Public Sector Audit

“The Responds to Solve Non-Covered Risk”

By
Krisnawan Mustaqim Saputra (14312208)
Patria Dani Wijaya
I. AUDIT RISK
Risk is the potential of gaining or losing something of values. Risk is an uncertain
event or condition that, if it occurs, has an effect on at least one objective. The
International Organization for Standardization publication ISO 31000 (2009) / ISO Guide
73:2002 definition of risk is the 'effect of uncertainty on objectives'. In this definition,
uncertainties include events (which may or may not happen) and uncertainties caused by
ambiguity or a lack of information. It also includes both negative and positive impacts on
objectives. Many definitions of risk exist in common usage, however this definition was
developed by an international committee representing over 30 countries and is based on
the input of several thousand subject matter experts.

There is so many risk but in here we only will explain risk (covered and non-
covered) in Public Sector Audit. An audit is the examination of the financial report
of an organization - as presented in the annual report - by someone independent of
that organization. The financial report includes a balance sheet, an income
statement, a statement of changes in equity, a cash flow statement, and notes
comprising a summary of significant accounting policies and other explanatory
notes. The purpose of an audit is to form a view on whether the information
presented in the financial report, taken as a whole, reflects the financial position of
the organization at a given date. When examining the financial report, auditors
must follow auditing standards which are set by a government body. Once auditors
have completed their work, they write an audit report, explaining what they have
done and giving an opinion drawn from their work. Generally, all listed companies
and limited liability companies are subject to an audit each year. Other
organizations may require or request an audit depending on their structure and
ownership.

So audit risk is ‘The risk that the auditor expresses an inappropriate audit opinion
when the financial statements are materially misstated. Audit risk is a function of
material misstatement and detection risk.’ (IAASB). Audit risk is fundamental to the
audit process because auditors cannot and do not attempt to check all transactions.
Students should refer to any published accounts of large companies and think
about the vast number of transactions in a statement of comprehensive income
and a statement of financial position. It would be impossible to check all of these
transactions, and no one would be prepared to pay for the auditors to do so, hence
the importance of the risk‑based approach toward auditing. Traditionally, auditors
have used a risk-based approach in order to minimise the chance of giving an
inappropriate audit opinion, and audits conducted in accordance with ISAs must
follow the risk‑based approach, which should also help to ensure that audit work is
carried out efficiently, using the most effective tests based on the audit risk
assessment. Auditors should direct audit work to the key risks (sometimes also
described as
II. Type of Risk
1. Residual Risk
Residual Risk is the risk left over after your proposed solution has been
implemented. Automobile insurance for the example: protects you against the
financial impact of being in an accident but not against all of it. If you have say a
$700 deductible, you carry the residual risk of having to pay up to $700 in the
event of accident. The amount is residual risk.
There’s more residual risk: the policy normally excludes certain events
from its coverage. If the residual risk is small enough, you may decide to accept
it. If the risk is large, you may want to modify your proposed solution, add
additional risk responds to address the residual risk, or is some cases throw-out
that solution and move to the different one.
2. Secondary Risk
Secondary risk is a new risk created by your proposed response to the
original risk. Managing secondary risk doesn’t mean throwing out the primary
risk. As with residual risk, if the secondary risk is small enough, you may decide
to accept it. If the risk is large, you may want to change your proposed or
modify the proposed solution, add additional risk response to address the
secondary risk, or in some cases throw out that solution and move to the
different one.

III. Managing the Risk

Over recent years, companies have become much more aware of the need to
manage their exposure to all forms of risk from an enterprise-wide perspective.
Many multinationals have appointed chief risk officers to manage these exposures.
More generally, it is the treasurer who performs the chief risk officer’s role and has
responsibility for managing financial risk. The insurance market offers some
opportunities for the risk officer to transfer or limit risk. This article examines some
of the changes in the insurance market that affect the way that companies can
manage risk.

1. Risk appetite

Every company, in every industry, faces a certain amount of risk and uncertainty. It
is the role of each company’s board to decide what level of risk it is prepared to
accept. This risk appetite varies from industry to industry and, within each industry,
from company to company.Every company will assume a certain amount of risk.
Some risk is unavoidable. Indeed, there are very few occasions when a business can
earn a reward without accepting risk.
 When examining a company’s risk profile, the risk manager needs to be able to
distinguish between:

 Risks that can earn reward and those for which there is no reward-earning
potential, and between
 Acceptable and unacceptable risk.

In an ideal world, the company will only assume acceptable risks that can earn
reward. The risk manager will try to protect against both the risks that do not offer
reward, for example public liability, and business risks that are deemed to be
greater than the company is prepared to take. We will look at these in turn.

2. Risk but No Return

Companies need to take risks in order to earn rewards. For instance, every time
a company makes a sale on credit terms, there is counterparty risk, which is the risk
that payment will not be received in return for the goods being sent. Without this
exposure to counterparty risk, there is no sale and no sales revenue.

However, many of the risks that companies face in the course of their normal
daily business do not offer the opportunity to earn revenues. These risks range
from standard property and casualty risk (the risks of fire or workplace injury, for
example) to the threats posed by terrorism and severe natural events, such as
hurricanes or earthquakes. If the risk event does occur, then the company will face
the cost of the event itself, for example to rebuild after a fire, plus the cost of any
business interruption, including the risk that customers will go elsewhere.

These risks are usually managed by the purchase of traditional insurance. In

some cases, this is compulsory. For example, employee liability insurance is
compulsory in the UK. In addition, over recent years, new products, such as
catastrophe (‘cat’) bonds and weather derivatives have been developed as an
alternative to traditional insurance.

3. Unacceptable Risk
Having drawn the distinction between those risks that offer reward and those
that do not, the risk manager then has to ensure that the company is only assuming
the risks that are consistent with its risk appetite. This will be done in a variety of
ways. For treasurers, the risk appetite of the company should be reflected in the
treasury policy, which should also have board approval. Similar policies should also
exist for other departments within the company, which will state, for example, the
nature of any credit checks that should be conducted before credit is extended to
any customers.

In contrast to the first distinction, a company should not assume any risk that it
considers to be unacceptable. In principle, this should be straightforward. The
company will not commit itself to transactions or contracts that expose it to more
risk than it is prepared to accept. In practice, it is difficult to determine the precise
point at which an acceptable risk becomes unacceptable, particularly when more
complex products are used. This means that the company is potentially exposed to
what it would regard as unacceptable risk. These risks are usually managed via the
implementation of appropriate policies and operating procedures, backed by legal
agreements.

4. The Role of Insurance

Traditionally companies have used insurance to transfer the risks that they do
not want to assume. So, for example, most companies will have some form of
insurance against fire damage. The company will pay a premium to an insurance
company and, in return, it will receive a payout in the event of a fire. Risks covered
by this form of insurance will include general property and casualty insurance.
In addition, in many jurisdictions, companies are required to have certain types
of liability insurance. These would be both a general public liability insurance,
perhaps as cover against injury suffered by a customer, and employee liability
insurance, as cover against accidents or injury in the workplace.
Where insurance cover is mandatory, there is often a requirement that this can
be shown to be provided by a registered insurance company. For example,
companies in the UK have to display their certificate of employee liability cover,
which must have been issued by a company registered with FSA to provide
insurance business.

5. The Role of Treasurer

Many of the other risks faced by a company are financial risks – interest rate,
currency and credit risks. In most companies, the responsibility for managing these
risks falls squarely on the treasurer’s desk. Where it does not, for example in a
highly decentralised company, the local subsidiaries will manage the risk on the
advice of the treasury team.
As well as the management of financial risk, corporate treasurers may have
responsibility for the management of all insurance within their company, including,
for example, motor and property insurance. In these companies, bringing the
responsibility for managing all forms of corporate risk together is seen as adding
value to the company as a whole. This recognises that treasurers are responsible
for identifying, measuring and managing financial risk and that these skills can be
transferred and used to identify, measure and manage enterprise-wide risk.
IV. Conclusion
Base on the data that already explain before, we can conclude the respond to
solve non-covered risk is using the third party or in this case is insurance institution
or company. To solve the non-covered risk we can use transfer method which the
risk that can-not covered will be transfer to insurance institution or company that
have capability to solve and manage the risk.