 In this presentation, we will discuss inherent risk and control risk as it relates to the purchasing process. So, you'll recall we're in the auditing strategy. We're considering the purchasing process. We've gone through that purchasing process. Now, we want to consider those risk factors. So, recall that we want to consider within the auditing process the inherent risk. First, a word from our sponsor. Well, actually, these are just items that we picked from the YouTube shopping affiliate program, but that's actually good for you because these aren't things that we're just given to us from some large corporation which we don't even use in exchange for us selling them to you. These are things that we actually researched, purchased, and used ourselves. Bayer Dynamic? Not sure if I said that right, but this is the DT770 Pro 250 OHM Studio Reference Closed Back Headphones. I wear headphones basically every day for a large part of the day. They are important to me. Therefore, I've gone through many different kinds of headphones. I've had these for some time, and they've worked quite well. They fit over my ears, but I'm still able to put my glasses on under the headphones. The headphones not pinching too tight on the glasses to give me a headache, which is nice. The quality of the patting is good, and it has lasted for some time. I've had these for some time now, and they haven't gotten all torn up on me or anything like that. I also like that I have a cord when I'm doing my recordings as opposed to a USB-centered headphone because that frees up a USB port, and I find the USB headphones to be less reliable. They come with an audio jack that looks like this, which is useful for me because that plugs into my audio interface. However, if you want to use the headphones for some other purpose, I believe it's fairly easy to get a converter to other types of audio jacks. If you would like a commercial-free experience, consider subscribing to our website at accountinginstruction.com or accountinginstruction.thinkific.com where we have many different courses. You can purchase one at a time or have a subscription model giving you access to all the courses, courses which are well organized, have other resources like Excel files and PDF files to download, and no commercials. The control risk, and then use that to determine what we should set the detection risk to be, that then determining what we want to put in terms of substantive testing or how much or how many substantive testings need to be put in place. We'll recall then that when we think of inherent risk, we're thinking of those risks that are inherent to the organization. You want to think about it in this format. In the inherent risk, when we're thinking about inherent risk, we're trying to remove the internal controls and just say, what is the inherent risk or how inherently risky is this process without the internal controls? That's just the inherent risk of the business model, the business setting, the standard functions that are going to be in place just within the process. We want to think about whether the inherent risk is great or small. Then we think about the control risks. Those are the risks, those are the things, the controls that the management, the company put in place to safeguard against those inherent risks. Those inherent risks the company is worried about that will be problems to the company, which we are worried about as auditors because they're going to affect whether or not the financial statements have been reported properly because if there is a problem in these areas, there's probably even either an error or some type of fraud possibly that which could make the financial statements not be reported well. What we want to do then is think and look at the inherent risk, take a look at the control risk, then use that to see what we want to set the detection risk to be and then think about how much substantive testing we want to do of this process. So inherent risk assessment industry related factors will include is supply of raw materials adequate. Notice that different industries might have different basically supply requirements for the raw materials. If we're creating something, if we're creating say inventory, we might have a question about what the raw materials are and whether or not they're going to be basically out of it. Are they there? Are they something that we are able to get? In other words, if we only have a few suppliers, a few vendors of particular items that we need, that could be a problem within the purchasing cycle. If we have a lot of different vendors, if one vendor goes down and we could purchase from a lot of different vendors, then we don't have as much of a problem. For example, if we needed to purchase like a precious metal or something like that to go into our purchasing process and there's only one company that has that precious metal, then that's more inherently risky to the to the organization than if we're purchasing something that's fairly common like water or something like that. And you say, well, if one company goes down, that's who we mainly purchase from our water, but we could probably go somewhere else wouldn't have much of a difficulty there. So that's one kind of inherent risk factor with regards to the purchasing process. Who do we purchase from? And how specializes that purchasing? How volatile are raw materials prices? So obviously, when we think about our purchasing process, when we think about making inventory, we're thinking about what's going to be our profit margin. And we want to make sure if we have a type of material that's going to vary a lot in terms of the costs of the material, that could be making it difficult for our purchasing process that could cause problems, of course, making our purchasing process more inherently risky. If we're looking at types of raw materials that are fairly stable in terms of price, that's probably going to make our purchasing process less risky, and more easy for us to manage through. If I could be very certain about what the estimated price will be, it's pretty constant throughout the whole process of our primary purchasing items. That makes it a lot easier for me to put in a process and for me to test it as well. If the price is very volatile, then it's a lot more difficult for us to put in a process that's going to make sure to safeguard against any errors that could happen because they're not going to be as easily detectable given the fact of the volatility and the price of the things we're looking at. So misstatement fraud in prior audits is also going to be an inherent type risk factor, just part of the business that we are in. The purchase process is not usually difficult to audit and does not present continuous auditing issues. So in other words, this isn't a place that we would often expect that we would have a problem within the auditing process. However, the auditor's past experience in audits needs to be considered when assessing inherent risk. So we want to say, what happened last year? What happened last time? If this is a continuing client, like it normally is for most type of clients, then we could consider what happened last time and factor that in. We'll factor that in where in our formula and the inherent risk type of calculation. Then we have the purchase process internal controls. Now we want to consider what the internal controls are. Remember that these are set up by management, but there's something that we are going to rely on in the audit to some degree. And whether or not we rely on it or the degree at which we rely on it will depend on and determine help us to determine how much substantive testing we will then do. So primary steps in setting control risks for the purchasing process will include understand and document the purchasing process using a reliance strategy. So we're going to document the process that they go through plan and perform tests of control on the purchasing transactions. So we want to say, Hey, what's your purchasing process? Then we want to test the controls. Recall that we're going to do tests of controls because we're hoping to come up to a conclusion that we can rely on controls and testing the controls, testing the checks and balances should take a lot less work in most cases than doing the substantive testing of testing all the transactions and testing the account balances. So we're hoping to do test of controls so that we can determine that we can rely on them to some degree, reducing the amount of detection the amount of substantive testing will need to do. And then we'll set and document the control risk for the purchasing process. So that's going to be our ultimate goal for the control risk will set the control risk. And those are the two factors that are kind of controlled by the by the company inherent risk by the business that they've chosen to be in the process that they have set up for it and control risk, meaning the controls that they have put in place in order to safeguard against the inherent risks, purchasing process, control risk information system, order will obtain the information below for each major class of transaction in the purchasing process. So we're going to go through this process, we're going to obtain this information related to it, the initiation process for the purchase, cash disbursements and purchase return transactions. So we want to know about then the initiation process, the cash disbursements and the purchase return transactions, the accounting records, supporting documents and accounts that are part of the purchase process, cash disbursement and purchase returns. We want to get information related to that, the flow of each type of transaction from initiation to inclusion in the financial statements. So how does this flow through with regards to one the initiation all the way to the financial statements, computer processing data should be included in this process. So note that of course the IT will be involved in this and we may need IT professionals to help us look into the system to make sure that we can understand and be able to audit the system, give us the rights to basically go through and test the audit within within the system and test different types of controls within it. The process used to estimate accrued liability, purchasing process, control risk assessment. After testing controls, the auditor will set the achieved level of control risk. So we're going to obviously test the controls, then we're going to set the control risk. If tests of control support the plan level of control risk, no modifications are necessary to planned detection risk. So if we if we don't have to make any modifications to the detection risk and we can move forward with everything as we planned, the auditor will process with the substantive procedures as planned, meaning we're going to say okay, we're at the level of control that in the control risk that we had determined it to be, therefore we can move forward with the substantive tests as planned. When tests do not support planned control risks, so what happens if we test the controls and they are below what we expect them to be, the auditor lowers the level of planned detection risk. So remember what we're talking about here with these, it's kind of easy to see what what we're doing relationship wise, but it can be difficult to know which direction these things are going. If we were to be tested on it or to or to, you know, talk about these type of factors. So obviously what we're doing is trying to rely on the controls. If we can rely on the controls, if they're good controls, then we're going to do less substantive testing. That's fairly obvious. But what does it mean to have the control? Or hopefully by now we've talked about it by. So what if the control, what does it mean for the control risk factors? Well, control risk is the risk that the problems will not be detected by the internal controls that are set up. So therefore if we're not relying on, if we cannot rely on the internal controls, the risks that the controls are weak are going to be higher. That means that we're going to increase the control risk because the controls are weak, whether not good. Therefore we increase the risk factor. The control risk is going to be higher because the controls are not going to detect and the detection risk then we're also going to, we're going to set lower because what we're trying to do is say the detection risk is going to be the risk that the audit test, the substantive test, the tests we're going to put in place are going to not catch the error. So, and that means we want to make that then we want to do more substantive testing, which will lower the risk that our detection risk wouldn't detect the error. So we can't rely on the controls. Control risk goes up. We're going to increase control risk and therefore we may, we need to make detection risk to go down to make the overall thing basically balance out. So we're going to decrease the detection risk by doing more substantive testing.