Audit Risk in the Brave New World|
Audit Risk Model|
MR. Asim Khan
The audit risk model has provided a conceptual framework for auditing practice for more than 40 years. Despite practical difficulties in implementation and criticisms of its theoretical foundation, the model has been fairly effective in helping auditors analyze risks and use that analysis to determine the nature, timing, and extent of audit procedures (especially substantive procedures) in audits of financial statements. The audit risk model provides a conceptual framework for the risk assessment standards. In recent years, auditors have tried to apply the model to audits of internal control, usually performed as parts of integrated audits. An integrated audit is an engagement where the auditor provides an opinion on the financial statements and an opinion on the effectiveness of internal control. It is integrated in the sense that the auditor tries to use some of the same procedures to meet both objectives. AUDIT RISK
Basically, audit risk is the risk arising from carrying out audit work. It is the risk of the auditor 'suffering loss' as a result of giving an inappropriate audit opinion. The loss may be in the form of damage to the auditor's reputation (and resulting business loss) or in the form of monetary compensation for damages to another person (the client or a third party), or indeed both (reputational and monetary). An auditor gives an inappropriate opinion by, for example, stating that the financial statements show a true and fair view when in fact they do not, or that they do not give a true and fair view when in fact they do. This may arise from: * not gathering appropriate audit evidence
* being deliberately misled by those providing the evidence who conceal evidence that would have led to a different opinion, or who falsify evidence * misinterpreting (drawing inappropriate conclusions from) the evidence gathered. In summary, audit risk is the risk that the auditor will suffer financial and/or reputational loss as a result of doing something wrong or omitting to do something during an audit engagement. All audits, therefore, involve risk. There is always the possibility of fraud or error remaining undetected no matter how careful an auditor is in gathering and assessing audit evidence in support of the auditor's resulting opinion. It is possible that the auditor will arrive at an unsuitable opinion. A large part of an audit engagement is dealing with this risk - assessing it at the start of the engagement, and gathering evidence and reassessing it during the engagement. Audit risk is fundamental to the audit process because auditors cannot and do not attempt to check all transactions. Students should refer to any published accounts of large companies and think about the vast number of transactions in a statement of comprehensive income and a statement of financial position. It would be impossible to check all of these transactions, and no one would be repaired to pay for the auditors to do so, hence the importance of the risk based approach toward auditing. Traditionally, auditors have used risk-based approach in order to minimize the chance of giving an inappropriate audit opinion, and audits conducted in accordance with ISAs must follow the risk based approach, which should also help to ensure that audit work is carried out efficiently, using the most effective tests based on the audit risk assessment. Auditors should direct audit work to the key risks (sometimes also scribed as significant risks), where it is more likely that errors in transactions and balances will lead to a material misstatement in the financial statements. It would be inefficient to address insignificant risks in a high level of detail, and whether a risk is classified as a key risk or not is a matter of judgment for the auditor....