Risk-Based Audit Approach
Risk-based Audit Approach Risk-based audit is an approach that is related to the concepts of audit risks and materiality. Audit risk is the likelihood that the financial statements are materially misstated after the auditor has determined that the financial statements are free of material misstatements. Materiality is a concept relating to the significance of an amount, transaction, or discrepancy.
In this approach, auditors analyze audit risks, sets materiality based on the analyzed audit risks, and then develop audit procedures which mainly focus on the areas of greatest risks. Therefore, audit resources are directly allocated towards the areas of the financial statements that may contain material misstatements, and also audit efforts can be concentrated. How auditors market the risk-based audit approach
As an auditor, the following aspects are the important ones that need to be addressed to the clients: * Risk-based audit approach is efficient, and time-and-cost saving * Risk-based audit approach enhances audit quality and add value to the client * Risk-based audit approach is designated towards organizations’ own business sectors * Risk-base audit approach is adopted due to its compliance with regulations The auditors don’t necessarily need to perform detailed audit procedures on all areas of audit.
The plan and performance on all areas of audit will be time-consuming, and costs a lot of money. In the risk-based audit approach, programs are designed towards, and resources are allocated to high-risk areas. Thus, it is more efficient and time saving than the normal audit approach in that the auditors need only to plan and design audit programs and procedures on areas previously identified as key risks that could give rise to the materially misstated financial statements. Large sampling and testing of low risk areas can then be saved.
Audit resources can therefore be allocated towards high risk areas to achieve a more efficient audit process. However, sometimes, during the first year of implementation, the risk assessment standards would require auditors to perform more audit procedures than in the past, so more costs are incurred. But costs would decline in subsequent years because auditors can leverage their knowledge of the client gained from prior audits. Thus on the whole, the costs of risk-based audit approach would be less than the normal audit approach.
Risk-based audit approach enhances the quality and effectiveness of audit, improves financial statement assurance, and the financial statement reporting process. In this approach, audit efforts can be allocated towards high risk areas. By evaluating the risk indicators when doing the risk assessment, risk-based audit approach can provide the clients with advice on how to improve in risk management and control processes. Clients can then improve its operations from recommendations.
Business entities differ in terms of nature, location, employees, size and corporate culture. There are no two firms that are exactly the same. In order to better serve the client, audit procedures should be designated towards the client’s own features and needs. In the risk-based audit approach, auditors are required to focus on the entity and environment of the organization when they are making risk assessments. A clear understanding of the organization’s entity, environment and its internal controls can so be generated.
Therefore, the audit plan and procedures are more targeted towards the business entities being audited, and more appropriate audit plan will be implemented accordingly. Nowadays, organizations are adopting risk-based audit approaches more frequently than before. 1 Due to the increasing number of regulations, organizations tend to adopt risk-based audit approach since it can cover multiple regulations from a single audit event. For example, Statements on Auditing Standards nos. 04–111 require increased rigidity on the audit process in terms of assessments of inherent and control risks, and the implementation of risk assessments to audit procedures. 2 Thus, the use of risk-based audit procedure ensures all the necessary governance requirements can be met without duplicating audit efforts and resources. Audit committee’s concerns regarding risk-based audit approach Risk-based audit approach is developed as an efficient method for audit committee members to oversee the risk management procedures within the organization.
It allows audit committee members to comprehensively evaluate the risks the organization is facing, which may affect the external financial reporting process. By examining the area that has greatest risks, a clearly understanding of the tone at the top can be achieved. Thus, this approach can help audit committee members meet their fiduciary duties to the shareholders. However, from audit committee members’ point of view, risk-based audit approach may contain the following concerns: * Risk-based audit approach can sometimes be subjective in risk assessment. Risk assessment can be impacted by the inability of the auditor Risk-based audit approach is started by the auditor’s performing of an analysis of the audit risks before taking on specific audit procedures. Risk assessment is subjective, and it depends on the auditor’s professional judgment. Professional judgment of an auditor can go wrong due to different perceptions of risks. Sometimes, due to the subjectiveness of risk management, the high-risk areas that the auditors have found out may not necessarily contain that much risk.
Therefore truly potential high risk areas which can have material misstatement could be overlooked. The audit procedures designated consistent with the risk assessment results can be inefficient and render ineffective outcomes. Besides the subjectiveness in risk assessment, in some circumstances, such as the inability of auditor or the lack of due professional care, it can cause problems in risk assessing process. When the auditor who is performing the risk assessment does not have enough related experience, or when he/she is short of due professional care, the results from risk assessment cannot be reliable.