Materiality = quantity and qualityBoth the amount (quantity) and nature (quality) of misstatements are relevant to deciding what is material. Show
How does materiality apply in an audit?The objective of a financial statement audit is to enable the auditor to express an opinion as to whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. This is a separate responsibility and a separate decision from that made by the entity itself when preparing the financial statements. In auditing, materiality means not just a quantified amount, but the effect that amount will have in various contexts. During the audit planning process the auditor decides what the level of materiality will be, taking into account the entirety of the financial statements to be audited. Materiality relates to both the content of the financial statements and the level and type of testing to be done. The decision is based on judgements about the size, nature and particular circumstances of misstatements (or omissions) that could influence users of the financial reports. In addition, the decision is influenced by legislative and regulatory requirements and public expectations. If, during the audit, the auditor acquires information that would have caused it to determine a different materiality level, it will revise the materiality level accordingly. Determining materiality in an attestation audit can be challenging when the scope of the audit cannot be quantitatively measured. As stated in an AICPA Discussion Paper, “When providing assurance services, it’s important that practitioners understand what information will most significantly impact stakeholders’ decision-making process, which is central to a practitioner’s consideration of engagement materiality.” In this post, we will cover topics such as materiality in auditing, AICPA materiality considerations such as the risk for attestation engagements, and finally materiality responsibilities specific to SOC 1 and SOC 2 reports. For SOC reports we specifically will focus on materiality as it relates to the suitability of design, system description, and operating effectiveness of controls. What is Meant by Materiality and How is Materiality Used in Auditing?In attestation engagements, auditors are required to use their expertise when determining materiality when the scope does not include information that can be quantitatively measured. While there is no materiality calculation in SOC audits like in financial state audits, auditors are still required to consider how materiality could end in a misstatement for each specific engagement. During the planning and completion of the audit, some of the following factors are as follows: Whether factors, such as performance indicators, could impact the audit outcome.
Based on the list of sample considerations listed above, auditors can consider the materiality of misstatement while performing walkthroughs of internal controls and gathering evidence. What is Audit Risk and Materiality?The AICPA defines the risk of material misstatement as “the risk that the subject matter is not in accordance with (or based on) the criteria in all material respects or that the assertion is not fairly stated, in all material respects.” As part of audit procedures, and as a way of mitigating audit risk and risk of material misstatement, the auditor is required to perform risk assessment procedures. Risk assessment procedures can include the following: Characteristics of information being audited.
How Do You Plan Materiality?While performing attestation audits, such as SOC 1 and SOC 2 examinations, the auditor considers audit risk and materiality when determining the nature, timing, and extent of audit procedures. Depending on the services provided, industry, or type of information being stored, risk factors can change. This also affects the nature, timing, and extent of testing. For example, if a client works in the health industry, the nature of testing may require a mix of inspection, observations, and inquiry tests. Additionally, the timing is dependent on the complexity of the company. The more complex a company is, it increases the likelihood that they end up testing on a more frequent basis. Finally, the extent of audit procedures determines whether the auditor will rely on automated testing or increase testing frequency to determine if controls are operating consistently. Examination audits, such as SOC 1 and SOC 2, consider materiality in four main areas of the audit: suitability of design, system description, testing and operating effectiveness of controls, and reporting.
To sum up the information presented above, if there are exceptions that the auditor believes meet the threshold and is considered material, the result and specific reasoning can be found in the auditor’s opinion. In SOC 1 and SOC 2 reports, this deviation can be found in either section I or section II, depending on the layout of the report. On the other hand, if an exception is found but does not meet materiality, details of that exception can be found in testing of the controls, in section IV. Additionally, most reports will have an “Other Information” section which includes additional details around the exception and what the company is doing to mitigate the risk of an exception occurring in the future. Materiality Summed UpDetermining materiality, especially in attestation audits, requires that the auditor consider those things that are not quantifiable so that report users are not misled by the opinions presented within the reports. If your company is thinking about or currently undergoing an audit, it is key for your organization to be transparent with the auditor. This will allow them to properly plan for possible misstatements and provide users of the report the information they are interested in understanding. Ultimately, this will help avoid a material misstatement by miscommunicating a control design or system description. And finally, having a consistent process in place that is trackable and clear will help avoid material misstatements that can come from testing and operational effectiveness of controls. Linford & Co offers a variety of services, including SOC 1 Audits, SOC 2 Audits, HITRUST Assessments, and more. Contact us if you would like to speak to an auditor about what we can do for you and your company. Jaclyn Finney started her career as an auditor in 2009. She started with Linford & Co., LLP. in 2016 and is a partner with the firm. She is a CISA with a special focus on SOC, HITRUST, FedRAMP and royalty examinations. Jaclyn works with her clients to provide a process that meets the needs of each customer and generates a tailored report that is useful to the client and the users of the report. Related Posts:
How does materiality affect the audit work performed by auditors?Judgements about materiality are made in the light of surrounding circumstances. They are affected by auditors' perceptions of the financial information needs of users of the financial statements, and by the size or nature (or both) of a misstatement. The concept of materiality is therefore fundamental to the audit.
What is audit materiality and how does it relate to audit risk?risk when conducting an audit.
Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements. Materiality depends on the size of the item or error judged in the particular circumstances of its omission or misstatement.
How materiality will effect the audit process?In auditing, materiality means not just a quantified amount, but the effect that amount will have in various contexts. During the audit planning process the auditor decides what the level of materiality will be, taking into account the entirety of the financial statements to be audited.
What impact did audit risk have on the materiality calculation?Higher risk could cause an auditor to reduce tolerable misstatement at the financial statement level to 40% or 50% of planning materiality. Lower risk could cause an increase in the factor to 80% or 90%.
|