?
- How does the company deal with sales return?
- When does the company recognize its sale?
Fraud Risk for Revenues
We usually assess fraud risk related to revenue account by brainstorming what can go wrong with the business’s nature, transactions and policies after obtaining an understanding of the client’s business. We also assess the strength and weaknesses of controls for revenues which may lead to the opportunity to commit fraud.
Additionally, the result from preliminary analytical procedures on revenue account, e.g. comparing revenues to last year or comparing the growth of revenue to another company in the same industry, can provide us an insight into any insignificant or unusual variance which could be due to fraud or error in the revenue account.
Fraud risks relate to revenues may include the following:
- make an agreement with the customer to return goods a certain period, e.g. after year-end in order to increase sales at year-end.
- record sales that occur after year-end in the current year
- record consignment sales as final sales
- create fictitious invoices to record sales
- record purchase order as sales
- record sales on the shipment that never happen
- misappropriate goods by shipping goods to customer or third party without billing
Control Risk for Revenues
After identifying the inherent risk and fraud risk related to the revenue account, we need to obtain an understanding of the internal controls that the client has in place to prevent or detect such risks. Likewise, we need to assess the control risk related to the identified risks.
Control risk for revenues is the risk that control procedures fail to prevent or detect the material misstatement in revenue account. It may happen due to there is no proper control in place for revenue account or the control procedures are not properly executed by related personnel as they are intended.
Both the level of inherent risk and control risk directly affect the level of risk of material misstatement for revenues. In this case, when the inherent risk is high, the level risk of material misstatement will depend entirely on control risk.
For example, the client’s business has a lot of sale transactions that attach with 30 days return clause and after-sale services. But the client has reasonable provision and allowance for sale return policy and after-sale services, in which they are based on appropriate analysis of historical data and customer behavior evaluation.
In this case, we may assess the inherent risk as high because the revenues may be improperly recognized due to the complication of the sale return clause and after-sale services.
However, since the client has proper internal control procedures in place to prevent or detect material misstatement related revenue recognition, we can assess the control risk here as low. Hence, the level of risk of material misstatement for revenues will not be so high as the internal control procedures can help to reduce the level of risk to some extent.
Proper internal controls in place can help to minimize the risk of material misstatement that can occur on the revenue account.
In this case, segregation of duties and authorization are usually the main controls for revenue that can prevent the risk of material misstatement that can occur due to error or fraud. Other controls such as reconciliation and performance review are also important to detect errors or fraud on time.
Some examples of control procedures for revenues include:
- sales can only be recorded with properly customer purchase orders and shipping documents
- persons who made the sales and record the sales are different
- proper authorized price list, in which only authorized person can make the change to the price list
- pre-number customer order, shipping document, and sale invoices. Pre-number can ensure completeness as well as the occurrence of revenue transactions when we examine for duplication of the transaction record.
- reconciliation between sales and inventory are properly made and reviewed
- reconciliation between sales in sale journal to those posted in receivables
- goods only shipped with authorized shipping order. This can prevent fraud of misappropriating goods where the shipping department staff may ship goods to the third party without billing.
- performance review, e.g. monthly review by comparing the actual revenue to those of the budget or forecast. It helps to prevent or detect misstatement which is due to error or fraud on time.
It is useful to note that we need to perform the test of controls to obtain sufficient appropriate audit evidence to support our assessment when we assess the control risk as low. We should never rely on the client’s internal controls to reduce substantive tests without performing the test of controls first.