Studies and Scientific Researches. Economics Edition, No 20, 2014  http://sceco.ub.ro 

 
RISK-ASSESSMENT PROCEDURES AND ESTABLISHING 

THE SIZE OF SAMPLES FOR AUDITING FINANCIAL 
STATEMENTS 

 
Botez Daniel  

“Vasile Alecsandri” University of Bacău 
daniel63331@yahoo.com  

 
 

Abstract 
In auditing financial statements, the procedures for the assessment of the risks and the 
calculation of the materiality differ from an auditor to another, by audit cabinet policy or 
advice professional bodies. All, however, have the reference International Audit Standards ISA 
315 “Identifying and assessing the risks of material misstatement through understanding the 
entity and its environment” and ISA 320 “Materiality in planning and performing an audit”. 
On the basis of specific practices auditors in Romania, the article shows some laborious and 
examples of these aspects. Such considerations are presented evaluation of the general inherent 
risk, a specific inherent risk, the risk of control and the calculation of the materiality. 
 
Keywords 
audit of financial statements; inherent risk; materiality 
 
JEL Classification 
M42 
 
 
 
Introduction 
Professional standards in the field statutory audits provide a series of procedures that 
auditors they put a few challenges with a professional. One of them, the matter shall 
be referred to the procedure for determining the size of samples. So, in order to 
determine sample size, he/she must go through a few steps:  
1. Assessment of the general inherent risk  
2. Assessment of the specific inherent risk   
3. Calculation of materiality 
4. Assessment of the risk of control  
5. Analytical Review preliminary 
6. Determining sample size 
Note that these steps follows procedure by which the auditor also obtained 
information in the understanding entity and the environment or, in accordance with 
the provisions ISA 315 “Identifying and assessing the risks of material misstatement 
through understanding the entity and its environment”. This information serves as the 
basis of the identification and assessment of risks of significant misstatement 
(inherent risk and the risk of control). 
 
 
Assessment of the general inherent risk  
Inherent risk assessment resulting from general information relating to management 
and accounting environment, nature of the business entity and significant matters 
concerning the auditing. On the basis of concrete aspects that form the basis of the 

44 

 



RISK-ASSESSMENT PROCEDURES AND ESTABLISHING THE SIZE OF SAMPLES FOR AUDITING FINANCIAL 
STATEMENTS 

assessment, inherent risk is assessed on a scale from 1 to 5, from very low to very 
high. 
For the study we have done the assessment of the risk inherent in general on the basis 
of information obtained from two customers of audit, A and B, with a relatively 
similar situation. Thus, for both customers do not there are aspects that will lead to 
assessment of a very high risk. High risk is given by the situation in which the 
management contains shareholders. It is a common situation, in which the 
shareholder/shareholders are at the same time and managers, which is not necessarily 
indicative of a high risk. Other aspects need not entail the assessment of a high risk. 
Financial position and liquidity falling within limits considered normal. The 
management should be considered integrate and have experience in the field of 
activity. In the accounts working competent personnel, there are no delays in 
reporting and the entity does not have a complex structure or a huge size. 
Operating activity has a relatively linear character, which is based on an activity of 
production with continuous character. Previous audits have not revealed significant 
negative aspects, and their views have been without reservation. In this situation it 
may be observed that the evaluation lead us to a low level of risk, and by inducing a 
degree of additional precautions our conclusion is that it is a general risk inherent in 
MEDIUM, for both wireless clients. 
 
 
Assessment of the specific inherent risk  
The assessment of specific inherent risk shall be based on the information collected in 
phase in the knowledge of the consumer and documented properly in the file task. 
ISA 315 specifies that the identification and assessment of risks of significant 
misstatement shall be carried out at the level statements for the classes of transactions, 
balances of the accounts and presentations. Understanding customer’s business 
experience and auditor plays a crucial role. 
To assess this risk, we suggest that after identifying significant areas, to their attach 
risk inherent in specific resulted from the existing rules in professional, which 
involves the answer to six questions: 
1. Subject system errors/system inadequate/manual system  
2. Accounting for this area worse professional training 
3. Complex operations 
4. Risk of loss/misuse/fraud 
5. Many professional judgment/calculations 
6. Unusual Operations 
We can draw up following matrix, according to receive six affirmative answers to 
these questions, on the basis of which to determine the level of specific inherent risk: 
 

1,2 Very low Low    
3,4  Low Medium High  
5,6   Medium High Very high 

 
The auditors are already familiar with the array of reference for establishing the risk 
inherent in factor, referred to in section B7 of the guide for an quality audit: 
 
 
 
 
 
 

45 

 



Botez 

Inherent  

Very  
low Low Medium High 

Very 
high 

1 2 3 4 5 
Specific      

Very low 5 4 3 2 1 
Low 4 3,25 2,5 1,75 1 
Medium 3 2,5 1,75 1,5 1 
High 2 1,75 1,5 1,25 1 
Very high 1 1 1 1 1 
 
For our study we have kept customers and suppliers of the customer A and finished 
products and suppliers of the customer B. For customers of A, we’ve set a  specific 
inherent risk MEDIUM, resulting in a risk inherent factor in 1.75 , for suppliers  a 
specific inherent risk LOW, that is a risk factor of 2.5, and for finished products B and 
suppliers B, specific inherent risk MEDIUM, so inherent risk factor is 1.75. 
 
 
The calculation of the materiality 
The materiality shall be calculated in the following assessment of the risk inherent in 
the level of the latter being reference basis for auditor’s reasoning. So, when the 
general inherent risk is higher, the materiality is lower, and vice versa.  
Note: ISA 320 “Materiality in planning and performing an audit”, in the form as 
revised applicable with effect from 15 December 2009, no provision for mandatory 
preliminary value distribution of the threshold of significance in relation to general 
balances of the accounts, classes of transactions and presentations of information. 
It is possible that in some cases the value of the threshold of significance to the 
financial statements as a whole to be suitable for the purpose of establishing some 
samples which would lead to the degree of assurance required. But there are also 
circumstances in which the auditor must use values lower than this. ISA 320 
introduce the concept of performance materiality, which makes a request for the 
addition of value to auditor’s reasoning establishing a low level of materiality to 
reduce to a reasonable level likely uncorrected distortions or not detected to exceed 
the materiality for financial statements as a whole. 
On the other hand, ISA 320 provides for entity’s specific circumstances in which the 
auditor also may lay down and use values well below the materiality for certain 
classes of transactions, balances of accounts or presentations. ISA 320 shall submit, as 
a reference basis, particular cases where the auditor can do, no longer be compulsory 
for all items for the different levels of materiality for financial statements as a whole. 
For case study we’ve set the materiality to the financial statements as a whole for the 
two entities of reference, from the average of between the smallest and the largest 
value of six reference values calculated on the basis of a model which calls up to three 
relevant indicators in the financial statements: 1-2% of turnover, 1-2% of assets and 
5-10% of the profit. After carrying out these calculations have established the 
materiality to the following values: 
Materiality Company A: 200.000 lei 
Materiality Company B: 300.000 lei 
 
 
Assessment of the risk of control 
Control risk assessment is based on the information collected in respect of the system 
of internal control and documented in the appropriate working sheets. Under the 
conditions in which the auditor also considers that the information on the state of the 
environment of the control and monitoring mode to carry out the inspections are 

46 

 



RISK-ASSESSMENT PROCEDURES AND ESTABLISHING THE SIZE OF SAMPLES FOR AUDITING FINANCIAL 
STATEMENTS 

appropriate and shall be based on the findings internal control, implement tests to 
confirm proper operation of the machine.  
Assessment of this risk involves, therefore, in addition to reasonable character 
organization discovery system of internal control, the existence and application of 
procedures for testing and effectiveness of controls. As a general rule, these 
procedures shall be developed by each cabinet of audit. It is a very important aspect 
because on the basis of the result testing internal controls the auditor also determines 
in which may be based on the findings internal control on a scale of 1 to 5, and attach 
the factor 1 a high risk and the factor 5 a low risk. For the purpose of this study, we 
can establish that he/she has not considered it appropriate to rely on internal control 
findings and, as a result, assessed control risk at the level of 100%, following the 
factor of 1. 
 
 
Preliminary analytical review 
Analytical procedures claim our understanding of auditor of the entity and the 
environment or helping him in adequate evaluation of the risk of serious distortions. 
As a matter of principle, they shall consist of comparisons between the various 
financial information concerning the entity as well as information for precedent 
periods such as indicators of liquidity, solvency, performance, or the main categories 
of expenditure, and the identification of significant variations which require specific 
attention. From the point of view of the calculation of sample size, pre-analytical 
revision used in fixing by auditor of a factor of relevance on a scale of 1 to 3, the 
factor 1 representing the situation that analytical review is not granted no relevance, 
while the factor 3 assumes that the review did not reveal unusual items. 
Sample size calculation has as reference table for the calculation of the guide on an 
audit of quality, used in professional practice in Romania, to section B7: 
 

Element Population Materiality 
Inherent 

risk 
factor 

Control 
risk 

factor 

Analytical 
Review 
factor 

Sample 
minimum 

level 
Customers A 3.422.000 200.000 1,75 1 2 5 

Suppliers A 1.201.500 200.000 2,5 1 2 1 
Finished 
products B 2.069.063 300.000 1,75 1 3 1 

Suppliers B 1.849.625 300.000 1,75 1 3 1 

 
By means of the procedure for the establishment of the samples levels have been laid 
down their minimum. To validate reasoning’s that we made, we will present 
procedures by which we audited those structures. Analysis of structures taken as 
example emphasizes the following: 
Customers A: The balance of 3.422.000 lei is composed of 90 clients, of which 6 have 
a value of the balance over the value of the materiality. The sum of them is of 
2.316.675 lei, which represents 68% of the total. We can assume the sample results 
are satisfactory. 
Suppliers A: The balance of 1.201.500 lei is composed of 114 suppliers, of which 
only one exceeds the value of the materiality, with a balance of 546.484 lei, 
representing 45%. In this situation, in order to obtain an adequate level of insurance 
for suppliers, the auditor must extend sample size to 3 components, each with a value 
over 150.000 lei, which have a value 858.053 lei, representing 71% of the total value 
of the balance, a comfortable situation.  

47 

 



Botez 

ISA 320 provides that the performance materiality may be represented by one or more 
of the values. If the auditor would be determined by planning a threshold of functional 
significance of 150.000 lei for similar items suppliers, sample size would have been 
different. 
Finished products B: The balance of 2.069.063 lei is composed of 51 items of which 2 
are located above the materiality, with a cumulative value of the balances of 830.820 
lei, representing 40% of the total. To obtain the assurance required, the auditor also 
lays down a sample of 5 items with a value of 1.413.399 lei, representing 68% of the 
total balance, which would have resulted in the planning stage if he had established a 
performance materiality of 100.000 lei. 
Suppliers B: The balance of 1.849.625 lei is composed of 208 suppliers, no balance 
individually does not exceed the value of the materiality. If the auditor would be 
established a smaller performance materiality, 100.000 lei, then that’s it is located 4 
suppliers with a cumulative value of the balances of 599.046 lei, representing only 
32%. In this situation, the auditor would have had to establish a performance 
materiality less than, 50.000 lei, and then in the sample shall enter 10 items with a 
cumulative value of 946.555 lei, representing 51%, which correlated with the assessed 
risk can be considered satisfactory.  
As a result of these successions, the establishment of performance materiality at the 
planning stage would have resulted in a minimum size of the samples closest to the 
requirements for obtaining the degree of assurance required, such as: 
 

Element Population Materiality 
Inherent 

risk 
factor 

Control 
risk 

factor 

Analytical 
Review 
factor 

Sample 
minimum 

level 
Customers A 3.422.000 200.000 1,75 1 2 5 
Suppliers A 1.201.500 150.000 2,5 1 2 2 
Finished products B 2.069.063 100.000 1,75 1 3 5 
Suppliers B 1.849.625 50.000 1,75 1 3 7 

 
On the other hand, a rigorous approach to risk assessment and analytical procedures, 
through the inclusion of some degrees of precaution raised, may change the value 
factors, with significant impact over the size of samples.  
 
 
Conclusions 
Determining sample size represents an adjustment procedure again based on auditor’s 
reasoning, which brings together all the information and assessments have been 
observed with respect to entity. 
In the first place, assessment of the general inherent risk has a significant influence on 
thoughts on fixing of general materiality, and together with the inherent risk specific, 
by placing them in the matrix for the identification of the risk inherent in factor, on a 
scale from 1 to 5 they have a significant impact on sample size calculation. 
Secondly, ISA 320 leave the responsibility and at the expense auditor’s reasoning 
both fixing of global materiality, and use of performance materiality or set materiality 
for specific classes of transactions, balances of accounts or presentations. This 
constitutes a margin of action wide enough for auditor and allows the operator to 
obtain the assurance necessary. 
Thirdly, the establishment of control risk factor attached on a scale of assessment 
from 1 to 5, has a significant impact on sample size. It is necessary that the auditor, on 
the basis of tests carried out on the system of internal control and document and 
establish various factors for the various structures of financial statements.  

48 

 



RISK-ASSESSMENT PROCEDURES AND ESTABLISHING THE SIZE OF SAMPLES FOR AUDITING FINANCIAL 
STATEMENTS 

Last but not least, preliminary analytical review must have regard to the indicators 
and representative structures for the activity entity, as establishing a relevant factor on 
a scale of 1 to 3 has a significant impact over the size of samples. 
 
References 
CAFR (2014), The Guide of an Quality Audit, Bucharest. 
ISA 315 “Identifying and assessing the risks of material misstatement through 

understanding the entity and its environment” and ISA 320 “Materiality in 
planning and performing an audit”, in IAASB - Handbook of International 
Regulations for Quality Control, Auditing, Review, Other Assurance Services 
and Related Services, Edition 2012, vol. I, translated and reissued the CAFR, 
Bucharest, 2013. 

49 

 


	Inherent 
	Specific