Risk-Based Auditing - Essay Example

Name: xxxxxxxx Tutor: xxxxxxxx Title: Risk Based Auditing Institution: xxxxxxxx Date: xxxxxxxx Introduction Risk largely dominates the auditing world. Audit risk is an auditor’s or audit firm’s risk. The risk of compensating clients for damages caused normally increase due to auditors negligent when attempting to display a true and fair perception of a set of organization accounts. Audit work in any organization normally entails some level of risk. The risk may a rise due to misstatement of company’s accounts. According to Kan (2007), the auditor’s failure to identify error or fraud normally results into the misstatement of company’s accounts. The misstatement of company’s accounts can also occur due to improper use of auditing policies by auditors. The use of inadequate sample sizes when determining the risk level can also result into misstatement of company’s accounts. Therefore, for auditors to ensure that the risks are minimized, they need to make sure that the financial statement of a company is correctly stated. The auditors need to adopt risk based audit approach so as to correctly state the financial statement of an organization. This paper therefore outlines and evaluates factors that auditors need to consider when implementing a risk based audit approach (Vallabhaneni, 2005). Factors to be considered when implementing a risk based audit approach According to Collings (2011), auditors need to identify a number of factors when implementing a risk based audit approach. Inherent risk, control risk and risk detection are important factors to consider when adopting a risk based audit approach. These factors normally assist auditors in assessing the level of risks that relates to a given area of an audit. Under the inherent risk, environmental factors such as the client’s background knowledge and the area that previously experienced auditing difficulties are considered against whether they would result into material error or not. This is usually done before taking into account the internal controls’ function. Within the control risks, system of internal controls is normally evaluated against the possibility of avoiding material error, or detecting the error in time through the use of the controls. Risk detection in implementation of risk based audit approach allows auditors to detect material error that is not selected by internal controls (Parkinson, 2004). When working with clients, it is essential for auditors to determine inherent risk. Auditors, in their assessment, need to ignore the possibility of clients having internal controls in place so as to assist in mitigating inherent risk. An auditor needs to consider the strength of internal control when evaluating the control risk of clients. The task of auditors, in evaluating inherent risk, is to assess how vulnerable the financial statements claims are to material misstatement of an organization. In order to reduce inherent factors, auditors need to consider both the environmental and external factors that normally increase inherent risk Parkinson (2004) argues that the environmental and external factors that can result into high inherent risk include rapid change, expiring patents, state of economy and availability of finance. Susceptibility to theft or fraud is a factor that should be considered by auditors when implementing a risk based approach. In case a given asset is vulnerable to fraud or theft, an account or balance level can be considered inherently risky. Therefore, Susceptibility to fraud should be considered by auditors so as to reduce inherent risk (Kagermann & Kinney, 2008). Prior-period misstatement is another factor that needs to be considered by auditors since it results into high inherent risk. The mistakes made by companies in previous years are normally carried forward in financial statements of the company. Auditors therefore when adopting a risk based audit approach need to consider prior-period misstatements with current period misstatements so as to find out if there is a need to ask the client to modify the financial statement for total misstatement. In auditing, understatement in a given period does not usually compensate the overstatement in another period. It is therefore important for auditors to determine prior-period misstatement so as to effectively adopt a risk based audit approach (Crumbley & Zabihollah, 2004). Auditors need to ensure that they are up dated with clients business and activities’ insight when implementing a risk based audit approach. This normally assists auditors to evaluate and develop the process of financial reporting and the company of a client. The way the clients do their business and manage their internal and external environments greatly provide auditors with information that is useful in auditing process. The collected information normally assist in designing the audit program that incorporates the most efficient and effective tests’ combination that are responsive to every client’s unique conditions. When adopting the risk based audit approach, auditors should also ensure that they reduces the risk of negligence. This normally speeds up the process of auditing. It also assists in allocation of specialists to particular areas of the audit. To be more economical, auditors need to determine evidences that are relevant and in how much detail (Collier & Agyei-Ampomah, 2006). When adopting risk based audit approach, auditors need to ensure that they identify and evaluate the risk that does not discover or will not discover material items. The duty of an auditor is to provide a fair and truthful observation of client’s set of organization financial statements, even if they are not guaranteed that they can prove that the organization financial statements are entirely free of irregularities and errors. In case the material item is realized, auditors need to consider the item’s context and presentation and then determine if it affects the true and fair observation of organization’s financial statement (Pickett, 2006). Auditing standards, SAS 220 claims that auditors need to consider materiality and its association with audit risk when planning and undertaking an audit. It is therefore important for auditors to consider materiality when implementing a risk based audit approach. Materiality consideration enables auditors to determine if the results of the test, examinations or enquiries are different from expectations. Auditing materiality is referred to as tolerable error. It is therefore important to determine the level of tolerable error when implementing risk based audit approach. This normally enables auditors to know if the actual errors in a sample size are less than tolerable error (Golden & Skalak, 2011). Sampling is an important aspect to consider when adopting a risk based audit approach. The main aim of any sampling method is to draw conclusions from huge set of data. The aim of audit sampling is usually to determine with enough confidence that several factors are free from misstatement of material. Through sampling auditors are able to conclude on the total data set, that is, a set of account balances, by testing sampling units that represent an entire population. Auditors are not always expected to check the whole business transactions and balances, but they need to be practical and familiar with materiality (Collier & Agyei-Ampomah, 2009). Two methods of sampling, which are judgment sampling and statistical sampling can be considered by auditors when implementing a risk based audit approach. Under judgment sampling, auditors can choose appropriate sample basing on what they consider as important. Statistical sampling is a sampling method that is normally considered to be scientific and mathematical. Khwaja & Leprick (2011) argue that under this method, appropriate samples are normally selected scientifically and mathematically. Auditors therefore need to apply these sampling methods so as to come up with a conclusion that represent an entire population. Several factors can be considered by auditors when choosing the correct sample sizes for auditing. Auditors should consider confidence levels of choosing a given sample so as to be sure that the chosen random sample reflects the features of a population from which sample was drawn. The sample outcomes and confidence level allows the auditor to know rate of error that lies within a given boundary. It is therefore very important for auditors to consider sampling and level of confidence when implementing a risk based audit approach (Pickett, 2005). The disclosure of complex financial statements is an important factor to consider when implementing a risk based audit approach. The board of directors is always a final body that is responsible for ultimate disclosure of financial statement of the company. Therefore, when adopting a risk based audit approach, auditors need to identify if the financial statement of an organization has some discrepancies. Pickett (2006) notes that they need to confirm that they are abiding by the standards of financial reporting. It is also the responsibility of auditors to verify that proper controls are in place. They need to ensure that shareholders, lenders and potential investors have enough information that can assist them to develop informed decisions. Though the management is responsible for developing fair financial statements’ presentation, auditors are always expected to ensure that the financial statements pass through the litmus test. Complex business models should be considered by auditors when implementing a risk based audit approach. Though the board of directors and management are always responsible for restoring the integrity of an organization, it is normally the responsibility of auditors to validate, either directly or indirectly, whether the business model of an organization is effective. Therefore, when implementing a risk based approach, auditors need to identify issues such as determining if an organization is capable of surviving or competing in the market, if the company is practicing effective business practices, if an organization has proper place for managing risk and if the corporate governance programs applied in an organization are that effective. Pickett (2005) argues that in order to minimize possible negative situations such as inconsistency in implementing auditing processes within the business units, erroneous data gathering and several gaps that are brought about by isolated information’s silos, it is important for auditors to consider the complex models of operation that many organizations applies. By considering complex models when implementing a risk based audit approach, auditors, when auditing, will easily understand the comprehensive visual map of the whole business that is vital to effective risk management, effective governance, quality issues and compliance. Therefore, the process of auditing normally faces several barriers that drag targets and jeopardize the legal and quality safeguards (Khwaja & Leprick, 2011). Risk quantification is an important factor to consider by auditors when implementing a risk based approach. In any endeavor, risk is an integral part. Though the unit and committee of managing risk are normally responsible for managing risk, it is always the duty of auditors to ensure that the program for managing risk operates well. The dynamic regulatory surroundings and complex inter-connectedness of functionalities of businesses normally makes it hard to evaluate the multi-faceted nature of business risk. Therefore to control the assessment difficulty, it is important for auditors to quantify risk so as to ensure that the audit management system to be applied in process cycles is very effective. The broad risk management is a main issue for boards of directors internationally. Therefore, its appropriate implementation ensures clear plus integrating all the interests of stakeholders into strategic equation. Quantification of risk is very important for managing the risk at strategic and tactic level, thus covering financial statements plus ethics considerations. Both upside and downside risks need to be evaluated so as to choose the most effective measures for controlling the risks and set up an efficient mechanism for financing the risk. Within the enterprise risk management framework, every organization is usually expected to control its risks, within the stipulated guidelines. The risk financing strategy is normally developed and established at corporate level so as to maximize the balance among threats and chances (McNamee, 1997). Corporate governance is an important factor to be considered by auditors when adopting risk based audit approach. A perfect framework for corporate governance normally consists of seven entwined elements, which include the board and its committees, lawful and regulatory concerns, practices and ethics of the business, transparency, monitoring, disclosure and communication. These factors therefore should be considered by auditors when implementing a risk based audit approach. Auditors need to review these factors and effectively report the findings on a scorecard. The company key documents such as incorporation’s articles, committee and board minutes, yearly report, rights of shareholders, code of ethics and conduct and events’ board calendar. When adopting a risk based audit approach, auditors need to ensure that the company management is sensitized and convinced of crucial effects it has on quality, business progress, compliance and operational profitability. It is also important for auditors to make sure that they work hand in hand with the committee to establish the responsibilities of audit department as they get support from the board and management (Collings, 2011). According to McNamee (1997), monitoring and oversight are important aspect to consider when implementing risk based audit approach. Auditors are always responsible for provision of additional input to the board of directors, management and audit committee. The inputs are normally in form of monitoring and oversight. Auditors need to ensure compliance monitoring and essential requirements’ enforcement. As a way of addressing weaknesses within the oversight programs, auditors need to create minimum standards for monitoring compliance programs for managing risk. The standards need to address compliance monitoring events such as technical assistance, documentation analysis and reporting of outcomes. Establishment of standards that controls non-compliance assist in minimizing fraud risks in an organization. Auditors should ensure effective monitoring and oversight through implementation of a system that asses and prioritize the timing and nature of reviews (Kan, 2007). Resources and culture are important factors auditors need to consider when adopting a risk based audit approach. Before starting auditing process, auditors need to establish a structure of audit function and evaluate the key personnel in an organization to be audited and their respective duties and roles. Another factor to consider in auditing process is independence. Auditors need to ensure that their independent function is maintained. They need to maintain dual reporting association with the management and the senior most oversight group in an organization. Auditors should ensure that organization executive management is ready to assist and support their auditing activities. Approach is very essential for both internal and external auditors when adopting a risk based audit approach. Auditors need to ensure that the approach being adopted in the auditing process is clear and can be applied appropriately in the organization of interest (Puttick & Kana, 2008). Conclusion From the discussion, it is clear that there are a number of factors that need to be considered by auditors when adopting a risk based audit approach. The inherent risk, control risk and risk detection need to be considered by auditors when implementing a risk based approach. Several factors need to be considered by auditors when evaluating inherent. Most of these factors normally increase inherent risk. Therefore, the factors such as prior-period misstatement, environmental and external factors need to be considered by auditors so as to reduce inherent risk. The task of auditors, in evaluating inherent risk, is to assess how vulnerable the financial statements claims are to material misstatement of an organization. Auditors should ensure that they are updated with insight of the client activities and business. Identification and evaluation of risk that cannot be discovered or will not discover material items is an important factor to be consider by auditors when a adopting a risk based approach. This therefore implies that consideration of materiality and its association with audit risk is an important factor to be taken into account in auditing process. Risk quantification, corporate governance, Monitoring and oversight are also important factors to be considered by auditors when implementing a risk based approach. In any endeavor, risk is an integral part. Bibliography Golden W, & Skalak S, 2011, A Guide to Forensic Accounting Investigation, John Wiley and Sons: New York. Pickett K, 2006, Audit planning: a risk-based approach, John Wiley and Sons: New York. Collier P, & Agyei-Ampomah S, 2006, CIMA Learning System 2007 Management Accounting - Risk and Control Strategy, Elsevier: New York. Vallabhaneni S, 2005, Wiley CIA Exam Review: Internal audit activity's role in governance, risk, and control, Volume 1, John Wiley and Sons: New York. Khwaja M, & Leprick J, 2011, Risk-Based Tax Audits: Approaches and Country Experiences, World Bank Publications: London. Collier P, & Agyei-Ampomah S, 2009, CIMA Official Learning System Performance Strategy, Butterworth-Heinemann: Berlin. Pickett K, 2004, The internal auditor at work: a practical guide to everyday challenges, John Wiley and Sons: New York. Collings S, 2011, Interpretation and Application of International Standards on Auditing, John Wiley and Sons: New York. Puttick G, & Kana S, 2008, The Principles and Practice of Auditing, Juta and Company Ltd: New York. Pickett K, 2005, The essential handbook of internal auditing, John Wiley and Sons: New York. Kagermann H, & Kinney W, 2008, Internal Audit Handbook: Management with the SAP-Audit Roadmap, Springer: New York. Crumbley D, & Zabihollah R, 2004, U.s. Master Auditing Guide. CCH Publishing: London. Kan, E, 2007, Audit and assurance: principles and practices in Singapore, CCH Asia Pte Ltd: New York. Parkinson, M., 2004, A Strategy for Providing Assurance. The Internal Auditor; Dec 2004; 61: 63-68. McNamee, D., 1997, Risk-Based Auditing, The Internal Auditor; 54:, 4:, 22-27. Read More