The Audit Commission ( 2001 ) defined “ hazard ” as an event or action which will adversely impact an organisation ‘s ability to accomplish its aims and to successfully put to death its schemes. Hazard based auditing is a procedure, an attack, a methodological analysis and an attitude of head rolled into one. Besides, hazard based auditing is a methodological analysis or audit procedure that provide confidence to pull off hazards that may happen in an organisation. The hazard based scrutinizing starts by finding which country of the organisation that have the higher hazard of material misstatement that caused by either high inherent or control hazard and so suggests the most effectual internal controls and direction intervention in order to cut down or extinguish that hazard. The country which have lower hazard besides have to place every bit good to do certain that the hearer have the thought on which country to execute hazard based scrutinizing less.
In the other manus, the simplest manner to believe about risk-based audit conceptually is to set more audit attempt in the things that truly matter in an organisation. In the point of position of direction in an organisation, hazard direction is all about pull offing the menaces and chances within the organisation. They were believing that by pull offing the menaces efficaciously the organisation will be in a stronger place in the industry. Additionally, if the organisation manages their chances good, the organisation will be in a better place to supply improved services and better value for money.
However, there is job that may originate in making the hazard based scrutinizing which is when some of the top direction do non truly understand the construct of controls so that since they do n’t understand the nature of controls, they tend to see the demand for more controls as an unneeded extra load. Therefore, hazard based auditing is an development instead than a revolution, although the consequences obtained can be radical in their magnitude.
Hazard based auditing was ever refer to put on the line appraisal scrutinizing criterions whereby the aim of those criterions is to better the quality and effectivity of audits by well altering audit pattern. Statements on Auditing Standards no. 104-111 provide increased asperity to the audit procedure in a figure of cardinal countries including the appraisals of built-in and control hazards and the linking of these hazard appraisals to farther audit processs. However, the criterions besides stated that the hearer was prohibited “ defaulting to the maximal ” control hazard. OnA allA audits work, the hearer should measure the design and execution of internal control to place and measure hazard efficaciously.
2.0 Risk Management Framework
In order to guarantee that the hazard direction becomes the concern of direction and everyone in an organisation and that hazard direction patterns within the peculiar organisation, the top direction with the aid of internal hearers should fix a better model to steer them. Below are some illustrations of first-class hazard direction model comprised of four cardinal elements that may utilize in an organisation:
All operating activities and concern minutess within an organisation either bing or new operations should be assess in order to place material misstatements every bit good as emerging hazards, which may endanger the organisation in the stableness in the industry.
Any hazards that may happen in each of the new operation that proposed by an organisation shall be evaluate systematically in order to cut down and extinguish any possible exposure to the organisation. Besides, all the stuff hazards shall be evaluated either in quantitative or qualitative footing.
If the direction can pull off the hazard good, it will automatically minimise the losingss and optimise the chances. The designation and supervising the hazards is the duties of both top directions and accounting officers in an organisation.
All the detected high hazards that may happen in an organisation and any material alterations to the bing hazard profile must be reported to the Account in-charge so that he can do the alteration and cut down the hazards instantly.
If an organisation have a efficient and good hazard direction model as their counsel in pull offing the hazard in the organisation, it will assist the hearers to scrutinize and the hazard based auditing by looking at the hazard direction model and whether the whole organisation was practising it or non. Hearers play an oversight function on the hazard direction whereby the hearers have the duties to:
Rede the direction on the development, execution and reappraisal of the hazard direction model
Reappraisal of the Annual Financial Statements
Respond to any issues that raised by Auditor General
Carry out any probes into the fiscal personal businesss if there is any material misstatements of fraud detected
3.0 Role of audit commission in hazard based scrutinizing
The Audit Committee will move as the board that will guarantee whether effectual internal control agreements are in topographic point and supply a signifier of independent cheques from clip to clip on behalf by the top direction. The undermentioned lists are the lists on what can the audit commission can make in order to do certain that the internal control was in topographic point:
Reasoning upon the constitution and care of an effectual hazard direction and internal control across the whole of the administration ‘s activities that contribute to the organisation ‘s aims accomplishment.
Reviewing the adequateness of all hazard and control related revelation statements such as statement of internal control, external audit sentiment or any relevant independent confidence prior to endorsement by the board of managers.
Reviewing the adequateness of confidence procedures that indicate the grade of the accomplishment of strategic aims, the effectivity of the hazards direction and the dependability of the above revelation statements.
Ensure that the strategic hazards and operational hazards is reviewed at least four times in a twelvemonth to keep the effectivity of hazard direction.
4.0 The risk-based attack, ISA 200 provinces:
6. The hearer should carry on an audit in conformity with International Standards on Auditing.
11. In finding the audit processs to be performed in carry oning an audit in conformity with International Standards on Auditing, the hearer should follow with each of the International Standards on Auditing relevant to the audit.
14. The hearer should non stand for conformity with International Standards on Auditing unless the hearer has complied to the full with all of the International Standards on Auditing relevant to the audit. The hearer may, in exceeding fortunes, justice it necessary to go from a basic rule or an indispensable process that is relevant in the fortunes of the audit, in order to accomplish the aim of the audit. In such a instance, the hearer is non precluded from stand foring conformity with ISAs, provided the going is suitably document as required by ISA 230, “ Documentation ” .
15. The hearer should be after and execute an audit with an attitude of professional agnosticism recognizing that fortunes may be that cause the fiscal statements to be materially misstated.
37. The hearer should find whether the fiscal coverage model adopted by direction in fixing the fiscal statements is acceptable.
Risk-based audits require practicians to understand the entity and its environment including internal control. The intent is to place and measure the hazards of material misstatement of the fiscal statements. Because hazard appraisals require considerable professional judgement, this stage will probably necessitate the clip of the audit spouse and senior audit forces in placing and measuring the assorted types of hazard and therefore developing the appropriate audit response.
The risk-based audit ( RBA ) attack seeks to better audit effectivity and efficiency by switching the map from a policing activity to one that contributes efficaciously to pull offing hazard and accomplishing wider organisational ends. The attack aims to increase the answerability by guaranting transparence, formalizing cardinal systems of internal control, and perpetrating resources against cardinal hazards.
Some of the benefits of this attack are summarised as follows:
4.1 Time flexibleness for audit work
Risk appraisal processs can frequently be performed earlier in the entity ‘s financial period than was possible earlier. Because hazard appraisal processs do non affect the elaborate testing of minutess and balances, they can be performed good before the twelvemonth terminal, presuming no major operational alterations are anticipated. This can assist in equilibrating the work load of staff more equally throughout the twelvemonth. It may besides supply the client with clip to react to place and communicated failings in internal control and other petitions for aid before the beginning of year-end audit fieldwork.
4.2 Audit squad ‘s attempt focused on cardinal countries
By understanding where the hazards of material misstatement can happen in fiscal statements, the hearer can direct the audit squad ‘s attempt toward bad countries and off from lower-risk countries. This will besides assist to guarantee audit staff resources are used efficaciously.
4.3 Audit processs focused on specific hazards
Further audit processs are designed to react to assessed hazards. Consequently, trials of inside informations that merely address hazards in general footings may be significantly reduced or even eliminated. The needed apprehension of internal control enables the hearer to do informed determinations on whether to prove the operating effectivity of internal control. Trials of controls for which some controls may merely necessitate proving every three old ages will frequently ensue in much less work being required than executing extended trials of inside informations.
4.4 Communication of affairs of involvement to direction
The improved apprehension of internal control may enable the hearer to place failings in internal control such as in the control environment and general IT controls that were non antecedently recognised. Communicating these failings to direction on a timely footing will enable them to take appropriate action, which is to their benefit.
4.5 Save clip on audit undertaking
Besides, this may in bend save clip in executing the audit because the hearer spend clip merely on the higher hazard and execute audit processs tailored for the identified hazards of each single audit occupation.
4.6 Improved audit file certification
The ISAs topographic point a batch of accent on the demand to carefully document each measure of the audit procedure. Although this may add some extra cost at first, careful certification will guarantee that an audit file can stand by itself without the demand for any unwritten accounts of what was done, why it was done, or how the audit decisions were reached.
4.6 Leverage hearer ‘s cognition
Besides that, Risk Based Auditing able to leverage the experient hearer ‘s cognition of the client ‘s operations and experience in anterior audits to find the degree of confidence needed in important audit countries.
4.7 Management ‘s Audit Plan
It consequences in appropriate audit coverage program, which provide a route map for the direction of internal audit staff accomplishment so that they are available to transport out audits of appropriate range when they are needed the most.The hazard based internal audit consequence in a procedure oriented audit with a hazard direction position, which gives advice to direction on the measure to be taken for effectual hazard direction.
So, the benefit of hazard based auditing is that if the hearer had the cognition of client ‘s operations and experience in anterior audits to find the degree of confidence needed in important audit countries, the hearer will execute more efficient and effectual audit that specially focused on the high hazard countries.
5.0 RISK BASED AUDIT PLAN
The hearer should decently be after the audit of internal control over fiscal coverage and decently oversee the battle squad members. When be aftering an integrated audit, the hearer should measure whether the undermentioned affairs are of import to the company ‘s fiscal statements and internal control over fiscal coverage and, if so, how they will impact the hearer ‘s processs –
Knowledge of the company ‘s internal control over fiscal coverage obtained during other battles performed by the hearer ;
Matters impacting the industry in which the company operates, such as fiscal coverage patterns, economic conditions, Torahs and ordinances, and technological alterations ;
Matters associating to the company ‘s concern, including its organisation, runing features, and capital construction ;
The extent of recent alterations, if any, in the company, its operations, or its internal control over fiscal coverage ;
The hearer ‘s preliminary judgements about materiality, hazard, and other factors associating to the finding of stuff failings ;
Control deficiencies antecedently communicated to the audit committeeA 8/A or direction ;
Legal or regulative affairs of which the company is cognizant ;
The type and extent of available grounds related to the effectivity of the company ‘s internal control over fiscal coverage ;
Preliminary judgements about the effectivity of internal control over fiscal coverage ;
Public information about the company relevant to the rating of the likeliness of material fiscal statement misstatements and the effectivity of the company ‘s internal control over fiscal coverage ;
Knowledge about hazards related to the company evaluated as portion of the hearer ‘s client credence and keeping rating ; and
The comparative complexness of the company ‘s operations.
Risk appraisal underlies the full audit procedure described by this criterion, including the finding of important histories and disclosuresA andA relevant averments, the choice of controls to prove, and the finding of the grounds necessary for a given control.
A direct relationship exists between the grade of hazard that a stuff failing could be in a peculiar country of the company ‘s internal control over fiscal coverage and the sum of audit attending that should be devoted to that country. In add-on, the hazard that a company ‘s internal control over fiscal coverage will neglect to forestall or observe misstatement caused by fraud normally is higher than the hazard of failure to forestall or observe mistake. The hearer should concentrate more of his or her attending on the countries of highest hazard. On the other manus, it is non necessary to prove controls that, even if deficient, would non show a sensible possibility of material misstatement to the fiscal statements.
The complexness of the organisation, concern unit, or procedure, will play an of import function in the hearer ‘s hazard appraisal and the finding of the necessary processs.
A For intents of the audit of internal control, nevertheless, the hearer may utilize the work performed by, or have direct aid from, internal hearers, company forces ( in add-on to internal hearers ) , and 3rd parties working under the way of direction or the audit commission that provides grounds about the effectivity of internal control over fiscal coverage. In an incorporate audit of internal control over fiscal coverage and the fiscal statements, the hearer besides may utilize this work to obtain grounds back uping the hearer ‘s appraisal of control hazard for intents of the audit of the fiscal statements.
The hearer should measure the competency and objectiveness of the individuals whose work the hearer programs to utilize to find the extent to which the hearer may utilize their work. The higher the grade of competency and objectiveness, the greater use the hearer may do of the work. The hearer should use the rules underlying those paragraphs to measure the competency and objectiveness of individuals other than internal hearers whose work the hearer programs to utilize.
For intents of utilizing the work of others, competency means the attainment and care of a degree of understanding and cognition that enables that individual to execute competently the undertakings assigned to them, and objectiveness means the ability to execute those undertakings impartially and with rational honestness. To measure competency, the hearer should measure factors about the individual ‘s makings and ability to execute the work the hearer plans to use.A To measure objectiveness, the hearer should measure whether factors are present that either inhibit or advance a individual ‘s ability to execute with the necessary grade of objectiveness the work the hearer programs to utilize.
The hearer should non utilize the work of individuals who have a low grade of objectiveness, irrespective of their degree of competency. Likewise, the hearer should non utilize the work of individuals who have a low degree of competency regardless of their grade of objectiveness. Forces whose nucleus map is to function as a testing or conformity authorization at the company, such as internal hearers, usually are expected to hold greater competency and objectiveness in executing the type of work that will be utile to the hearer.
The extent to which the hearer may utilize the work of others in an audit of internal control besides depends on the hazard associated with the control being tested. As the hazard associated with a control increases, the demand for the hearer to execute his or her ain work on the control increases. In be aftering the audit of internal control over fiscal coverage, the hearer should utilize the same materiality considerations he or she would utilize in be aftering the audit of the company ‘s one-year fiscal statements.
Auditing criterions such as ISA, 315 and 330 require that planned hearer attempt be in response to the hearer ‘s appraisal of client hazards. Furthermore, state may indirectly impact audit planning determinations by chairing the relationship between the hearer ‘s client hazard appraisals and planned hearer attempt. For illustration, an hearer in a more litigious environment might react by be aftering for more hours at higher client hazard appraisals. Alternatively, an hearer of a private sector client could put more weight on certain hazards ( e.g. solvency hazard ) compared to an hearer of a public sector client ( e.g. a authorities section that receives a guaranteed parliamentary appropriation ) .
Furthermore, in order to implementing and using this criterion in pattern was a great challenge for many houses since that they have the trouble associating their internal control work to the substantial processs and other facets of the battle, happening sufficient benefit to warrant the increased audit costs that result from the stricter criterion and finding how to measure the effectivity of internal control design.