Auditing

Mahr Irfan Ahmad Tahir

B.Sc., FCFMA, MIPA, AFA, OCP, CDBMA
Auditing-Risk
• Audit risk refers to the risk that an auditor may issue an unqualified report
due to the auditor's failure to detect material misstatement either due to
error or fraud. This risk is composed of: Inherent risk, the risk involved in the
nature of business or transaction.
• Audit risk is the risk that financial statements are materially incorrect, even
though the audit opinion states that the financial reports are free of any
material misstatements. The purpose of an audit is to reduce the audit risk to
an appropriately low level through adequate testing and sufficient evidence.
• Audit risk is the risk that an auditor will not detect errors or fraud while
examining the financial statements of a client. Auditors can increase the
number of audit procedures in order to reduce the level of audit risk.
Auditing-Risk components
• There are three components of an audit risk from the viewpoint of
the auditor — inherent risk, control risk and detection risk. Inherent risk lies
inherent in the audit.
•  Inherent Audit Risks are the risks that the material misstatements could
possibly happen in financial statements due to other reasons rather than the
failure of internal control over financial reporting. There are many reasons lead
to increase inherent risks in the audit of financial statements.
• Examples of Inherent Risk. In financial and managerial accounting, inherent
risk is defined as the possibility of incorrect or misleading information in
accounting statements resulting from something other than the failure of
controls. ... It is often present when a company releases forward-looking
financial statements.
Auditing-Risk components
•  Can the auditors reduce inherent risk by performing audit procedures? Inherent
risk refers to the possibility of a material misstatement occurring in an assertion
assuming no related internal controls. Accordingly, since it exists independently of
the auditors, the auditors cannot “reduce” inherent risk.
• Factors affecting account inherent risk include:
• Dollar(currency) size of the account.
• Liquidity.
• Volume of transactions.
• Complexity of the transactions.
• New accounting pronouncements.
• Subjective estimates.
Auditing-Risk components
• Inherent risk is assessed primarily by the auditor's knowledge and
judgment regarding the industry, the types of transactions occurring
at a particular company and the assets that the company owns.
Usually, an auditor assesses each audit area as either low, medium or
high in inherent risk.
• Once you assess inherent risk, Strategy automatically
calculates inherent risk. All risk scoring factors together are multiplied
together, with each risk scoring factor multiplied by its assigned
weight. The scoring framework is based on your
organization's risk scoring settings.
Auditing-Risk components
•  Inherent Audit Risks are the risks that the material misstatements could possibly
happen in financial statements due to other reasons rather than the failure
of internal control over financial reporting.
• Inherent risk is set for audit objectives for segments rather than for the
overall audit because misstatements occur at the objective level within a segment.
• Inherent risk, in Risk management, is an assessed level of raw or untreated risk;
that is, the natural level of risk inherent in a process or activity without doing
anything to reduce the likelihood or mitigate the severity of a mishap, or the
amount of risk before the application of the risk reduction effects of
controls. Another definition is that inherent risk is the current risk level given the
existing set of controls, which may be incomplete or less than ideal, rather than an
absence of any controls.
Auditing-Risk components
• Control risk, which is the risk that a misstatement due to error or
fraud that could occur in an assertion and that could be material,
individually or in combination with other misstatements, will not be
prevented or detected on a timely basis by the company's
internal control.
• Control risk is the probability that financial statements are materially
misstated, due to failures in the system of controls used by a
business. ... The managers of a business are responsible for designing,
implementing, and maintaining a system of controls that is adequate
for preventing the loss of assets.
Auditing-Risk components
• There are 4 types of risk control:
• Accept Risk. The stakeholders who are responsible for a risk can choose to
accept a risk. ...
• Mitigate Risk. Actions are taken to reduce risk to an acceptable level.
• Eliminate Risk. A risk may be reduced to zero.
• Transfer Risk.
• Exploitation
Auditing-Risk components
• Inherent risk is the risk posed by an error or omission in a financial
statement due to a factor other than a failure of control. ...
If inherent and control risks are considered to be high, an auditor can
set the detection risk to a lower level to keep the overall audit risk at
a reasonable level.
• Of course, risk management is an ongoing activity, so you should carry
on identifying and recording new risks as they come up. ... You also
need an action plan per risk in order to be able to manage them
effectively. There are 5 main ways to manage risk: acceptance,
avoidance, transference, mitigation or exploitation.
Auditing-Risk Identification
• Understand the entity and its environment.
• Understand the transaction level controls.
• Use planning analytics to identify risk.
• Perform fraud risk analysis.
• Assess risk.
• Here are 7 of the most common ways to mitigate risk: all approaches that will transfer to your
project in most cases.
• Clarify The Requirements. What is it that you want to achieve with this project? ...
• Get The Right Team.
• Spread The Risk.
• Communicate and Listen.
• Assess Feasibility.
• Test Everything.
• Have A Plan B.