Audit2: Risk-Based Approach

Objectives of the Topic


 * Suggest why risk-based approaches have become more important.
 * Define audit risk and business risk and show how auditors approach risk.
 * Understand the objective of each phase in the audit process and the evidence that has to be collected at each audit stage.

Definition
An audit is a complete and careful examination of selected financial records of a business or person.

At the end of an audit, auditors prepare a report of their findings, where they express their opinions on the truthfulness and fairness of the financial statements, as well as whether the statements comply with the required regulations and accounting standards.

Risk-based Approach
RBA helps financial institutions to allocate their resources in the most efficient way, meaning that the institution is able to prioritize and focus on essential risks and apply preventive measures that are commensurate to the nature of risks. Domains of risks with less importance could apply lighter measures.

What Are the Benefits of Risk-Based Approaches in Internal Audit? A risk-based audit approach allows internal auditors to respond to organizational risks more timely and provide insights to management to help solve problems on a regular cadence. To enhance those insights, the use of data is critical.

Business Risk
A risk resulting from significant conditions, events, circumstances, actions and inactions that could adversely affect an entity's ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies.

ISA 315 is concerned with those business risks that may cause material misstatement (para. 11 (d) of ISA 315), reflecting the fact that not all business risks will cause material misstatement and heighten audit risk.

Business Risk Assessment and Risk Assessment Procedure
 * Risk-based approach to auditing:
 * Develop an understanding of management’s risk management and control processes
 * Develop understanding of the business and the risks it faces
 * Use the identified risks to develop expectations about account balances and financial results
 * Assess the quality of control systems to manage risks
 * Determine residual risks, and update expectations about account balances
 * Manage remaining risk of account balance misstatement by determining the direct tests of account balances (detection risk) that are necessary

There are a number of information sources (including electronic sources) that auditors use to develop an understanding:
 * Knowledge management systems
 * Online searches
 * Review SEC filings
 * Company websites
 * Economic statistics
 * Professional practice bulletins
 * Stock analysts’ reports