Вы находитесь на странице: 1из 5

Financial System & Auditing

Outcome 2

Different components of business risk: Sas 300 Accounting and internal control systems and audit risks assessment This SAS (statement of auditing standard) provides guidance on audit risk and its component: Inherent risk: the susceptibility of an account balance or class of transactions to material misstatement either individually or when aggregated with misstatements in other balances or classes, irrespective of related internal controls over the accounting system. Control risk: the risk that material misstatement could occur in an account balance or class of transactions, either individually or when aggregated with misstatement in other balances or classes, and not be prevented, or detected and corrected, on a timely basis by the accounting and internal control systems. Detection risk: the risk that the auditors substantive procedures do not detect a material misstatement in the financial records.

The three component of audit risk should be separately considered at the planning stage when the audit procedures are designed. This enables efforts to be targeted towards areas of materiality and to reduce overall audit risk. In addition to the above, the planning process should: 1. Establish a materiality factor for the assignment. 2. Establish whether a compliance or substantive testing approach is appropriate, i.e. whether or not a system of internal control exists on which the audience can rely. 3. Set out the audit programme of tests to be undertaken. 4. Establish initial sample sizes for testing. 5. Set staff allocations and a fee budget. 6. Involve the briefing of audit assistance. It is good practice for this briefing process to be evidenced, perhaps by the assistant signing an appropriate section of the planning checklist.

SAS sets out standards for auditors on assessing audit risk and obtaining an understanding of accounting standards for auditors on assessing audit risk and obtaining an understanding of accounting and internal control systems. Its key points may be summarized as follows: 1. Audit risk, i.e. that an inappropriate audit opinion is given, has three components:

2. 3.

4.

5.

6.

7. 8.

9. 10. 11. 12.

a. Inherent risk b. Control risk c. Detection risk Detection risk incorporates audit sampling risk. Auditor should have an understanding of the accounting and internal systems of the client. The auditor should maintain notes, documents, flowcharts, etc. on the permanent audit file detailing the control procedures operated by management. In order to assess the adequacy of the controls, and therefore the extent to which reliance can be placed on them, it is common for auditor to check whether what happens in practice is consistent with what is supposed to happen. The three components of audit risk should be separately considered at the planning stage when the audit procedures are designed. This enables efforts to be targeted towards areas of materiality and so reduce overall audit risk. In the case of small, owner-managed businesses the audit evidence may have to be obtained entirely from substantive procedures. The auditors planning record should allow for this eventuality, together with a documentation of their reasons. The SAS does not permit whatever the perceived level of inherent and control risk, an audit to be conducted without applying substantive procedures. In extreme cases, if the auditor derives no confidence from the system of internal control and also considers audit risk to be high due to the state of the records, he may have no option other than to undertake a 100 per cent check of transactions and balances as recorded. Letters of weakness, or management letters, are often written following a review of internal controls. A checklist within the planning documents may be useful to ensure that all components of audit risk are adequately covered. For smaller clients with uncomplicated transactions, a straightforward list of the books and records maintained will be sufficient. Where it is clear that reliance on controls to reduce substantive testing would not be worthwhile, a detailed assessment of these controls and control risk is not necessary.

Risk-based auditing Risk-based auditing is an approach of MUS (monetary unit sampling) which Is designed to avoid overauditing in low risk areas and under-auditing in high risk areas, and is an approach now considered vital by many auditors. A common approach to risk evaluation is to consider: 1. The adequacy of the clients accounting records and the control systems which ensure their accuracy and reliability.

2. The relevance of accumulated prior knowledge and reliability of evidence from past audit assessment. An overall review will facilitate the formulation of an initial assessment of the level of risk into suitable categories: 1. Negligible risk: i.e. when there is only a remote possibility of the accounting records and financial statements containing material errors. 2. Low risk. 3. Medium risk: this risk evaluation factor might be appropriate when the nature of the companys activities and the systems of internal control generally present a low audit risk but there are identifiable areas which are more risky. For example. A freight forwarding company which may be subject to claims from its clients for damage of property. 4. High risk: area are those which should be the primary concern of partners and senior managers, and will include such matters as i. Adequacy of provisions. ii. Full disclosure of liabilities, including contingent liabilities. iii. Post-balance sheet review of subsequent events. iv. Analytical reviews on draft financial statements. v. Implications of tax legislation. vi. Detecting overstatement of assets. vii. Identifying high value items and error-prone conditions. viii. Drafting the audit report itself.

Control systems in place of a business The three separate functions into which accounting controls may be divided are: buying (authorization), receipt of goods (custody), and accounting (recording).

Buying factors to be considered include a. The procedures to be followed when issuing requisition for additions to and replacements of stocks, and the persons to be responsible for such requisitions. b. The preparation and authorization of purchases orders. c. The institution of checks for safe-keeping of order forms and safeguarding their use. d. As regards capital items, any special arrangements as to authorizations required.

Goods inwards factors to be considered include

a. Arrangements for examining goods inwards as to quantity, quality and condition, and for evidencing such examination. b. The appointment of a person responsible for accepting goods, and procedures for recording and evidencing their arrival and acceptance. c. The procedure to be instituted for checking goods inwards records against authorized purchases orders.

Accounting factors to be considered include a. The appointment of persons so far as possible separately responsible for. i. Checking supplier invoices. ii. Recording purchases and purchase returns. iii. Maintaining suppliers ledger accounts or similar records. iv. Checking suppliers statements. v. Authorizing payments. b. Arrangements to ensure that before accounts are paid: i. The goods concerned have been received, accord with the purchase order, are properly priced and correctly invoiced. ii. The expenditure has been properly allocated, and iii. Payment has been duly authorized by the official responsible. c. The establishment of appropriate procedures in connection with purchase returns, special credits and other adjustments. d. Arrangement to ensure that liabilities relating to goods received during an accounting period are properly brought into accounts of the period concerned. e. The establishment of arrangements to deal with purchases from companies or branches forming part of the same group. f. Arrangements to deal with purchases made from employees under special terms. g. Regular independent checking of suppliers accounts against current statements, or direct verification with suppliers. h. The institution of a purchases control account and its regular checking by an independent official against suppliers balances.

Risk of fraud within a business, and methods for detection of fraud Is the auditor responsible? It could be argued that fraud, if it exists, may well affect the view presented by the accounts on which it is undoubtedly the auditors responsibility to report and some audit work in this style is therefore necessary.

This does not explain, though, the heavy emphasis of work which is directly or indirectly oriented towards the direction of irregularity, both potential and real. Thus, it is fair to state that the auditors degree of responsibility for fraud detection cannot at this moment be quantified; further, that tendencies to cover claims with insurance, to settle at any price, and to adopt untenable postures in letters, do not help matters.

Вам также может понравиться