How Do I Reduce My Audit Risk?
Audit risk is the possibility of misjudgement of financial statements that contain material misstatements. It does not include the risk that auditors may mistakenly believe that the financial statements contain significant errors, because in such cases auditors can often reconsider or add auditing steps that often lead auditors to the correct conclusions. Audit risk is affected by inherent risk, control risk, and inspection risk. The possibility of major untrue matters during the accounting process of the audited entity is called internal risk; the possibility of the internal control system of the audited unit being unable to detect and correct the major untrue events that have occurred is called control risk; the auditor is performing the audit The possibility of not being able to detect major misleading matters during the procedure is called inspection risk. Audit risk consists of intrinsic risk, control risk and inspection risk. There is a relationship between them: audit risk = intrinsic risk × control risk × inspection risk. This is the audit risk model. Audit risk cannot be determined mathematically at the end of the audit, because auditors do not know the actual risk, but use judgement to evaluate each relevant risk. [1]
Audit risk
- Many scholars at home and abroad have actively discussed the concept of audit risk, but the conclusions are not completely the same due to different perspectives.
- The Kohler Accounting Dictionary interprets audit risks as: one is identified
- Introduction
- The nature of audit risk is always characterized by certain characteristics or characteristics. After discussing the connotation of audit risk, we should continue to elaborate on the characteristics of audit risk and explain
- The American Institute of Certified Public Accountants issued a statement on auditing standards No. 47
- audit
- audit
- Full
- China
- The significance of audit risk is very important. Audit risk can be understood in a broad sense, that is,
- Impact of economic environment on audit risks
- Impact of the legal environment on audit risks
- Impact of the political environment on audit risks
- Impact of industry environment on audit risks
- Impact of Human Environment on Audit Risk
- At the current stage in China, due to the many uncertainties in the market, there are more factors that can cause audit risks and it is more difficult to control. As an abstract expression of audit risk,
- The evolution of audit risk model and the new development of risk-oriented audit
- Abstract: This article introduces the latest developments of risk-oriented auditing from two aspects of auditing standards and auditing practices, and proposes the enlightenment and reference for China based on the evolution of auditing risk model.
- Keywords: audit risk; audit risk model; risk-oriented audit
- China classification number: F23943 Document identification code: A Article number: 1005-0892 (2006) 11-011804
- Audit risk is an important topic in audit research, and it is also one of the hot topics that are most concerned about in the practice field. Since the beginning of the century, a series of major domestic and foreign corporate financial fraud scandals and audit failures have occurred one after another, and people have paid more attention to the study of audit risk. This article attempts to evolve the manpower from the audit risk model and explore the connotation and latest development of risk-oriented audit.
- I. Audit Risk Model and Its Evolution
- Generally speaking, audit risk is affected by two risk factors: audit subject and audit object. The basic model of audit risk is composed of the subject and object of audit activities. From the perspective of the auditing object, all the results of operations and assets and liabilities of the audited unit must ultimately be reflected in the financial statements. However, untrue and reliable financial statements will cause audit failure and audit responsibility, so the risks of the financial statements themselves will lead to audit risks. From the perspective of the audit subject, if the auditor does not comply with the requirements of the auditing standards. Or the auditing standards that have been complied with have lagged behind the development requirements of the socio-economic environment, it will also lead to audit failure and audit responsibility. This creates audit risk. Therefore, the basic model of audit risk can be expressed as:
- Audit risk = Audit object risk × Audit subject risk = Financial statement risk × Inspection risk
- However, due to the different roles and impacts of the socio-economic environment on audit development in different historical periods, the audit methods in different periods are also different. The following analysis of the development and evolution of audit risk model from these three stages.
- 1. Audit risk model in the audit phase of accounts
- In the early stage of audit development, due to the simple organizational structure and single nature of business, audits by CPAs are mainly to satisfy the property owners to conduct independent checks on accounting, and to encourage trustees (usually managers or subordinates) to authorize operations. Be honest and reliable. The CPA is mainly responsible to the client, but the responsibility to the third party is not clear, so the audit risk is relatively small. Its audit focuses on the balance sheet, which aims to detect and prevent errors and fraud. The CPA reviews each item of the financial statements, including checking supporting evidence, assessing the value (usually cost) of the reported assets, and determining the correctness of the accountability of the trustee's purchase and issue of inventory. It can be said that the audit risk model in this period is a simple manifestation of the basic model of audit risk. At this time, the risks in the financial statements mainly refer to the inherent risks of the items in the financial statements, so the audit risk at this stage can be expressed as: audit risk = Inherent risk x check risk. I.e.
- Based on analysis of inherent risks. Focusing on controlling inspection risks, therefore, detailed audits or large sample audits are mainly used.
- 2. The audit risk mode of the system-based audit stage. With the increasing scale of enterprises, the content of economic activities and transactions is constantly enriched and complicated, and the audit workload and audit costs of certified public accountants have rapidly increased, making detailed audits difficult to implement. Therefore, the professional community Gradually shift to sampling audits. However, the use of sampling audit requires certified public accountants to estimate enterprise risks, sample selection, error range, and even error rate, which has inherent limitations. At the same time, the professional community has gradually realized that reasonable design and effective internal control can ensure the reliability of accounting statements and prevent major errors and fraud. and so,
- The CPA combined internal control and sampling audit to form a system-based auditing method, focusing on understanding, testing, and evaluating the rationality of internal control design. If an enterprise has established an effective internal control system, it can effectively control and prevent inherent risks, so the risks of financial statements are affected by both inherent risks and control risks. The pattern at this stage can be expressed as:
- Audit risk = inherent risk × control risk × inspection risk
- The characteristic of this model is that its constituent elements have been changed from the original two to three, which increases the control risk, and regards the test and evaluation of control risk as the most important aspect of audit risk control.
- 3 Audit risk model in the risk-oriented audit phase
- After the 1970s, the emergence of fraudulent and fraudulent activities by management in the West and the randomness of sampling audits made the limitations of system-based auditing methods more and more obvious. System-based audits pay too much attention to the internal control system of the audited units, that is, control risks and relatively ignore other factors and reasons that cause audit risks, failing to achieve reasonable allocation of audit resources. In this case, risk-oriented auditing methods have emerged. Its traditional model is:
- Audit risk; inherent risk × control risk × inspection risk
- Among them, the audit risk is determined by the accounting firm's risk management strategy. A cautious accounting firm often determines it to a lower level. The same risks and control risks are related to the enterprise. The certified accountant can understand Its environment and internal control assessment evaluate the two, determine the inspection risks based on this, and design and implement substantive procedures to control the audit risk to the level determined by the accounting firm. This model and the system-based audit model
- It is the same, but theoretically solves the arbitrariness that the CPA adopts sampling audit based on the system. It also solved the problem of the allocation of audit resources, which required CPAs to allocate audit resources to the areas most likely to cause major misstatement of accounting statements. Its characteristic is that the implementation of audit procedures depends on the assessment of inspection risks.
- New developments in risk-oriented auditing
- When CPAs use traditional risk-oriented auditing methods. It is often difficult to make an accurate assessment of inherent risks, often reducing them
- Identify a single location as a high level and invest audit resources in control tests (if necessary) and substantive tests. That is, traditional risk-oriented auditing methods focus on the assessment of risks at the lower levels of account balances and transaction levels, and ignore understanding of the company and its environment at a macro level (such as the state of the industry, the regulatory environment, and other factors currently affecting the company) Nature, including property rights structure, organizational structure, operation, financing and investment; corporate goals, strategies, and significant errors in accounting statements
- Relevant operational risks reported; measurement and evaluation of corporate financial performance); at the same time, audit risk is the result of the combined effect of auditing the internal environment and the external environment. An enterprise is a socio-economic organization. It exists in a certain social and economic environment. It should be connected to the environment and regarded as an open system. With the advent of the information society and the era of the knowledge economy, the connection between companies and the diverse and rapidly changing internal and external social environments they face has sharply increased, and internal and external operating risks will soon be translated into the risk of misstatement of accounting statements. Therefore, the auditors are also deeply aware that if the audited unit is isolated from the extensive economic network in which it is located, it is impossible to effectively understand the transaction of the audited unit and its overall performance and financial status. In order to reduce the risk of auditing accounting statements, auditors must study the company and the entire "system" they reflect in order to gain a full understanding of it.
- (I) Improvement of risk-oriented auditing standards
- The International Auditing and Assurance Standards Board (| AASB) under the International Federation of Accountants (IrAc) issued a series of audit risk standards in October 2003, including the "Aims and Fundamental Principles of Auditing of A-Statement Statements", "Understanding Audited Criteria for Units and Their Environment and the Assessment of Material Misstatement, the "Certified Accountant's Criteria for the Degree of Response to Assessment Risks," and the "Audit Evidence Standards." These guidelines have been formally implemented since December 15, 2004. New standard for audit risk model and corresponding
- The audit procedures have been revised and adjusted, emphasizing that certified public accountants should have a thorough understanding of the audited entity and its environment, effectively perform risk assessments, focus on high-risk areas where financial statements are misreported, and meanwhile, integrate risk assessment and audit procedures. Closely linked. The implementation of the new standards will effectively improve the quality of audits, increase public confidence in audited financial statements, and help protect the public's interests.
- 1 Established a new audit risk model. The audit risk model commonly used in the auditing profession was proposed by the American Institute of Certified Public Accountants in 1983: 9 audit wind profit = inherent risk × control risk × inspection risk (that is, the traditional audit risk model): under the established audit risk, Inspection risk = audit risk / inherent risk × control risk. Based on this, the inherent risk is evaluated and the risk is controlled, and then the acceptable inspection risk is calculated to determine the nature, timing and scope of the substantive test. With the development of audit practice, the traditional audit risk model gradually shows its shortcomings and deficiencies. Therefore, the new standard establishes a new audit risk model: audit risk = material misstatement risk x inspection risk. Among them, the risk of material misstatement includes two levels: one is the overall level of accounting statements; the other is the level of transaction types, account balances, disclosures, and related statements. Significant misstatement risks at the overall level of accounting statements refer to major misstatement risks that are closely related to the overall accounting statements or significant misstatement risks that have a potential impact on many assertions. It is usually related to the control environment and other environmental factors. The risks of material misstatement of transaction types, account balances, disclosures, and related statement levels consist of two components, inherent risks and control risks. For the level of risk assessment of material misstatement at the overall level of accounting statements, the new standard requires certified public accountants to respond as a whole, for example, the audit team emphasizes the need to maintain professional skepticism in the process of collecting and evaluating evidence; assigning some more experienced or having some People or experts with special skills to participate in the audit team; strengthen the supervision of the audit team; add more unexpected factors when choosing to implement the audit process; consider adjusting the nature, time and scope of the audit process if necessary. For the level of risk assessment of major misstatement at the transaction or account level, the CPA should determine the nature, time and scope of the next audit process, conduct control tests, implement substantive procedures, and test the adequacy of expression and disclosure. The new audit risk model was born with the development of auditing environment and auditing practice. It is more in line with the actual work of auditing, and it is beneficial for certified public accountants to perform risk assessment procedures.
- 2. Certified public accountants are required to fully understand the audited entity and its environment, as well as the components of internal control, in order to identify and evaluate the risks of material misstatement. It can be seen from most of today's audit cases that many of them are due to the lack of understanding of the basic situation of the audited unit by the certified public accountants and the "hurry". The CPA should obtain information about the identification and assessment of major misstatement risks through various channels, especially the operating environment information of the audited entity, the information of the audited entity, and internal control information. Operating environment information includes external factors such as the macroeconomic environment, the industry environment, and the legal environment. The worse the industry is, the more likely it is that the audited entity s accounting statements reflect misrepresentation, and the greater the audit risk; and the more sound the legal system related to auditing, the greater the audit risk that the audit subject will assume. Regarding the audited unit, it is mainly to consider its operating conditions, investment and financing, and at the same time pay special attention to the character and reputation of the management of the audited unit, whether the company is in financial distress and litigation disputes, and the audited unit and the former accounting firm. Relationships, major accounting issues and unusual matters. Internal control mainly includes the control environment and control procedures. The new standard enumerates these related information in detail. It played a better role in guiding the CPA to collect information from various aspects and enhanced operability.
- (=) The development of modern risk-based auditing in auditing practice dates back to the early 1990s.
- The challenge of the knowledge economy to the audit profession, the audit profession has begun to explore new audit methods. The top five international (and now only four) accounting firms are at the forefront. In 1997, KPMG's research team published a research report, "Organizing Review with a Strategic System Perspective." "," Proposed KPMG's BMP (Business Measurement Pwcess) audit model. This audit method first analyzes the business model of the enterprise, and understands the internal and external business environment of the company in a combination of top-down and bottom-up; then, it uses five principles (strategic analysis, management analysis, risk assessment, Performance measurement and continuous improvement) to analyze the enterprise's operating risk, draw conclusions about residual risk and its impact on auditing; finally, use residual risk to guide substantive testing. This completes the audit from the bottom up. It can be said that KPMG's audit model has reflected the idea of focusing on the internal and external environment of the company. At the same time, other major accounting firms have also begun working with academia to develop new auditing methods. Andersen Certified Public Accountants has developed modern risk-oriented auditing technology under the name of "operating auditing". Ernst & Young has developed a modern risk-oriented audit under the name of audit innovation and formed a systematic method of analyzing the business environment of the enterprise, referred to as BEAT (business environment analysis template); PricewaterhouseCoopers Accounting
- LLP has developed a modern risk-oriented audit method under the name "PwC Audit Method"; Deloitte & Touche has developed a modern risk-oriented audit method under the name "AS / 2". Although there are slight differences in the specific structural frameworks of these audit models, the basic principles are the same. It can be said that the exploration of the improvement of traditional risk-oriented auditing methods by foreign professional circles provides a better idea for CPAs to grasp audit risks from a macro perspective, and promotes the emergence and development of modern risk-oriented auditing. The International Auditing and Assurance Standards Board has revised the original audit risk model on the basis of absorbing existing research results and inducing auditing practices, and it is also a perfection of risk-oriented auditing methods.
- Lessons for China
- China's independent auditing standards are based on the basic principles and necessary procedures of international auditing standards, but have not yet formed a relatively complete standard framework for assessing and controlling audit risks. The focus of the China Association for the Construction of Independent Auditing Standards is to develop and revise auditing risk standards based on modern risk-oriented auditing ideas to strengthen members' risk awareness and quality awareness in the practice process and reduce audit risks. The review of the development of audit risk models and the latest developments in risk-oriented audits internationally provide a reference for the development of audit standards in China and the development of audit practices.
- 1. The audit risk model was revised to emphasize a macro understanding of the audited entity and its environment in order to fully identify and evaluate the risks of material misstatement of the accounting statements. If we only focus on various types of transactions and account balances, and do not consider the risk of significant misstatement of accounting statements from a macro perspective, the CPA is likely to find only small errors in the audited unit and ignore large issues. It is necessary for China to learn from the practice of the International Auditing and Assurance Standards Board to revise the existing audit risk model: audit risk = inherent risk × control risk × inspection risk, and introduce environmental variables into it, so that the audit risk model is rephrased: Audit risk = material misstatement risk × inspection risk, guide the CPA to consider the audited unit and its environment more in the audit process, so as to reduce the possible audit risk.
- 2. The certified public accountant should maintain professional skepticism to implement auditing work, and fully consider the circumstances that may cause major misstatement of accounting statements. It is difficult for Chinese CPAs to remain skeptical in their practice, sometimes too trustworthy of management. A certified public accountant who participated in Yinguangxia's audit of Zhongtianqin later admitted that the lack of questioning the authenticity of the information provided by the management authority was an important reason for the failure of the audit. Therefore, China should learn from international practices. Strengthening registered accounting
- The professional skepticism of the division requires that the certified public accountant always maintains a skeptical attitude during the implementation of the audit, and maintains a high degree of vigilance on conflicting documents or statements of doubt about the reliability of the management. In order to increase the probability of finding and revealing major errors and weaknesses, thereby reducing audit risks.
- 3 Vigorously improve the professional judgment of certified public accountants. Auditing is a profession that depends on experience and knowledge. In many cases, the assessment of various audit risk elements, the amount and method of audit evidence collection, and so on, rely mainly on the professional judgment of certified public accountants, which is highly subjective. Even if the auditing standards are formulated in detail, the professional judgment of certified public accountants is an indispensable key factor in auditing work, and it will have an important impact on audit quality. Chinese certified public accountants generally have solid professional knowledge, but lack a wealth of professional experience. Professional judgement is not high, especially when it comes to audit risk. Therefore, it is recommended to strengthen the risk awareness of CPAs through follow-up education and job training, strengthen the professional judgment of CPAs in audit risk assessment and control, and enable them to perform auditing operations with due professional caution and detachment. Reduce audit risk.
- 4 Defend audit risks by participating in professional liability insurance. Since independent auditing is an industry with high social responsibility and high practice risk, even if the accounting firm attaches great importance to the management of audit risk, it still has to bear part of the risk. And with the establishment and improvement of the legal system related to auditing, the civil liability of accounting firms will continue to increase, and the losses caused by risk accidents may be huge. Therefore, accounting firms have taken certain measures to resist audit risks. Most Chinese firms have adopted the practice of extracting practice risk funds, that is, extracting a certain percentage of special funds to make up for losses caused by audit risks. This is a method of allocating the losses caused by audit risks to various periods and resolving them within the firm. The common practice of international accounting firms is to participate in professional liability insurance. It can accumulate the funds of the certified public accountant industry, and the entire industry jointly bears the losses caused by occupational risk accidents. The ability to pay after the accident can meet the needs of the public.
- Yes, this will not only improve its own risk tolerance, but also be a manifestation of social responsibility.
- 5. The accounting firm should establish a database and make appropriate use of the work of experts. The international "Big Four" has a relatively complete database, and employs many experts from all walks of life. When understanding the customer's control environment, auditors can easily find the corresponding information to determine whether the customer's operating conditions are reasonable. In the absence of relevant information, more use is made of the work of experts. However, accounting firms generally lack a database, and auditors cannot judge the rationality of business operations. As a result, Zhongtian Qin's auditors cannot judge the profitability of Yin Guangxia's carbon dioxide supercritical extraction project; and although Chinese standards stipulate the use of expert work, audit practices are rarely used. Therefore, Chinese accounting firms should establish their own database as soon as possible, and use the work of experts when necessary.
- 6. Make full use of analytical inspection methods and implement fraud review procedures. Analytical procedures are used to calculate specific items and ratios to find abnormal trends and fluctuations. Analytical inspection methods can be used at the audit planning and reporting stage to grasp the overall situation of the enterprise from a macro perspective and find abnormal situations, that is, grasp the risk factors, so as to reduce the audit risk using appropriate methods. However, many accounting firms use the guise of reducing costs and only perform a symbolic review before issuing an audit report. This cannot guarantee the quality of the audit at all. 4 At the same time, after determining the risk level of a material misstatement, the CPA should consider countermeasures and implement relevant testing procedures, especially for fraud. Because fraud is usually more covert, but the consequences are serious, especially from management. Such as AICPASAS. 99 requires that specific substantive testing of management's risk of internal control overstepping be performed. It is recommended that the audit procedures for assessing management's risk of internal control overstepping control include: checking special entries and other adjustments; reviewing accounting estimates to check their tendency, including Management's judgments and assumptions are retrospectively reviewed; the business rationality of large abnormal transactions is evaluated. If management is found to have overstepped internal control or a large number of unreasonable transactions, and the management has the incentive to fraud, the auditor must adopt a stricter
- Auditing standards to reduce the possibility of audit failures. In the review of the audit working paper at all levels, special attention must be paid to the existence of financial fraud by the management, the extent of the fraud, and the impact on audit opinions.
- references:
- [1] Xie Rong, Wu Jianyou. Modern risk-oriented auditing theory research and practice development accounting research, 2004, (4).
- [2] Chen Yugui's Understanding of the Origin and Development of Risk-oriented Auditing Methods . Chinese Certified Public Accountant, 2004, (4).
- [3] Zhu Xiaoping, Ye You, Comparison and Analysis of the Concept of "Audit Risk", Auditing and Economic Research. 2003, (9)
- [4] Frontiers of Audit Research by Zheng Zhengqi and Xie Rong [M] Shanghai University of Finance and Economics Press, 2002
- [5] Liu Feng, et al. "Risk-oriented Auditing · Legal Risks-Audit Quality" [J]. Accounting Research. 2002, (2).