It is no longer news that risk based approach to auditing has come to stay. Risk based auditing is the concept of basing the overall auditing procedures on the foundation that is built through the application of audit risk assessment and procedures. We all know that the aim of auditing any subject matter is to give credibility to the assertions that might have been made by the preparer of the subject matter or accounting information.
In order for auditors to live up to the expectation of giving credibility to piece of information, the auditor needs to follow prescribed procedure of gathering and analysing evidence so as to reduce the risk of giving the wrong opinion about the subject matter.
According to the International Standards on Auditing (ISA 200), for an auditor to obtain reasonable assurance, the auditor shall obtain appropriate sufficient evidence that will help ensure that audit risk is reduced to an acceptable level. This requirement of ISA 200 cannot be achieved if auditors do not methodologically assess the risk of audit engagement during the planning stage of auditing. Having a working definition of the phrase “audit risk” is vital to explaining audit risk assessment and procedures, hence, the next paragraph will endeavour to explain what the phrase mean.
WHAT IS AUDIT RISK?
In simple language, audit risk is the probability that a professional accountant gives inappropriate opinion. One of the fundamental objectives of auditors while performing audits is to identify and assess the risk of material misstatement in financial statements or other forms of documentations, whether caused by error or fraud. Audit risks are those factors that hinder the auditor from achieving the objective that he or she is to achieve.
Audit risk is a function of three variables namely; (1) Inherent Risk, (2) Control Risk, and (3) Detection Risk. The total audit risk is obtained by multiplying the values assigned to these variables by auditors. Best practice suggests that detection risk is brought down to the lowest possible level while taking into consideration the cost implication of performing auditing procedural steps.
MEANING OF AUDIT RISK ASSESSMENT
Audit risk assessments are those carefully designed actions that auditors take in order to be complaint with the provision of ISA 315. The standard requires auditors to identify and assess risks of misstatements through gaining understanding of entity and its environment. The bottom line is to get a sort of guide that would aid the design of audit procedures and testing.
Professional Accounting bodies like ACCA encourage their members to exercise professional scepticism in the discharge of their duties as information assurance professionals. What this means is that auditors must possess both enquiring mind and high level of professional judgement.
AUDIT RISK ASSESSMENT PROCEDURES
It all starts with gaining good understanding of the entity and its business environment. Auditors are mandated to obtain sufficient information that will lead to the understanding of; their client’s business, their client, their client’s operating environment and the internal controls in operation. This also include things like accounting policy that a company selected, ways that strategies are implemented by a company in the bid to achieve set objectives, the ownership structure of an entity, measurement of financial indicators, implementation of corporate governance, etc.
This understanding can be gained from a variety of sources including: industry publications, information from the accounting firm, information from the client, the auditor’s business and professional experience, etc.
After gaining full understanding of a business and its environment, the auditor would then perform some analytical procedures to help identify trends and variances. Simple management accounting tools like ratio analysis or even sensitivity analysis are employed by the auditor while performing analytical procedures and testing. ISA 520 is very in its definition of analytical procedures when it defines it as “the evaluation of financial information through analysis of plausible relationships among both financial and non financial data”
The next step in the audit risk assessment process involves the use of soft skills and professional experience. Observation and inspection of processes and documents gives auditor an idea of what might possibly go wrong. For example, during observation of control procedure, an auditor might notice that a control is not adhered to.
IMPORTANCE OF RISK ANALYSIS IN AUDITING
Risk analysis and assessment is one of the most important stages in auditing. By carrying out a well thought our risk assessment, auditors are placed in a better position to:
- Identify potential areas that are vulnerable to any kind of misstatement
- Significantly reduce the risk of losing reputation and clients
- Plan procedure that will help reduce identified areas that are prone to misstatement
- Increase their chance of giving more accurate opinion
- Save time, cost and other resources
- Comply with relevant standards
- Be more efficient and effective in the overall audit assignment
When done rightly, the benefits of engaging in assessing audit risks during the planning stage of an audit and assurance engagement will surely outweigh any possible costs or investment that might have been incurred in the process.